As companies recognize that cyber risk cannot be eliminated, only managed, they are increasingly looking to transfer residual cyber risks through insurance. Still, many small and midsize businesses and law firms are going without cyber coverage, perhaps because of confusion about how to get the right policy. Despite the undeniable challenges presented by today’s cyber insurance market, businesses of all sizes can cut through the confusion and obtain the right cyber insurance for their enterprise by following this five step process:
As explained in this post from Wilson Elser and DAC Beachcroft, the NY DFS cyber security regulation explicitly places cyber responsibility on corporate boards. Smart companies are re-examining their D&O and cyber insurance policies in light of this new exposure.
Companies purchasing new insurance coverage or renewing existing insurance policies often have more power than they might realize to improve their insurance policies. Before coverage is bound, insureds may have leverage to negotiate with insurers for more favorable policy terms, conditions, and exclusions. Here are just four areas that potential insureds should consider before a policy is issued.
As social engineering attacks continue to proliferate, insurers are responding with specialized coverages to provide specific social engineering coverage. These coverages often are available as endorsements to Cyber, Commercial Crime, or Fidelity policies. Endorsement may be titled “Social Engineering,” “Fraudulent Funds Transfer,” “Fraudulent Impersonation,” “Business Email Compromise,” or something conveying a similar meaning.
At long last, the GDPR effective date is only weeks away. As companies continue to work towards compliance, many are realizing that despite their best efforts, the odds of achieving and perpetually remaining in 100% compliance are slim to none.
As with any massive compliance undertaking, mistakes and missteps related to GDPR requirements are inevitable, especially in a world where data volumes, connectivity, mobility, and risks continue to increase. Given this reality, companies should think long and hard about transferring some of their GDPR-related risks through insurance. [Read more…]