Cyber intrusions make the headlines daily, and because virtually every company, large or small, relies on computers and the Internet to conduct its business, these intrusions present lawyers and clients with a high degree of exposure. As a result, it should come as no surprise that the cyber insurance market currently generates about $2.5 billion dollars in premiums, and current estimates suggest that figure will triple by 2020.
But does every company or lawyer need cyber insurance? And if they do, what types of cyber coverage should they obtain? This article will look at the different types of cyber policies currently available, considerations for determining which coverages to purchase, and how the process of actually applying for the insurance can be a useful tool in assessing you and your client’s current cyber security posture.
Unlike the more established insurance markets, where form policies and policy language are relatively common, cyber insurance policies and the specific insuring agreements vary markedly. Some cyber policies provide for a broad grant of coverage, paying, for example, “event response costs” in response to a “security incident” for any known “triggering events.” Depending upon the definitions within the policy terms, this kind of policy would seem to apply to a variety of cyber incidents and the monetary losses associated with them, although you may wind up paying more for coverage that you really do not need.