By The Emerging & Frontier Markets Association, Cyber Insurance Institute
As if the risk of cyber attack on many different industries, ranging from financial, retail, hospitals and even law firms was not significant enough, many victims have found that they have been hit by a double whammy: inadequate insurance coverage and a cyber incident.
The adequate insurance issue is even more important when one considers international problems. Will your policy cover global liability such as new EU rules? Where are the gaps created by your current insurance coverage?
As one general counsel said, we thought we had insurance, but property, professional liability and business disruption insurance turned out not to cover the full range of liability for a cyber hack, particularly on a worldwide basis.
The Emerging & Frontier Markets Association, Cyber Insurance Institute, will conduct a very special webinar: Negotiating Cyber Insurance, with a focus on worldwide coverage. The program will take place on March 1 at 11:00 AM EST and will last for 2 hours.
Gary Brown, the conference organizer, notes that “Companies suffer an average of 17 malicious attacks and 12 sustained probes on a monthly basis. In fact there was a major attack from the Internet of Things during October 2016. The Internet of Things are internet-connected household devices from thermostats to watches to videogame consoles that hackers can use to store malicious software or conduct attacks. In October, this distributed denial-of-service attack left hundreds of websites unreachable, including Twitter and Netflix ”
Brown also notes that coverage often does not extend to a worldwide territory or to violations o the EU’s General Data Protection Regulation (GDPR).
According to Steve Raptis, a panelist at the webinar and a partner in the Washington, D.C. office of Manatt, Phelps & Phillips, “Although cyber coverage is a relatively new product in the insurance marketplace, there are now roughly 50 insurance carriers that offer it (although the amounts of coverage available often are limited).
These policies are sold under a number of different names, including “cyber risk,” “information security,” “privacy,” and “media liability” coverage. Unlike other types of insurance, there is no standard form on which the insurance industry as a whole underwrites cyber coverage.
While this provides some challenges to buying coverage, especially for the uninitiated, it often provides more room for negotiation of the terms of cyber policies than many other types of coverage.”
Most cyber policies currently in the marketplace offer some combination of traditional liability coverage protecting against claims by third parties, and first-party coverage protecting against losses suffered by the insured.
There also are important terms and conditions of cyber policies that can have a significant impact on available coverage. While no company can reasonably expect to secure every available component of coverage, awareness of differences among the policies being offered is critical to maximizing premium dollars spent.
Most companies with cyber insurance policies have payout limits of $10 million to $25 million, according to a survey by Aon. Large companies can buy policies with limits above $100 million, to as high as about $500 million. While most big U.S. companies have purchased cyber insurance, coverage remains scant among small businesses and outside the U.S.
According to Brown, “ As data breach incidents and related cyber risks increase and gain publicity, and as government agencies become more actively involved in policing the corporate response, companies need to take a close look at the protections provided by cyber risk insurance policies.”
The Webinar will focus on the important terms and conditions of cyber policies that can have a significant impact on available coverage.
Stephen Raptis (Manatt, Phelps & Phillips, LLP)
Steve Raptis has two decades of experience handling complex insurance claims on behalf of commercial policyholders.
Daniel Garrie (Law & Forensics LLC) He is the editor in chief of the Journal of Law & Cyber Warfare, a fellow at the Ponemon Information Privacy Institute, and is on the Board of Advisors of several cybersecurity and technology start-ups.
Gamelah Palagonia (Willis Towers Watson) Gamelah is a Senior Vice President with over 25 years of risk management and insurance experience.
Jeffrey Batt (Marsh) Jeffrey is a Vice President in Marsh’s Cyber Practice / Cyber Center of Excellence, a national team of specialists. In this capacity, he develops cyber risk management and transfer solutions for large domestic and global corporations.
To Sign Up for Webinar