The sales of cyber-insurance policies has spiked sharply this year, mainly due to the increased attention and scrutiny of massive data breaches from Target and Neiman Marcus over the last holiday season. Also, in what was once an uncommon occurrence, banks are now suing retailers who have been victimized by hackers accessing mission-critical data. These threats against corporate data have finally caused many businesses to seek out risk management practices, such as insurance coverage, to protect against loss.
In general, most cyber-insurance policies cover the cost of a data breach investigation, customer notification and credit-monitoring services, as well as legal expenses and damages resulting from consumer class action litigation. According to The Wall Street Journal today, general liability insurers are expected to adopt language specifically excluding damages arising out of cyber-attacks. The nuances of the policies have still not been perfected, and companies should have an attorney who understands this area of law examine the scope of coverage contained within each policy. Doing due diligence will help organizational leaders better determine if the insurance premium benefits the company from a cost-savings standpoint.