By now, no company needs to be told about the risk of a cyber-attack or breach. As former FBI director Robert Mueller stated, we are getting to the point where there are only two types of companies: "companies that have been hacked and will be hacked again." To address this risk, sophisticated businesses spend millions in trying to avoid cyber attacks but also in putting a plan in place to respond to a cyber breach. Organizations retain breach coaches and SWAT teams, including cyber attorneys, forensics, and engineers, to help them respond quickly after an attack or breach.
Although businesses often have the foresight to purchase cyber insurance or other coverage to minimize the impact of a breach, companies frequently fail to make insurance a priority in responding to a cyber attack. Any well-developed plan for responding to a cyber loss should contemplate insurance. To make sure premium dollars are not wasted, companies should understand which policies may be implicated by a cyber event, what triggers insurance coverage under applicable insurance policies, and what needs to be done to comply with triggered policies. As a best practice, work with experienced coverage counsel who can help (1) assess existing policies to identify potential coverage and obstacles to coverage; (2) provide notice and comply with terms and conditions as expressly set forth in triggered policies; and (3) submit any losses in a manner that is likely to maximize coverage. In failing to take proper precautionary measures as it relates to their insurance coverage, businesses expose themselves to unnecessary litigation or a total loss of coverage.
Joseph Saka is counsel with Lowenstein Sandler LLP in the firm’s Washington, D.C. office.