Insurance for privacy breach?

Steptoe & Johnson, a large law firm headquartered in Washington, DC, publishes a newsletter called the Cybersecurity Advisor.  A good source of alerts.

A recent one tells the story of a company that had a data breach potentially involving 2.4 million customers. There were a lot of law suits and investigations.

The company’s insurer refused to cover the costs of defense, saying the general liability policy doesn’t cover this breach.

So, you have a potential hazard (data breach) with a huge potential impact (2.4 million customers suing you, plus government, plus reputation and brand damage) = large risk.  While you put controls in place to prevent the hazard, one of the mitigations you have in place if the hazard occurs is insurance.  Or so you thought.

Should the directors have thought about this? The (former) managers?


Leave a comment

Filed under Duty of Care, Protect assets, Risk, Value

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s