Cyber security breaches impose significant costs on affected businesses that can materially affect their finances and reputation. Such costs include expenses related to various federal and state law breach notification requirements, as well as significant civil liability and regulatory fines. Now more than ever, stakeholders in businesses that handle a significant amount of personal identifying information, or hold key trade secrets, must educate themselves about the threat of a potential cyber security breach, as well as the tools available to help mitigate that threat.
Any response to this potential threat should include a review of the degree to which the risks of a cyber security breach are covered by the various insurance policies held in a business’ insurance portfolio. Such a review should address whether all operational, legal and regulatory risks have been identified; whether everyone who needs to be, whether inside or outside the business, is covered (for example, cloud providers and various other vendors and third-party service providers); whether policy language creates unintended exclusions or gaps in coverage; and whether all first party and third party costs associated with such a breach are addressed. First party coverage addresses theft and fraud, forensic investigation costs, business interruption, extortion and computer data loss and restoration, while third party coverage addresses litigation and regulatory expenses, notification costs, crisis management and public relations costs, credit monitoring, privacy liability and media liability.
We encourage businesses to carefully review with their respective insurance and legal advisors the terms of their existing insurance coverage to help gauge their readiness to respond to a cyber security breach. If you have questions about your organization’s cyber security insurance coverage, or that of your vendors and third-party service providers, contact a member of the McGrath North Privacy and Data Security Group.