It seems that everyone these days, from President Obama to Facebook account holders, is concerned about cybersecurity. Data breaches and cyberintrusions are front page news, and businesses are warned to take a "when, not if" approach to these threats.
In light of this reality of modern life, more and more businesses are treating data security as one of their most important business risks, and a growing number of insurance companies are offering policies to help businesses prevent and respond to data breaches and attacks. Cyberinsurance policies generally provide both first-party and third-party coverage for such risks. First-party protections include the costs of a forensic investigation to uncover and remediate the breach, retention of privacy lawyers to ensure compliance with relevant laws and regulations, public relations experts to mitigate reputational damage, and companies to notify affected parties of the breach and to conduct credit monitoring, if required. Third-party coverage includes the defense of lawsuits and payment of damages, and coverage for regulatory actions in connection with a security failure, privacy breach, or the failure to disclose a security failure or privacy breach.
