1. 1. Provisions in Cybersecurity Insurance Policies Elizabeth Rogers GreenbergTraurig, LLP rogersel@gtlaw.com ShawnTuma Scheef & Stone, LLP shawn.tuma@solidcounsel.com www.sbot.org
2. 2. 97% - CompaniesTested Breached in Prior 6 mos.
3. 3. There are only two types of companies: those that have been hacked, and those that will be. Robert Mueller
4. 4. Odds: Security @100% / Hacker @ 1
5. 5. Data Breach Cost Per Record: $217.00
6. 6. But, there is hope!
7. 7. www.sbot.org 10 Key Issues in Cybersecurity Insurance Policies
8. 8. www.sbot.org 1.What period does the policy cover?
9. 9. www.sbot.org 2.Will Officers & Directors fall into the gap?
10. 10. www.sbot.org 3. Does policy exclude liability for injuries arising from breach of contract?
11. 11. www.sbot.org 4. Does policy cover actions caused by your vendors and contractors?
12. 12. www.sbot.org 5. Does policy provide excess coverage with a drop-down provision?
13. 13. www.sbot.org 6. Does policy provide coverage for insiders intentional acts as opposed to negligent acts?
14. 14. www.sbot.org 7.What is the triggering event for coverage?
15. 15. www.sbot.org 16 Data Sources Company Data Workforce Data Customer / Client Data Other Parties Data 3rd Party Business Associates Data Outsiders Data 8.What types of data are covered?
16. 16. www.sbot.org Threat Vectors Network Website Email BYOD USBGSM Internet Surfing Business Associates People 9.What kinds of breach events are covered?
17. 17. www.sbot.org 10. How are exclusions for cyber acts of war and cyber terrorism treated?
18. 18. www.sbot.org Additional Cybersecurity Insurance Considerations
19. 19. www.sbot.org Contracts 3rd party liability Healthcare (BA) Software license audit Permissible access & use in policies, BYOD EULA / TOS Marketing FTC Act 5 SPAM laws NLRB rules CDA 230 Website audits IP issues Acct ownership Privacy Privacy policies Privacy & data practices Destruction policies Monitoring workforce Business intelligence Industry Regulation PCI (Payment Card Industry) FFIEC (Federal Financial Institution Examination Council) FINRA (Financial Industry Regulatory Authority) SIFMA (Securities Industry and Financial Markets Association) What other cyber risks events are covered?
20. 20. www.sbot.org What coverage do you need, and how much?
21. 21. www.sbot.org Should you agree to using the carriers list of attorneys and experts?
22. 22. www.sbot.org You dont drown by falling into the water. You drown by failing to get out.