Insights
Publications

Keeping Up With the Risks and Protections of Cyber Insurance

11/7/2018 Blog

An obscure niche product less than a decade ago, cyber insurance is now a staple of many companies’ risk transfer programs. Its rise in prominence is no wonder. High-profile data breaches have caused businesses millions of dollars in losses and untold reputational harm. Companies are right to shed some of their cyber risks through insurance, and the basic protections it offers are well known. It pays for the business’s investigation and notification to consumers of data breaches, and it defends against ensuing class action lawsuits and regulatory actions.

As valuable as these basic coverages are, companies should carefully consider and address their risks beyond them. Those that fail to do so may leave some of their biggest risks uncovered.

Cyber insurance is not an off-the-shelf product; there is no standard form. Dozens of insurers sell it, each using its own proprietary language. And the market is evolving rapidly to keep up with the risk environment’s shifting sands. Thus, simply renewing last year’s policy will not provide the cutting-edge protection available today. Like other contracts that a business signs, a proposed cyber insurance policy must be scrutinized and negotiated to meet the business’s unique needs. And the challenges in this area require a group effort that pulls in personnel and resources not just from the finance or risk management departments, but also IT, Legal and others.

Two areas of cyber insurance are seeing particularly rapid change and uncertainty: coverage for exposures relating to the European Union’s General Data Protection Regulation (GDPR) and business interruption coverages. Broad coverage is ostensibly available for GDPR risks, but its enforceability under applicable law is in question. Business interruption coverages are increasingly addressing the interconnectedness and complexity of computer systems in the age of the cloud, where one system’s downtime can affect many other companies’ operations.

Continue reading on Policyholder Perspective blog.

Firm Highlights

Publication

“That Particular Part” – Yet More

Massachusetts Appeals Court Gets It Right – Mostly Hot on the heels of the Federal Tenth Circuit Court of Appeals’ decision in MTI, Inc. v. Employers Insurance Company of Wausau , __ F.3d __...

Read More
Publication

Reimbursement of Employment-Related Expenses Is Not a “Wage and Hour” Claim Within the Meaning of EPLI Exclusion

A recent California appellate court decision found that a wage and hour exclusion in an Employment Practices Liability Insurance (“EPLI”) policy did not bar coverage for claims under California Labor Code sections 2800 and...

Read More
Publication

California Supreme Court Ruling Clarifies That the Notice-Prejudice Rule Is a Fundamental Public Policy That May Override Choice of Law Provisions

In  Pitzer College v. Indian Harbor Insurance Company , the California Supreme Court resolved two previously open questions in insurance law: (1) it concluded that the notice-prejudice rule [1]  is a fundamental public policy...

Read More
Publication

Insurance for the Cannabis Industry Program Takeaways

I recently moderated a Bar Association of San Francisco Insurance Section program co-sponsored with the Cannabis Law Section. The program highlighted recent changes to local insurance requirements and market availability of coverage for cannabis...

Read More
Publication

3 Lessons For Calif. Insureds From Late-Notice Rule Decision

In Pitzer College v. Indian Harbor Insurance Company ,[1] the California Supreme Court resolved two previously open questions in insurance law: (1) it concluded that the notice-prejudice rule[2] is a fundamental public policy of...

Read More
Publication

Are Losses Resulting from Phishing Incidents Covered by Crime Policies Insuring Against Computer Fraud?

It is an all-too-common dilemma. As phishing schemes have become more prevalent and more sophisticated, businesses of all sizes have fallen victim to these attacks where a fraudster will use a spoofed email or other...

Read More
Event

WSJ Pro Cybersecurity Symposium

Tyler Gerking will be speaking at the WSJ Pro Cybersecurity Symposium session, "The Role of Cyber-Insurance." Details: How much should you buy, what does it cover and how does it fit with an overall...

Read More
Publication

INSIGHT: California Ruling in Wage-Hour Coverage Suit Offers Employers a Defense Hook

Wage-and-hour exclusions are common in EPLI policies, frequently with defense-only sub-limits that are woefully inadequate. Farella Braun + Martel LLP’s Shanti Eagle looks at a recent decision adding an avenue to establish or expand...

Read More
Publication

Damages for Permit Revocation Constitute Covered “Loss of Use”

Insurers often claim “economic damages” are not covered under a standard commercial general liability (CGL) policy.  The Fourth District Court of Appeal’s decision in Thee Sombrero, Inc. v. Scottsdale Ins. Co., 28 Cal. App...

Read More
News

Farella Braun + Martel Ranked Among “Best Law Firms” by U.S. News & World Report and Best Lawyers

Read More