Transcript of Provisions in Cyber Insurance Policies - State Bar of Texas Annual Meeting 2015 #SBOT15
- 1. Provisions in Cybersecurity Insurance Policies Elizabeth
Rogers GreenbergTraurig, LLP rogersel@gtlaw.com ShawnTuma Scheef
& Stone, LLP shawn.tuma@solidcounsel.com www.sbot.org
- 2. 97% - CompaniesTested Breached in Prior 6 mos.
- 3. There are only two types of companies: those that have been
hacked, and those that will be. Robert Mueller
- 4. Odds: Security @100% / Hacker @ 1
- 5. Data Breach Cost Per Record: $217.00
- 6. But, there is hope!
- 7. www.sbot.org 10 Key Issues in Cybersecurity Insurance
Policies
- 8. www.sbot.org 1.What period does the policy cover?
- 9. www.sbot.org 2.Will Officers & Directors fall into the
gap?
- 10. www.sbot.org 3. Does policy exclude liability for injuries
arising from breach of contract?
- 11. www.sbot.org 4. Does policy cover actions caused by your
vendors and contractors?
- 12. www.sbot.org 5. Does policy provide excess coverage with a
drop-down provision?
- 13. www.sbot.org 6. Does policy provide coverage for insiders
intentional acts as opposed to negligent acts?
- 14. www.sbot.org 7.What is the triggering event for
coverage?
- 15. www.sbot.org 16 Data Sources Company Data Workforce Data
Customer / Client Data Other Parties Data 3rd Party Business
Associates Data Outsiders Data 8.What types of data are
covered?
- 16. www.sbot.org Threat Vectors Network Website Email BYOD
USBGSM Internet Surfing Business Associates People 9.What kinds of
breach events are covered?
- 17. www.sbot.org 10. How are exclusions for cyber acts of war
and cyber terrorism treated?
- 18. www.sbot.org Additional Cybersecurity Insurance
Considerations
- 19. www.sbot.org Contracts 3rd party liability Healthcare (BA)
Software license audit Permissible access & use in policies,
BYOD EULA / TOS Marketing FTC Act 5 SPAM laws NLRB rules CDA 230
Website audits IP issues Acct ownership Privacy Privacy policies
Privacy & data practices Destruction policies Monitoring
workforce Business intelligence Industry Regulation PCI (Payment
Card Industry) FFIEC (Federal Financial Institution Examination
Council) FINRA (Financial Industry Regulatory Authority) SIFMA
(Securities Industry and Financial Markets Association) What other
cyber risks events are covered?
- 20. www.sbot.org What coverage do you need, and how much?
- 21. www.sbot.org Should you agree to using the carriers list of
attorneys and experts?
- 22. www.sbot.org You dont drown by falling into the water. You
drown by failing to get out.