Companies without Incident Response Plans (IRPs) may not be able to get Cyber Insurance!

13 December 2016 Internet, IT & e-Discovery Blog Blog
Authors: Peter Vogel

The National Association of Insurance Commissioners (NAIC) Cybersecurity Task Force reported that insurance companies “will probably want to see the business’ disaster response plan and evaluate it with respect to the business’ risk management of its networks, its website, its physical assets and its intellectual property.” The November 17, 2016 NAIC Cybersecurity Report made it clear that going forward businesses must have IRPs or else the might not be eligible for cyber insurance “policies might include one or more of the following types of coverage”:

Liability for security or privacy breaches. This would include loss of confidential information by allowing, or failing to prevent, unauthorized access to computer systems.

The costs associated with a privacy breach, such as consumer notification, customer support and costs of providing credit monitoring services to affected consumers.

The costs associated with restoring, updating or replacing business assets stored electronically.

Business interruption and extra expense related to a security or privacy breach.

Liability associated with libel, slander, copyright infringement, product disparagement or reputational damage to others when the allegations involve a business website, social media or print media.

Expenses related to cyber extortion or cyber terrorism.

Coverage for expenses related to regulatory compliance for billing errors, physician self-referral proceedings and Emergency Medical Treatment and Active Labor Act proceedings.

It seems likely that businesses without IRPs are less prepared for the cyber intrusions that will occur…when, not if, and may not have cyber insurance!

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.

Authors

Related Services