A company that finds itself the victim of a data breach or cyber attack that exposes the personal identifying information (PII) of large numbers of consumers or employees is likely to face a lawsuit from affected individuals. Such a company will want insurance coverage for the ensuing expenses and potential liabilities and may assume that the policy it has in place provides that coverage, particularly where the company has purchased a policy covering cyber-liabilities and related expenses. Unfortunately, that may not always be the case and coverage may hinge on whether there is evidence that any PII has actually been misused, as opposed to merely having been accessed.