When Cyber Liability insurance policies were first developed they focused on addressing data breach exposures involving the loss or theft of protected personal information, and the resulting expenses that occur because of the breach. This includes the costs involved in investigating a breach and notification. While still very much a part of the fundamental coverage provided in Cyber policies, in recent years additional coverages have been added to address emerging risks.
These risks have included denial of service attacks as well as attacks aimed at the destruction of information and systems. Additionally, the rise in cyber extortion and ransomware and funds transfer frauds utilizing social engineering and electronic communications to dupe business employees into making wire transfers to bank accounts controlled by criminals has insurers adding additional coverages to Cyber policies to respond to these types of exposures. Often, the resulting damages go beyond investigation and notification costs, and include economic losses as a result of the inability to access systems and a wide range of third-party claims by corporate and individual customers, business partners, and others affected by the event.
We are also increasingly seeing regulatory and legal proceedings alleging failure by a business to comply with the various laws and regulations that require cyber security protection to be in place or require disclosure of data collection and security practices, with resulting fines, injunctive relief and potentially other damages awarded for non-compliance. Some Cyber policies are now designed to respond to provide defense coverage for regulatory and legal proceedings. This is particularly important for those in healthcare.
To address these types of risks, not only should a business have a strong Cyber policy in place that provides various coverages specific to the exposures it faces, but it should also ensure that other policies are a part of its comprehensive insurance portfolio. Depending on the business, this may include Professional Liability or Errors and Omissions (E&O) insurance. Directors & Officers (D&O) insurance should also be examined to address claims by shareholders against boards of companies that sustained data breaches for their role in alleged inadequate cyber security or breach response.
RPS provides customized Cyber Liability policies and can work with you to tailor coverage features and terms specific to your clients. We also provide E&O, D&O, and other policies that can be designed to respond to the various facets of today’s increasing cyber liability exposures.