At Berman Fink Van Horn P.C. we just completed a full-scale review of our Cyber Insurance Policy.
We have had Cyber Insurance for a few years but our recent full-scale review was in part based on a meeting I attended at which Suzanne E. Spaulding spoke about cyber security. Suzanne is the Former Under Secretary for Cybersecurity and Infrastructure Protection, U.S. Department of Homeland Security. She encouraged all of the attendees to investigate Cyber Insurance for their business.
A business cannot guarantee that it will not be attacked, but if it is the business needs to be in the best position to move forward to deal with the attack and all of the related issues. When you investigate Cyber Insurance, pay special attention to the following:
(i) Is the policy tailored to a business that caters to consumers or to other business? Most are tailored to consumers. If you have a business, be sure the policy is tailored to your business.
(ii) Are mobile and personal devices covered? Be sure the policy extends to devices outside your office. (iii) Does the policy cover only a “failure of the system” or does it include a “breach of the system?” Many only cover a failure, not just a breach.
(iv) Is the policy a claim made and discovery based policy or an occurrence based policy? Require a claims made and discovery based policy. It is possible that a breach occurred in the past but does not show until months or years later. Be sure you have coverage when you need it.
(v) Do you have the right to choose your own attorney to represent you in the event of a breach or must you use an attorney assigned by the insurance company? You want an attorney with experience in the cyber arena. Also be sure the following losses, costs and expenses are covered:
– Cyber Incident Response Expenses;
– Business Interruption Loss;
– Contingent Business Interruption Loss;
– Digital Data Recovery Costs;
– and Extortion Expenses. Also, pay special attention to the exclusions to see what is not covered.