In the wake of what seems to be daily announcements of new data security breaches and increased regulatory oversight over company information security and privacy practices, companies are looking for ways to minimize risks associated with the seemingly inevitable data security breach. In the current environment where the issue is when, not if, a company will be breached, maintaining adequate insurance to protect against the risk of data security breaches is now more important than ever. Cyber insurance is often the “last line of defense,” in the event of a breach, and regulators increasingly deem cyber insurance an essential component of a sound risk management strategy. SEC Guidance that was released in 2011 provides that companies should fully and accurately disclose cybersecurity risk factors, including a “description of relevant insurance coverage.” Further, traditional commercial general liability (“CGL”), Directors & Officers (“D&O”), Errors & Omissions (“E&O”), Crime, and other policies also may be valuable assets in the event of a data security breach.
This client alert briefly outlines issues companies should consider when purchasing cyber insurance, and also explains why traditional policies should not be left on the table in the event of a data security breach.
Please see full alert below for more information.