Cyber-security law encompasses many businesses. Companies that maintain customer credit card numbers, Social Security numbers, or medical information that should remain private and not exposed to third parties are all at risk for cyber security claims. In recent years, massive amounts of customer data, such as credit card numbers being attacked, have increased. Companies that expose customers’ private data may be subject to reporting obligations that vary by state law, and are open to civil law suits by customers, banks, and clients whose data was exposed.
Any company that maintains customer or client data on computers, servers, or networks, or uses third-party vendors to maintain customer or client data, is at risk for cyber security-based claims.
Some insurance coverage applies to cyber security risks, such as data breaches. A broadly written insuring agreement may provide coverage for hacking and the theft of consumer data. Crime policies may also contain endorsements that provide coverage for computer fraud, computer theft, or other data extraction.
Other policies may provide coverage for cyber claims, whether in the insuring agreement or by special endorsements to the policy. First party “all risk” policies may provide coverage for lost income, or extra expenses incurred by the policyholder, caused by cyber incidents. Errors and omissions policies also may provide coverage for cyber-based losses. Directors and officers policies, depending on how broadly they are worded, may provide coverage for cyber-based claims, such as litigation and investigative costs.