(216) 609-3940
SandRun Risk
  • Home
  • What We Do
    • Risk Management
    • Insurance Claims
    • Insurance Archaeology
  • Blog
  • About
    • Team
    • Our Company
    • Articles
  • Contact

Cyber Policies - Avoid Gaps in Coverage!

7/1/2016

0 Comments

 
Picture

​​Over the last several years, cyber liability has increased through hackers, rogue employees, human error, social media, mobile devices, ransomware, and cloud computing, to name a few.  ​

​Hacking and malware are the largest sources of cyber liability. The average cost per cyber claim has increased from $2.9 million in 2014 to $4.8 million in 2015. As a result, cyber coverage continues to be an important risk transfer device for companies to consider.  
 
There are over 60 unique insurance markets - domestically, in the United Kingdom, and in Bermuda - that are providing cyber coverage. A policyholder must carefully review the cyber coverage policies offered by the various insurance carriers as the wording and coverage provided varies from insurance carrier to insurance carrier. Some insurance carriers are offering systems failure coverage and breach response coverage, while other insurance carriers are not. 

When reviewing the cyber insurance policy, it is important for the company's risk manager and broker to know the company's business inside and out. They must understand the top risks to the company and identify those that are insurable and those that are not. They must understand the contracts entered into by the company and the risks assumed in those contracts. Then, when reviewing the cyber policy language, they must make sure that the policy language covers the risks and potential risks of the company. 

The risk manager and broker should confirm that there is breach response coverage (IT forensic experts, legal experts, call center services, credit monitoring, identity theft monitoring, public relations, etc.), first party coverage (network business interruption, dependent business interruption, system failure, digital asset coverage, cyber extortion payments, etc.), and liability coverage (failure of network security, failure to protect/wrongful disclosure of information, privacy or security related regulatory investigation, media content infringement, etc.). 
 
A breakdown in the risk analysis related to cyber coverage can be very costly to a company.    

Recently, in P.F. Chang's China Bistro, Inc. v. Federal Insurance Company, 2016 U.S. Dist. LEXIS 70749 (D. Ariz. 2016), the court held that P.F. Chang's cyber liability policy did not provide coverage for over $1.9 million in fees and assessments that P.F. Chang was required to pay Bank of America Merchant Services ("BOA"). BOA had provided P.F. Chang with credit card processing services. Under the Master Services Agreement ("contract") between P.F. Chang and BOA, P.F. Chang was required to reimburse BOA for fees, fines, penalties or assessments BOA paid to MasterCard.  After hackers stole approximately 60,000 of P.F. Chang's customers' credit cards, BOA paid over $1.9 million in assessments to MasterCard and sought reimbursement of those costs from P.F. Chang per the contract.  The cyber policy issued by Federal Insurance Company contained an exclusion for any loss or expense that P.F. Chang assumed under a contract.  The court held that per the exclusion, there was no coverage for the assessment costs paid per the BOA contract.

This case highlights the importance of a company performing a thorough cyber risk assessment and performing a thorough review of the language in the cyber policy it is considering to purchase to make sure that there are no gaps in coverage.
0 Comments



Leave a Reply.

    Authors

    Lori Siwik and Mark Siwik are the founders of SandRun Risk.  They apply the principles of vertical leadership and lean six sigma to the discipline of risk management.  From time to time they share their blog with guest authors who write about important risk management principles.

    Categories

    All
    Insurance Claims
    Mergers And Acquisitions
    Risk Management

    Archives

    May 2022
    December 2021
    September 2021
    August 2021
    July 2021
    June 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    June 2017
    May 2017
    March 2017
    December 2016
    November 2016
    October 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    June 2015
    May 2015
    April 2015
    March 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    May 2014
    April 2014
    March 2014

    Categories

    All
    Insurance Claims
    Mergers And Acquisitions
    Risk Management

    RSS Feed

What We Do.

Risk Management
Insurance Claims
Insurance Archaeology

Blog.

About.

Team
Our Company
Articles

Contact.

Legal.

Privacy
Terms of Use
 
Copyright ©2014 | 4199 Kinross Lakes Parkway, Ste. 275 Richfield, Ohio 44286 | 216-609-3940 | info@sandrunrisk.com