By Rob Starr, Big4.com Content Manager
If you stop and look at what’s become the vast cybersecurity ocean for a moment, it shouldn’t be a surprise that the insurance industry is stepping up to try and quell the collective organizational anxiety about the consequences of a data breach.
The waves that can arise from corporate, nation state or even individual hack and/or breach can be devastating and that’s why innovators are stepping up to help today’s companies sail around the hidden rocks lurking just under the surface.
Katherine Dawson Varholak is a partner at the national law firm Sherman & Howard. She has several years of experience with the U.S. Department of Justice handling federal government
agencies in federal appeals and now she’s turned to specializing in cybersecurity.
One size doesn’t fit all
Dawson Varholak began a conversation with Big4.com recently by warning against a one size fits all approach to getting the right policy.
“Getting coverage is complicated because the risk is so multifaceted,” she says. “It involves what’s called both first party risk which involve direct damage and costs incurred by your company in responding to cyber breaches like notification expenses, computer data and information loss and public relation outlays.”
The third party risks involve liability damages and corresponding costs like attorney’s fees incurred in responding to allegations made against a company.
Dawson Varholak says there’s an existing gap between the areas and proper cyber insurance needs to build a bridge between the two.
“In traditional insurance markets you typically have a policy that either insures first party risk or third party risk. In the cyber world, you need to have a policy that covers both,” she says adding that another element that needs to be looked at is the scope of offering insurance on something with such potentially catastrophic consequences.
“The carriers want to take a careful look at what they’re insuring,” says the attorney who came to cyber insurance from the litigation and trial group at Sherman & Howard where one of her focuses was on insurance recovery where she represented corporate clients against their insurance companies.
Of course some of the coverage that comes with these new policies is just as unique as the threats and issues that are at the forefront of cybersecurity itself. Dawson Varholak explains how management needs to be aware of their responsibilities.
“Some companies may face directors and officer’s liability risk if there is an issue involving their approval or lack of compliance with cyber protections that might be in place,” she says. “D&O coverage is its own separate coverage and is usually not included as part of a standalone cyber policy and is certainly not part of a typical commercial general liability policy.”
She stresses it’s important to have a good idea of the cyber risks that might be pertinent here and talking with an informed broker is a excellent idea.