Cyber-risk, Privacy, and Internet Insurance
Though some businesses perceive cyber-risks as new, the reality is that companies have faced and managed computer-related and internet-related liabilities since the late 1990s. As a policyholder lawyer, Marc Mayerson has provided counsel and provided thought leadership on related insurance-coverage issues since that time. The author of several articles on computer-based or cyber-related insurance published over the past 16 years, Marc Mayerson and The Mayerson Firm PLLC can provide sound advice and representation to businesses and nonprofits on the peril of cyber-related loss. With the ever shifting nature of cyber-, internet-, or web-based liability, clients benefit from having a policyholder lawyer as part of the response team.
Directors and officers face the risk of liability from inadequately managing cyber-risk. Consequently, there is an important intersection between directors and officers insurance and cyber-risk and cyber-risk policies. Board members oversee the information security practices at their organizations, and companies engaged in mergers and acquisitions need to be aware that intellectual property of the company being acquired may have been compromised by data-security breaches that had not been detected before the acquisition, meaning that the crown jewels being acquired are paste and not unique. The board needs to provide oversight regarding information security, due diligence, vendor relationships, cloud computing, and more, and the company and the members themselves need to ensure that they are protected from claims of nonfeasance or mismanagement but also that they are indemnified or insured if such claims are made. Indeed, the purchase of D&O insurance or cyber-risk insurance policies provide the opportunity for stakeholders to evaluate the information security practices and the shifting risk profile associated with the use of computers and communications technologies. (The recently published guidelines by NIST also provide a useful framework for these discussions with the Chief Information Security Officer (CSO), the Chief Information Officer (CIO), senior business managers, risk managers, and board representatives.) As coverage counsel, Marc Mayerson provides insight to ensure that board members are fully protected under company- or individually purchased insurance policies.
Companies face the risk of liability from data breaches leading to remediation costs, notification costs, and potentially credit-monitoring costs. There is a burgeoning, albeit still developing, array of insurance offerings intended to provide some measure of insurance coverage for data breach and its attendant costs. As an immature product, there are crucial differences among the various insurance policies on the market, and any individual "cyber" policy might not dovetail with the actual risk exposures of the particular insureds. Consequently, one of the most valuable services provided by The Mayerson Firm PLLC as coverage counsel is to review and help tailor proposed cyber-risk policies, working closely with risk managers, CSOs, and CIOs to ensure that the policies being purchased provide real value.
The market uptake of cyber-risk policies is increasing, especially following the recently promulgated exclusions to standard Commercial General Liability (CGL) policies meant to limit or exclude coverage for cyber-based liability. Thus, a broad-minded analysis is needed to guage how cyber policies and liability policies (personal injury and advertising injury cover ("coverage B"), bodily injury tied to some chip failure or firmware hacking, or physical property damage occurring from a cyberhacking or cyber-terrorism. (Even NATO has warned that "cyber attacks [might] caus[e] real physical damage and risk human lives.") Coverage counsel such as provided by The Mayerson Firm PLLC can ensure there are no surprises later when a claim arises.
Business to business transactions, including systems communications to facilitate just-in-time processes, increase the dependency of the company to the cyberrisks of its counterparties and business partners. And as companies and nonprofits turn to the "cloud" to provide data storage and other services, a data breach at the cloud provider can have disastrous consequences. Thus, even the most vigilant company faces the risk that its upstream and downstream relationships can expose it to the risk of loss from the cyber peril -- again necessitating the careful review whether the company is choosing to accept risk, avoid risk, mitigate risk, or transfer risk via insurance instruments. With nearly thirty years' experience as a policyholder lawyer and as a leader the use of computers and technology in law practice, including ediscovery, Marc Mayerson has the familarity with the technologies and the insurance coverage to provide unique insight to safeguard the interests of the policyholder.
While consumer privacy claims may be the top of mind focus -- and the easiest to insurer in today's insurance markets -- the proper presentation of data-breach claims under the new insurance policies calls for experienced coverage counsel to maximize the likelihood of recovery (and to shape the proper expectations of management as to how much insurance policies might indemnify following a loss). Every case that will be litigated over the next half-dozen years will break new ground in insurance law, which is why Marc Mayerson's nearly thirty years' experience and concurrent law-school-teaching and article writing equips him to provide creative -- and cost effective -- representation.
Consumer-privacy remediation following data breach may lead to claims from credit-card issuers and brands regarding monetary claims from the Payment Card Industry Data Security Standard (PCI DSS) and violation of payment account security throughout the transactional process with credit-card holders. Insurance may be available to cover this risk, and The Mayerson Firm PLLC can assist in negotiating wordings, evaluating coverage, and presenting claims to insurers.
Any number of first-party risks, a system failure, a cloud failure, a denial-of-service attach, or the like, can pose business-continuity risks, and insurance may be available for direct business loss and the extra-expense of co-location or disaster-recovery expenses following the policy-specified interruption, sometimes measured in terms of hours. Polilcyholders can turn to The Mayerson Firm PLLC to aid them in reviewing policies and properly presenting claims for coverage.
Indeed, companies providing mobile applications for their services face product- liability risks and more generally negligence and privacy-breach risks due to an "app" that it developed (or more often, outsourced the development of). As coverage counsel, The Mayerson Firm PLLC can provide timely advise to ensure that the insruance being purchased matches the risk of liability.
All companies, nonprofits, charities, labor unions, and trade associations with websites face the risk of media liability from their content, for which insurance is available. Internal websites (intranets), extranets, chat rooms, social media platforms all pose risks for which insurance may apply. Having a policyholder lawyer such as Marc Mayerson ready to help ensures that the fullest recovery under insurance is obtained.
Companies with significant exposures on the cyber front now can turn to captive-insurance mechanisms or "fronting" policies with reinsurance backing to transfer the cyber risk. Marc Mayerson has nearly three decades' experience working with captives, fronting policies, and reinsurance-led programs to achieve the goal of moving a loss successfully off the corporate balance sheet to private reinsurance and capital markets.
With more than a billion dollars of premiums in the cyber market, policyholders can be sure that an increasing number of confusing and competing offerings will be available for purchase, such as excess and difference-in-condition (DIC) policies, and significant monetary losses are sure to spawn coverage denials, insurer dissembling, and coverage litigation as insurers themselves worry about their voluntarily assumed risk portfolios. As coverage counsel, the Mayerson Firm PLLC stands ready to pursue meritorious claims by policyholders to obtain the fullest indemnification for which they paid and to which they are entitled.