As costly data breaches and hacking attacks make international headlines, hefty regulatory fines are levied, and the Securities and Exchange Commission (SEC) advises public companies to review the adequacy of their disclosures relating to cyber security risks and cyber incidents, insurance policies covering cyber security exposures — so called “cyber insurance” — are starting to gain more and more prominence. In fact, the SEC notes that a company’s disclosure may include a description of relevant insurance coverage. While cyber insurance is not a replacement for diligent in-house data security policies and procedures, prudent businesses should seriously consider it as part of their risk management program.
Despite the increasing awareness of cyber and privacy risks and perils, questions abound about the coverages available under cyber insurance policies and how those policies relate to more traditional coverage forms. Since virtually every entity, regardless of size, faces some sort of cyber risk, it is incumbent on entities to examine their cyber vulnerabilities and assess how they can best protect themselves from cyber liabilities.