J. Wylie Donald is an Insurance Coverage Partner at McCarter & English, where he represents commercial policyholders nationwide in disputes with carriers and is a member of the firm’s Cybersecurity & Data Privacy Task Force. He frequently blogs, writes, and speaks on insurance coverage related to the major business and societal issues of our time: cybersecurity and data breaches, Ebola, other viruses and pathogens, climate change, and other issues.
What are some of the things that a company’s risk manager must do immediately when a data breach occurs?
“Summon the forensics expert, direct the IT team to pivot all systems to secure mode, and ensconce the public relations team at company headquarters.
Less obvious, but just as important, is handling the insurance coverage layer, which can pay for all of the above, plus notice letters to compromised customers, fines levied by the FTC and lawyers to defend the identity-theft claims that have flooded in.
With cybersecurity insurance coverage – as with many other reactions to a breach – much of successfully addressing the breach depends on preparation; it’s what you do beforehand that sets the table for a successful claim and recompense, or uncompensated, heavy financial losses.
Insurance companies have long taken the positions that a loss of personally identifiable information does not constitute property damage under liability policies. Nor, carriers argue, is there physical damage under a property policy. Further, there is likely to be an express exclusion tacked on for cyber risks. So relying on your general liability and property policies without evaluating cyber risks and existing coverage, and considering modifications, is foolish.
Consider whether your main concerns are identity theft, loss of trade secrets, breach of confidentiality agreements, or some combination thereof. Then perform a cost-benefit analysis of how likely those losses are and what they will cost you. Then negotiate appropriate cyber coverage and be acutely aware what is covered in your policy, in your cloud provider’s policy and your counterparties’ policies. When the time comes and the breach occurs, immediate notification of your carrier and insurance broker is essential. Then, in conjunction with your broker and in-house and outside attorneys, ride herd on the carrier to make sure it provides what it bargained for.”