As cyber risks increase, specialized insurance policies can protect companies, but only if those policies are appropriately tailored and negotiated.

Daily news headlines reveal the escalating, and costly, problem of data breaches for companies today. All companies store assets digitally — from consumer personal data, to B2B customer data, to trade secrets, to confidential information relating to mergers and acquisitions. E-commerce sites, financial institutions, social media outlets, and many other businesses depend upon the integrity and availability of their websites and computer networks to operate. Corporate directors and officers have fiduciary obligations to safeguard these assets, and when a breach happens, reputational, regulatory, financial and legal risks abound. Companies are required to comply with explicit security standards or requirements for these types of data, such as the Gramm-Leach-Bliley Act (GLBA), the Sarbanes-Oxley Act (SOX), the Payment Card Industry (PCI) Data Security Standard, and the Health Insurance Portability and Accountability Act (HIPAA), to say nothing of non-US data breach notification laws for global enterprises. Legal risk may be associated with government investigations or private party civil challenges on due care and due diligence issues. Against the backdrop of these diverse threats and vulnerabilities, this white paper evaluates an important method of managing cyber risk: the purchase of a cyber liability insurance policy. This white paper will explain that.