Cyber-Risk Insurance Update: Claims Increase and Policies Evolve

What do the U.S. Office of Personnel Management, Target, Anthem, Sony, P.F. Chang’s and the State Department have in common? In recent months, each has been the subject of a cybersecurity attack or data breach. Over the past two years, the rate of data breaches and related disclosures has only increased. Cyber-risk concerns initially appeared to be primarily confined to retailers, banks, credit card companies and other businesses that maintain large volumes of personally identifiable information (PII). Today, the risks are even more widespread. Companies that maintain PII or other sensitive records on a network or that conduct business online have addressed (or should address) these risks through privacy policies, employee training, incident response plans, contractual protections with vendors and network security technology. In this article, SRZ partner Howard B. Epstein and special counsel Theodore A. Keyes discuss why companies should also consider whether cyber-risk insurance should be part of their risk management approach.