When people think of cyber losses and cyber insurance, they tend to think of privacy breaches. The exposure of personally identifying information and concomitant risk of identity theft, which is followed by notification costs and regulatory fines is a recognized threat. More and more, though, the interruption of day to day business is the highest cost of a breach. These losses can lead to lost sales, lost productivity, reputational damage, and missed deadlines leading to breach of contract.
The Atlantic hurricane season lasts from June to November, with the peak season from mid-August to late October. The Eastern Pacific hurricane season begins May 15th and ends November 30th. When hurricanes take form, they cause heavy rains that can lead to extensive flood damage in coastal and inland areas. They are capable of producing winds in excess of 155 miles per hour as they barrel through the coastal areas and cause catastrophic damage. The best way to minimize damage from a hurricane is to be prepared before one strikes, are you prepared?
More and more companies are purchasing cyber insurance as the risks to the company’s businesses from the breach of their networks expand. More companies are also requiring that their vendors and contractors obtain cyber insurance to protect themselves from breaches caused by third parties. As the cyber insurance market place grows, it’s important for companies to know what they get with their cyber insurance policies to maximize the advantage of their purchase.
The failure to understand insurance coverage can create significant gaps in a company’s exposure. Businesses need to make sure they understand the terms of their policies when shopping for coverage to make sure what looks like a good deal isn’t paying a little less money for a lot less coverage. Professional liability policies, also known as errors and omissions coverage, can create some of these issues simply because of the way these policies vary from normal insurance coverage.
A trend has existed in recent decades increasing the liability of corporate directors for their failures to adequately oversee the companies they are in charge of. Directors and Officers liability insurance policies were created to address this liability trend. Directors and Officers insurance, commonly referred to as D & O insurance, is normally purchased by the corporation and indemnifies the directors, officers, and executives of the corporation from lawsuits filed alleging they acted negligently in running the company. In this sense, D & O insurance functions like malpractice insurance for CEOs and Chairmen of the Board.
The cyber market has evolved incredibly in a few short years. It’s been barely more than twenty years since the internet became a ubiquitous presence in the lives of most Americans. As cyberspace has grown, the risks attendant on cyberspace has grown as well. To meet the challenges of combining scope and risk, legislators and courts have had to move quickly to regulate this area and protect individuals from loss. At the same time, insurance companies have had to tailor policies to protect companies from the risks of doing business online.
Commercial general liability policies provide insurance on a per occurrence basis. What constitutes an occurrence, though, is an area of significant debate. This is an issue that constantly arises in construction cases, especially construction defect. The commercial general liability standard language defines an occurrence as an “accident . . .”. Yet courts have divided on whether faulty workmanship in the course of construction constitutes an “accident” and therefore an “occurrence” triggering coverage under a commercial general liability policy.
The clash between the stringent privacy requirements of HIPAA and the known vulnerability of most cyber systems creates a host of anxieties for most modern medical care providers. The Health Insurance Portability and Accountability Act requires that medical providers and insurers take reasonable precautions to ensure that the medical information of their patients remains private. At the same time, it is increasingly apparent that almost all cyber information systems have at least a few vulnerabilities, even if only through their users, and few systems can withstand a dedicated, concentrated cyber assault.
Wire transfer fraud claims resulting from cyber attacks have increased dramatically over recent years, and companies are losing millions of dollars in these attacks. As is common when a new business risk develops, organizations look to their insurance policies to help cover their losses. As we have shared in previous examples, the coverage is not always adequate.
The extent of coverage for a company that has been a victimized may be sparse, and the costs of any breach are ongoing. Consequences of a fraudulent wire transfer depend not just on the specific wording in the policies a business has purchased, but as seen in the following instances, also being upheld differently in different states.
When people think of Directors and Officers Liability Insurance, they often think of massive, publicly traded multinational corporations and shareholder derivative lawsuits that allege damages in the billions of dollars. This can lead smaller, private companies to assume that such coverage does not provide them with significant benefits. Yet these policies can cover a number of different types of losses that impact small companies. All businesses should consider whether directors and officers liability coverage might help them better manage their risks.