.

Tuesday, October 13, 2015

Insurance for data security breaches


WGA InsureBlog has an interesting article on insurance for data breaches. Although some of the statistics in the article strike me as overblown, the basic point seems about right:


Insurance protection for privacy-related breaches by employees and vendors can be addressed in various types of insurance policies, but not all will protect an insured from all acts of insiders. The variability of insurance coverage for “insider” breaches reflects the polyglot state of affairs in the cyberliability world. Coverage problems can arise from the nature of the particular insurance policy at issue (for example, an E&O policy versus a privacy policy) and from insurers’ inherent aversion to paying for intentional wrongdoing — an aversion that can miss important distinctions among the guilty and the innocent. Companies and their advisors need to be alert to the nuances in policy terms to make sure that insurance insult is not added to injury after a breach caused by an insider.