Insurance Coverage for Data Breaches and Privacy Violations: Are Your Corporate Clients Adequately Protected?
Anthem, Target, Wyndham and numerous other businesses have been hit with major data security breaches in the past few years. Data breaches are ubiquitous, seemingly hitting the headlines nearly every day. Beyond the headlines, every business is vulnerable to sensitive data breaches as hackers grow in number and sophistication.
Data breaches can implicate coverage issues under a number of different types of business insurance policies. In addition to strong data privacy policies and processes, counsel should evaluate existing and new types of coverage as a critical component of loss transfer and mitigation. In addition to “traditional” or “legacy” types of business insurance policies, there are cybersecurity and data privacy related insurance products.
Josh Mooney, co-chair of the Cyber Law and Data Protection Group, joins a panel to provide insurance counsel with an overview of the current issues surrounding data breach and privacy violation claims and litigation. The program analyzes how existing commercial liability insurance policies as well as specialty cyber policies may provide coverage for third-party liability and defense costs. The program also explains how coverage can reach other exposures, such as regulatory investigations, fines and penalties, and the first-party costs associated with managing a data breach event, including notification, hiring “breach coach” counsel, forensic investigation, public relations efforts, call center services, and ID theft insurance, among others.
Key issues include:
- Which policies typically may yield the most recovery for costs and expenses arising from the breach such as notification, credit monitoring and public relations?
- Whether potential coverage still exists under the more “traditional” personal and advertising injury liability coverage section of CGL policies?
- When might D&O and E&O coverage respond to cyber risks?
- Are the “cyber” policies providing adequate protections to the companies who were early purchasers of these new products?
- Whether there is indemnity coverage for statutory damages arising under the TCPA or other privacy-related statutes?