Share

Bankruptcy, Restructuring & Litigation
Blockchain, Smart Contracts & Digital Currencies
Business Litigation
Cannabis
Coronavirus Resource Center
Corporate
Crisis Management
Cybersecurity & Data Privacy
Delaware Corporate, LLC & Partnership Law
Design, Fashion & Luxury
E-Discovery & Records Management
Energy & Utilities
Environment & Energy
Financial Institutions
Food & Beverage
Government Affairs
Government Contracts & Global Trade
Government Investigations & White Collar Defense
Healthcare
Hospitality
Immigration
Impact Investing
Insurance Recovery, Litigation & Counseling
Intellectual Property
Labor & Employment
Life Sciences
Manufacturing
Products Liability, Mass Torts & Consumer Class Actions
Public Finance
Real Estate
Renewable Energy
Sports & Entertainment
Tax & Employee Benefits
Technology Transactions
Transportation, Logistics & Supply Chain Management
Trusts, Estates & Private Clients
Venture Capital & Emerging Growth Companies
Search By:

3.16.2015

With insurers phasing out coverage for data breaches and other cyber-related risks from traditional policies, policyholders are increasingly turning to specialty cyber insurance products to protect themselves. However, standalone cyber insurance policies offer widely varied coverage, and the market is still a veritable “Wild West,” according to attorneys.

Here, attorneys share tips for insureds to get the most out of specialty cyber policies.

Know Your Limits and Sublimits

Purchasing a cyber policy with adequate limits and sublimits is crucial for policyholders to shield themselves against the full range of cyber risks, attorneys say.

“Do not get comfortable with only a policy’s aggregate limits,” said Sherilyn Pastor, the practice group leader for McCarter & English LLP’s insurance coverage group. “Negotiate sublimits and co-insurance amounts, particularly those related to notification costs and crisis management expenses, so your business has the coverage it needs for risks specific to it.”

Cyber policies can be “chock full” of sublimits for certain types of events or types of losses, Pastor said. A policy may include lower sublimits for costs associated with the initial response to a data breach — such as forensic analysis, notification letters and public relations — and a higher sublimit for costs tied to ensuing class action litigation, according to attorneys.

Negotiate, Negotiate, Negotiate

Policyholders should also beware policy conditions that are “vague and subjective,” such as requirements for maintaining “reasonable” data security measures, Pastor said.

“What is viewed as ‘reasonable’ at the time an insurance policy is placed may be later challenged with the benefit of 20/20 hindsight and as technology becomes obsolete,” she said.

Make It Retroactive

Companies should negotiate for favorable retroactive dates to ensure that a cyber policy covers losses arising from undiscovered breaches that occurred prior to a policy’s purchase, Pastor said. Carriers will offer retroactive coverage for claims made during the policy period for incidents that occurred one, two, five or 10 years before the policy was placed, she noted.

In addition, because hackers can strike from anywhere in the world, companies should ensure that a cyber policy’s coverage territory is universal, according to attorneys.

“If your policy’s coverage territory is limited, you could find yourself without coverage if a hacker carries out an attack from some remote location, or the breach happens while using Wi-Fi on an airplane,” Pastor said.