Data security breaches are now legion. Cyber attacks often prove to be multi-faceted, resulting in fraudulent transactions, class action litigation,1 identity theft, liability for regulatory actions, and a slew of other disruptions and damages to business operations. It has become clear that hackers can easily cause liability and losses to even the most well-prepared businesses.
To date, the risk management emphasis has largely been dedicated to addressing potential third-party liability threats. Many companies have focused their efforts on buying cyber insurance to protect against a future privacy rights class action litigation, regulatory investigation, or responsibility for credit card assessments and fines. Similarly, those companies that actually have had to call upon their insurance after data theft have largely sought coverage for charges imposed by others for the theft of data belonging to others. Coverage has been sought for defense of suits alleging theft of medical information and fraudulent card charges, as well as for attorney fees incurred for responding to regulatory lawsuits or inquiries.2
