By Adrejia L. A. Boutté Swafford,  Partner/Attorney at Christovich & Kearney, LLP

According to the Merriam-Webster.com Dictionary the term, “cybersecurity,” first used in the year 1998, are the “measures taken to protect a computer or computer system (as on the internet) against unauthorized access or attack.” What happens when you failed to properly protect? You get hacked, phished, breached, or the victim of countless other types of cybercrimes. Cybercrimes cost money, reputation, or even one’s

livelihood. Protect yourself before and after the crime. Get cyber risk insurance.

There should be a legal mandate requiring cyber risk insurance in the United States.  The rationale for this requirement should in part be influenced by the fact that the increasing number of cyber liability policies are partially motived by the ever-developing mandatory notifications of data breach laws and the high costs of said notifications to consumers. Moreover, the ever-developing world of technology, and increasing use of the Internet of Things (IoT) devices, simply create a mountain of vulnerabilities which extend far beyond the commercial walls of a business.  The threat has evolved past the Fortune 500 company’s poor firewalls and has easily entered the homes and smart devices of every person living “on the grid.”

Cyber risk means something slightly different to an individual than to an entity. Nevertheless, people are at the heart of both.  “Cyber risk includes any risk associated with the online activity, such as storing personal information online or completing online transactions.  This includes damage to you or your business’ reputation, loss, or disruption to your life or your business operations.” How we define our degree of cyber risk, prior to an actual cyber attack event, is often directly correlated to what we believe we can afford to lose.  Instead, the risk should be directly correlated to our value; what we have to lose.

Annually, an estimated $8.5 billion are incurred for cyber-related losses. The value of data and information put at risk for an individual and/or an entity will greatly increase as the number of violations and breaches continue to escalate. The cost of this risk is not only quantitative–as in it will cost an exact amount of money to recover from the breach but, it can also mean exposure to fines, criminal charges, and/or the value in a name.

Insurance is generally procured to transfer risk from one to another. We also obtain insurance for financial reimbursement after a loss.  Cyber risk insurance can offer more than financial recoupment for actual loss. Many cyber risk policies bring breach coaches, attorneys, reimbursements after paying ransom fees, and access to other experts and risk management plans.  Cyber risk coverage can come in the form of a stand-alone policy or an add-on or an endorsement to an existing policy.  It is not typically covered under traditional homeowner’s policies or commercial general liability policies.

A cyber risk insurance policy is just as practical as buying health insurance or automobile insurance. Although we have, as U. S. citizens, governmental and regulatory bodies in place to help prevent and protect us from a cybercrime or cyber incident; it is not enough.  The alternatives, to cyber risk insurance, simply help us mitigate our exposure. They do not and cannot prevent the inevitable so don’t forget to:

  • Assess your risk,
  • Beef up your cybersecurity,
  • Consult with a cyber risk specialist,
  • Be clear about your risk to you when you meet with your insurance broker/agent, and
  • Get a tailored cyber risk insurance policy.

About the Author

Adrejia L. A. Boutté Swafford is an insurance defense attorney at Christovich & Kearney, LLP in New Orleans, Louisiana. She has practiced commercial defense litigation for over 12 years, focused on: insurance coverage disputes, homeowners‘ insurance policies, automobile insurance policies, toxic torts, premises liability claims, assisted living facility issues, construction law claims, and workers‘ compensation; among other areas.Adrejia also offers services on compliance-related matters, including but not limited to, corporate consultation (regarding organizational/business ethics, state, federal, and industry standards) and litigation work based on general compliance issues and cyber risk insurance policy issues.