Cyber-insurance: Mitigating the dreaded Friday night phone call

Why cyber-insurance may be necessary and the difference between different coverages

Every in-house counsel dreads the telephone call on a Friday evening that starts with the words “I’m glad I found you.” That’s especially true if that telephone call informs the in-house counsel about the newly terminated IT department employee who was able to access the company’s confidential data systems 30 minutes before his access was deactivated. At that point, in-house counsel knows she is in for a long weekend and weeks or months of investigation, mitigation and possibly recriminations. Of course, there are two more questions that may be forgotten in this moment of crisis but will be asked soon enough: “How much will the investigation and remediation cost?” and “Who pays?”

Add to our example an additional twist: Our in-house counsel breathes a sigh of relief when she is told that the company’s security team has determined that the ex-employee introduced a virus that was intended to damage the company’s systems but that it failed to do any damage. Problem solved, correct? Unfortunately, even if there is no damage, the company could still incur significant costs as a result of the breach. In most circumstances, IT security departments will require a review of all of the major systems to confirm that the virus did not in fact infiltrate any systems and cause latent damage or a cybersecurity breach. Such an investigation can be extremely costly. At least one study has determined that the average cost to resolve an actual or potential cyber-attack is approximately $600,000. These costs can include forensic and investigative activities, assessment and audit services, crisis team management, and communications internally to executive management and board of directors and possibly externally to shareholders or the public.  

Contributing Author

author image

Miriam Smolen

Miriam Smolen is a partner at the Washington, D.C. law firm of Gilbert LLP. She represents policyholders in complex insurance coverage litigation, dispute resolution, and...

Bio and more articles

Contributing Author

author image

Adrian C. Azer

Adrian C. Azer is Of Counsel at Gilbert LLP.  He focuses his practice on corporate bankruptcy and insolvency matters, complex-commercial litigation and complex claims resolution. ...

Bio and more articles

Contributing Author

author image

Katrina F. Johnson

Katrina F. Johnson is an associate at Gilbert LLP. She represents policyholders in both federal and state trial courts with respect to a wide range...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.