Skip to main content
Please enter a legal issue and/or a location
Begin typing to search, use arrow keys to navigate, use enter to select

Find a Lawyer

More Options

Mitigating Cyber Risks

By Peter Clarke, JD on June 30, 2015 | Last updated on March 21, 2019

FindLaw columnist Eric Sinrod writes regularly in this section on legal developments surrounding technology and the Internet.

Let's face it, the Internet can be a scary place from a risk standpoint. Indeed, it seems that on practically a daily basis we hear about a massive security breach and the theft of sensitive and personal data.

So, what are companies to do to mitigate cyber risks? Of course, they should employ the best in class technologies that are designed to block cyber intrusions and attacks. They also should implement and enforce cyber security company-wide policies.

Still, such technologies and policies never are perfect in terms of creating a silver bullet against all cyber risks. Accordingly, what else can companies do to cover Internet perils?

They can procure cyber-insurance. While insurance has been around for hundreds of years, cyber-insurance relatively is young -- about fifteen years old.

When cyber-insurance first came to market in its infancy, it was an immature product. Assessment of Internet risks was just beginning, and cyber-insurance policies varied widely in terms of coverage, exclusions, and price.

Since that beginning, there has been more experience with Internet risk assessment, and cyber-insurance has progressed with some greater uniformity. Nevertheless, companies seeking to procure cyber-insurance carefully should consider the specific types of cyber risks they face and from there they should seek specific or tailored coverage for those risks.

Given that Internet risks are still unfolding and evolving, insurers themselves want to mitigate their exposure when it comes to issuing cyber-insurance. They may insist on certain exclusions, they can set premiums at a high level, and they may make sure to have reinsurance in place.

That being said, cyber-insurance is valuable in backstopping companies' technological and company policies in seeking to thwart Internet threats.

Hopefully, more companies will move forward on all three fronts.

Eric Sinrod (@EricSinrod on Twitter) is a partner in the San Francisco office of Duane Morris LLP, where he focuses on litigation matters of various types, including information technology and intellectual property disputes. You can read his professional biography here. To receive a weekly email link to Mr. Sinrod's columns, please email him at with Subscribe in the Subject line. This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author's law firm or its individual partners.

Related Resources:

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.

Or contact an attorney near you:
Copied to clipboard