With Looming Attack and Litigation Risk, Lawyers Say Every Business Should Buy Cybersecurity Insurance
Cybersecurity incidents, like ransomware attacks and data breaches, are increasingly making daily news headlines, bringing crushing costs to businesses.
“Cyber insurance policies should be part of any company’s portfolio,” said Jim Carter, of counsel with Blank Rome in Washington, D.C., who represents policyholders who have bought cybersecurity insurance. “Even a company that doesn’t think that it has much risk in terms of handling consumer data. Most do have personal data of employees.”
What is covered?
Cyber insurance pays for a company to hire a cybersecurity firms that conducts a forensic investigation to reveal exactly what happened in an attack. It pays for an attorney who can advise a business about the laws that it must comply with after a breach, Carter said. Many times, companies must provide notice to the people whose data was breached, which is another cost that the insurance covers.
A company might need representation before regulatory agencies that launch investigations into companies that hackers have breached, Carter said.
When a cyberattack leads to people filing litigation against a company, the insurance will step in to pay for defense attorneys and for a settlement or court-awarded damages to the plaintiffs.
“These policies have aggregate limits, and defense is typically maybe subject to the limits. A smaller company, maybe like $10 million is common,” said Carter, adding that major corporations often purchase “towers of policies” with much higher limits. “If you have a large cyber event, it can get eroded pretty quickly.”
To read the full article, please click here.
“With Looming Attack and Litigation Risk, Lawyers Say Every Business Should Buy Cybersecurity Insurance,” by Angela Morris was published in Texas Lawyer on July 8, 2021.