Cyber Insurance Market Grows in Aftermath of Data Breaches
As of late, data breaches have catapulted cyber insurance to the fastest growing type of coverage for U.S. companies to purchase. In fact, according…
November 28, 2017 at 03:56 PM
4 minute read
The original version of this story was published on Law.com
As of late, data breaches have catapulted cyber insurance to the fastest growing type of coverage for U.S. companies to purchase. In fact, according to Fitch Ratings, the market for cyber insurance grew 35 percent in 2016, with total premiums up to $1.35 billion, and Allied Market Research predicts that the global market may reach $14 billion by 2022.
Sean Hyatt, counsel at Alston & Bird's insurance litigation and regulation team, advises organizations to seriously evaluate the need for cyber security coverage if they are not already doing so. “No organization is immune from the threat of a data breach, and other types of insurance policies will generally not provide the coverage needed,” he told Inside Counsel in a recent interview.
The growth in this market is likely due to several factors. According to Hyatt, organizations will continue to be more concerned with data security risks, mainly because of numerous well-publicized and expensive data breaches. Certain businesses could face regulatory scrutiny of security practices, including whether cyber insurance is in place. Other types of insurance policies will generally not provide the coverage needed and in fact often specifically exclude data breach coverage.
It is important to seriously evaluate the need for cybersecurity insurance by carefully analyzing key cybersecurity risks and whether they have any insurance in place for those risks.
“Companies should ask, for example, whether they hold personally identifiable information or other confidential information, and consider liability that could arise from unauthorized access to such information,” explained Hyatt. “Another risk might be liability to customers or others if the company's system shuts down. Absent existing coverage for these and other risks, the company should consider purchasing cyber insurance. We recommend consultation with counsel and a broker experienced in this area.”
When it comes to the extent of coverage offered by cyber insurance carriers, there are some frequently asked questions, per Hyatt. He is most often asked about the types of coverages available—although different insurers' forms vary significantly, cyber insurance policies typically cover certain first party expenses resulting from a cybersecurity breach or incident. For instance, he sees coverage for the insured's expenses for the following: engaging counsel to advise and help respond to an incident, hiring a forensic investigation firm, sending privacy notifications to consumers, operating a call center, offering credit monitoring, hiring a PR firm, business interruption losses, data restoration, and cyber extortion.
So what are practical considerations in evaluating cyber insurance policies? According to Hyatt, it is important to consider the risks an organization faces and review the cyber policy forms under consideration to determine whether those risks are clearly covered. The different insurers' forms vary and can often be tailored to fit the insured's needs. So, a company should evaluate the amount of the limits needed, and any exclusions that could limit the desired coverage.
“For example, if the company accepts credit or debit cards, the company may want to ask the following questions: Is compliance with PCI Data Security Standards covered? Are card brand assessments covered? Would there be any contractual liability, fines and penalties, or other exclusions that could limit such coverage?” he said. And if the company holds other types of personally identifiable information or other confidential information, the company will probably want to ensure, to the extent possible, that the policy covers unauthorized access to that information, whether in electronic or hard copy form. The company might also consider whether the policy covers unauthorized access to employee devices and vendor computer systems.
Hyatt added, “We recommend starting the process early and ensuring that the right people are involved to accurately and completely answer the application questions.”
Amanda G. Ciccatelli is a Freelance Journalist for Corporate Counsel and InsideCounsel, where she covers intellectual property, legal technology, patent litigation, cybersecurity, innovation, and more.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
As AI-Generated Fraud Rises, Financial Companies Face a Long Cybersecurity Battle
AI Adoption, Data Center Building Boom Opening More Doors for Cybercriminals, Many of Them Teenagers
Legal Departments’ Lack of Third-Party Oversight Leaving Small, Midsized Banks Exposed
4 minute readTrending Stories
- 1Legal Tech's Predictions for Knowledge Management in 2025
- 2Fenwick Shutters Shanghai Office
- 3Litigators of the (Past) Week: Defending Against a $290M Claim and Scoring a $116M Win in Drug Patent Fight
- 4Litigator of the Week Runners-Up and Shout-Outs
- 5Am Law 50's Head Count 'Holding Pattern' Could Trickle Down
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
