Cyber Insurance – Understand Your Policy
By Eric D. Morton
Every business has insurance of various kinds such as liability insurance, workers compensation insurance, errors and omissions, etc. Businesses also need insurance against attacks that can arrive over the Internet. This can be tricky as illustrated by a lawsuit in Ohio.
A company was the target of a ransomware attack. A hacker gained access to the company’s files and computer systems and encrypted them. After assessing the situation, the company paid a ransom and its systems and files returned to normal. The company notified the carrier of its business owners’ insurance policy. The insurance carrier denied coverage since the attack did not actual damage to the company’s systems or files. The company sued and the case went to the Ohio Supreme Court. The court held for the insurance carrier on the grounds that the plain terms of the insurance policy did not cover the damages claimed.
The Ohio case underlines the importance of businesses understanding the coverage they need for cyber-related losses and making certain they have that coverage. Most business liability policies will provided no or only limited coverage for cyber related losses.
Understand coverage
Business owners should not take for granted that they have adequate coverage just because they see that they have a policy that mentions cyber coverage. They need to access their exposure and understand their coverage.
Most cyber insurance policies cover:
Legal services to meet state and federal regulations
Notification expenses to alert customers that their information was compromised
Lost income from network outages
Lawsuits related to employee or customer privacy
Regulatory fines from state or federal agencies
Businesses should also consider coverage for:
Ransom payments
Data & system recovery
Reputational harm
Media liability – generally for copyright infringement
Cyber incident response
Companies and firms will have special needs, particularly in the legal and medical fields.
Every company will be different depending on their exposure. A careful assessment of the company’s exposure with an IT expert is place to start. Company owners and officers should understand how and where their company can be hurt if its stored data is hacked, its ecommerce website is hit with denial of service attack, or its systems are hacked for ransom, or other threats. This should be followed with an in-depth discussion with a knowledgeable insurance broker to ensure that the company has adequate coverage.
Eric D. Morton is the principal attorney of Clear Sky Law Group, P.C. He can be reached at 760-722-6582, 510-556-0367, and emorton@clearskylaw.com
