Does Your Firm Need Cyber Insurance?
Lawyers are often asked to safeguard sensitive information, but their ability to do so can be undermined by weak cybersecurity and determined hackers. Should a firm's security be breached, cyber insurance may help protect against subsequent losses.
Cyber insurance is a growing industry, bringing in more than $2 billion in premium payments in 2014. Major players in both cyber security and insurance have begun to focus on this niche market, with former U.S. homeland security chief Tom Ridge joining recently with Lloyd's of London to create a cyber insurance company, as the Financial Times reports. Yet, as with all insurance policies, terms and conditions can vary greatly from policy to policy.
Understanding the Risks of Data Breaches and Cyber Crimes
It's not just household names like Sony Pictures and Target that are being, ahem, targeted by hackers. Even small law firms are being attacked by hackers, who seek to overcome protections placed on email, smart phones, and firm networks. A data breach can open one up to serious losses and liabilities.
According to the National Association of Insurance Commissioners, the risks of a data breach include identity theft, business interruption from a downed network, damage to a firm's reputation, theft of digital assets, costs of credit monitoring after a security breach, and of course, attendant litigation over breaches.
What May be Covered Under a Cyber Insurance Policy
A cyber insurance policy should be tailored to meet the holder's specific needs and supplement any gaps in their existing insurance coverage. Policies may include coverage for liability relating to security breaches, the costs associated with a breach, such as support and monitoring services, expenses stemming from business interruption, reputational damage or regulatory compliance.
Insurers may also want to know a potential customer's existing risk management plans and may want suggest or require improvements in security measures.
The Devil is in the Details, Of Course
The details of a cyber insurance policy, like any insurance, should be examined carefully. Some policies will limit coverage when the policy holder has allegedly been negligent. No one knows this better than Target, who lost almost $150 million as a result of its data breach but was only able to recover only $38 million from its insurer.
Related Resources:
- Companies Worried About Hackers Turn To Cyber Insurance (NPR)
- Lawyers Must Do More to Protect Cybersecurity (FindLaw's Technologist)
- 5 First Steps to Take If Your Business Gets Hacked (FindLaw's Free Enterprise)
- Hacking Continues: European Central Bank Is the Latest Victim (FindLaw's Technologist)