Posted by: Brandon King and Rachelle (Shelley) Glazer
In the Cyber Roundtable hosted yesterday by Thompson & Knight, TK partner Rachelle (Shelley) Glazer spoke with Aarti Soni, McGriff’s Cyber Director, about industry trends and potential pitfalls for the unwary. Some highlights from the conversation:
Market Trends. Cyberattacks—and the notoriously high losses resulting therefrom—are on the rise. So too is the demand for coverage, as companies increasingly realize the necessity of cybersecurity insurance policies. The high losses, proliferation of attacks, and high demand for coverage have resulted in the hardening of the cybersecurity insurance market: more stringent underwriting, higher premiums, and reduced capacity for carriers. Companies looking to switch carriers or establish a new policy are well advised to note the state of the market and plan ahead.
Attention to Policy Language. The nature of cyberattacks and the costs necessary to remediate losses are constantly evolving. As a result, there may be gaps in coverage. For example, in responding to a breach, costs are often incurred in paying for legal fees, forensic experts, and public-relations management. But some policies might not include coverage for all three (and they should), or many limit coverage unnecessarily, and some policies may grant the carrier exclusive power in determining the relevant firms. Aarti and Shelley underscored the importance of naming your breach counsel, forensic experts, and public relations firm in the policy by endorsement at the placement stage. Policyholders should review their insurance agreements to confirm that coverage is available for alleged violations of BIPA (Biometric Information Privacy Act) and similar privacy laws regulating the use of biometric data. In addition, Shelley and Aarti discussed the importance of reviewing policy exclusions and negotiating for carve backs to those exclusions to obtain the desired coverage.
“Must Haves.” Shelley and Aarti also discussed some “must haves” for cybersecurity insurance, including third and first party coverage. First-party coverage will deal with the insured’s own losses resulting from a cyber attack (incident response, business interruption, data restoration, etc.), while third-party coverage concerns the insured’s liability to others resulting from a breach or cyber event (privacy, security, media liability). Given the complex nature of cyber breaches and the often sensitive nature of information at issue, companies should ensure their policies contain comprehensive coverage for both third and first party losses. Additionally, Aarti weighed on other important features, including coverage for bricking (when a device is rendered physically unusable after a cyberattack), reputational harm, and involuntary shutdown.
TK Trial Attorneys Brandon King and Shelley Glazer are available to review and analyze your cyber policies. TK’s cybersecurity counsel, including Justin Cohen, Mike Titens, Steve Stein, and Craig Carpenter, are available to help companies prepare for and respond to cyber incidents.
See the full conversation here.
Comments