In the aftermath of the many Sony data breaches, the firm faces 58 class-action lawsuits. In addition to the lawsuits, Sony (SNE) has a cyber-liability coverage problem. Help Net Security writes that an unexpected development could throw a wrench in Sony’s plans to reduce their losses. The article explains that Zurich American Insurance Company, one of Sony’s insurers, has petitioned the Supreme Court of New York to exonerate it from compensating Sony for the losses that it might incur if it loses any of the many lawsuits being filed against it due to the recent breaches.
According to Computerworld, this situation has highlighted, in cases of cyber-attacks and data breaches insurance has become a separate coverage not included in the General Liability policy. Also, the companies need to look carefully at what a cyber-liability insurance policy includes since it often covers the cost of recreating lost data but rarely the costs that stem from the breach, such as legal expenses and data notification costs.
According to Alan Paller, director of research at the SANS Institute, there are very few insurance companies whose cyber-liability insurance policy includes those costs. And with those who do, the high premiums and limited payouts – not to mention that the onus to prove that they have made an adequate effort to keep intruders out rests with the company – make many businesses decide against it.
rb-
I covered this wrinkle in cyber-insurance back in 2011, here. Proper risk management includes planning for events and how to mitigate those events. Does your firm have cyber liability coverage? Does it even know its general from its cyber liability coverage?
Related articles
- Cyber Liability Coverage – Is it needed? (insurewise.wordpress.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.