Top-ranking U.S. officials continue to stress the importance of securing adequate protection in the event of cyberliability losses. Most recently, those efforts have been directed to financial institutions, an industry particularly susceptible to cyber attacks. On December 3, 2014, United States Deputy Secretary of the Treasury, Sarah Raskin, delivered a speech at the Texas Bankers’ Association Executive Leadership Cybersecurity Conference wherein she provided banks with a simple checklist to consider before a cyber attack occurs. Notably, one item on the Deputy Secretary’s checklist was cyberliability insurance – coverage at which the Deputy Secretary recommended all banks take a hard look.
In her speech, the Deputy Secretary stated that while new, the cyberliabity insurance market is growing, noting that “[m]ore than fifty carriers now offer some type of cyber insurance coverage…for organizations of all sizes, from small, family-owned shops to Fortune 500 companies.” Raskin described the cyberliability insurance market as “a mechanism that bolsters cyber hygiene for banks across the board.” She explained that cyberliability insurance not only provides a measure of financial support in the event of a cyber attack, but the underwriting processes associated therewith can also present banks with useful information to assess existing risk levels and the ability to identify those tools and best practices that the organization may currently be lacking.
The Deputy Secretary emphasized that the financial costs associated with cybersecurity incidents are only increasing, with losses stemming from “an array of cyber risks ranging from liability and costs associated with data breaches to business interruption losses and even tangible property damage caused by cyber events.” Raskin encouraged bank CEOs and boards of directors to consider whether their insurance is adequate based on their company’s cyber risk exposure.
For these reasons, policyholders should seek guidance from experienced coverage counsel who can undertake a review of your existing insurance program to ensure that it provides adequate protection in the event of a data breach or other cyberliability loss.