Negotiating Cyber Insurance
Focus on Worldwide Best Practices
As if the risk of cyber attack on many different industries, ranging from financial, retail, hospitals and even law firms was not significant enough, many victims have found that they have been hit by a double whammy: inadequate insurance coverage.
As one general counsel said, we thought we had insurance, but property, professional liability and business disruption insurance turned out not to cover the full range of liability for a cyber hack, particularly on a worldwide basis.
The Emerging & Frontier Markets Association, Cyber Insurance Institute, will conduct a very special webinar: Negotiating Cyber Insurance, with a focus on worldwide best practices.The program will take place on March 1 at 11:00 AM EST and will last for 2 hours.
“Companies suffer an average of 17 malicious attacks and 12 sustained probes on a monthly basis,” said Gary Brown, the conference organizer. “In fact there was a major attack from the Internet of Things during October 2016. In October, this distributed denial-of-service attack left hundreds of websites unreachable, including Twitter and Netflix. ”
Brown also notes that coverage often does not extend to a worldwide territory or to violations of the EU’s General Data Protection Regulation (GDPR).
According to Steve Raptis, a panelist at the webinar and a partner in the Washington, D.C. office of Manatt, Phelps & Phillips, “Although cyber coverage is a relatively new product in the insurance marketplace, there are now roughly 50 insurance carriers that offer it, although the amounts of coverage available often are limited.”
These policies are sold under a number of different names, including “cyber risk,” “information security,” “privacy,” and “media liability” coverage. Unlike other types of insurance, there is no standard form on which the insurance industry as a whole underwrites cyber coverage.
“While this provides some challenges to buying coverage, especially for the uninitiated,” Raptis added, “it often provides more room for negotiation of the terms of cyber policies than many other types of coverage.”
Most cyber policies currently in the marketplace offer some combination of traditional liability coverage protecting against claims by third parties, and first-party coverage protecting against losses suffered by the insured.
There also are important terms and conditions of cyber policies that can have a significant impact on available coverage. While no company can reasonably expect to secure every available component of coverage, awareness of differences among the policies being offered is critical to maximizing premium dollars spent.
Most companies with cyber insurance policies have payout limits of $10 million to $25 million, according to a survey by Aon. Large companies can buy policies with limits above $100 million, to as high as about $500 million. While most big U.S. companies have purchased cyber insurance, coverage remains scant among small businesses and outside the U.S.
“ As data breach incidents and related cyber risks increase and gain publicity,” said Brown, “and as government agencies become more actively involved in policing the corporate response, companies need to take a close look at the protections provided by cyber risk insurance policies.”
The webinar will focus on the important terms and conditions of cyber policies that can have a significant impact on available coverage.
The program will take place on March 1 at 11:00 AM EST and will last for two hours. For more information click here.