Tip: don’t base the owner of the data governance policy on the "org" chart. Appoint someone whose real job it is to manage the data privacy and governance concerns. She or he should have good data from inside the company to establish continuity plans and to modify plans as times and threats change. While many will want to use outside consultants to quickly get up to speed, don’t forget your insurance libraries. I use the Insurance Library Association of Boston
. Yearly membership costs are relatively modest, and they respond to my emails on various insurance topics.
Always ask to see the cyber policy ahead of time. Don’t rely on summaries or websites. You will need to read the fine print. The old adage “don’t judge a book by its cover” is so applicable to the cyber insurance policies.
Numed, a well established company in business since 1975 provides a wide range of service options including time & material service, PM only contracts, full service contracts, labor only contracts & system relocation. Call 800 96 Numed for more info.
Recently, I reviewed the proposed 30-page Policy Document for Cyber Insurance for a small company. The Declarations page displayed cyber incident response limitations of liability which, at first blush, looked ample. The document offered "Limit of Liability: $1,000,000 for each and every claim; legal and regulatory costs:$1,000,000," and so on.
The definitions told the real story. You likely don’t need a $1,000,000 coverage limit if it only pertains to the financial cost of contacting the insurer’s 24/7 cyber incident response line. The same goes for legal and regulatory costs if all that means is that you are able to use the insurer for drafting data breach notifications to governmental entities and customers. Wading through the 8 point font, it seemed that real losses were capped at $50,000. I guess I should have been tipped off when the premium quote for 12 months coverage was so low.
Good cyber insurance is expensive compared to other policies. In part, the higher premium costs are reflective of the reality that cyber claims are now routine. Consider whether it makes sense to seek longer-term coverage if possible. Some insurers are contemplating exiting the market because of the high number of claims and the sad reality exists that cyberthreats are now a permanent business threat.
About the author: Robert J. Kerwin is general counsel for IAMERS, the International Association of Medical Equipment Remarketers and Servicers Inc. and a member of the HSCC Legacy Medical Device Task Force.
Back to HCB News