Insight

Cyber Coverage Pitfalls

Institutional data breaches are, unfortunately, more common (and more costly) than ever. Cybersecurity insurance can help—but is your firm’s policy really as ironclad as you think?

Digital lock shatters into pieces
RW

Robert W. Wilkins

November 2, 2022 04:00 PM

An oft-repeated mantra in business and technology is that it’s not a question of if a data breach will happen, but when. The average cost of a corporate data breach in the United States is nearly $9.5 million, according to an IBM report published in 2022. Without adequate cybersecurity insurance, companies (and law firms) might find themselves facing a double threat: being the victim of a breach and then having to contend with the denial of their cyber insurance claim. This article addresses the risks of failing to implement and follow all of the policies and procedures required by the cyber insurance policy.

Given the exponential growth in breaches and their high costs, insurance providers are raising premiums and increasingly investigating whether the practices, as represented by the insured when it applied for coverage at the outset, were implemented and regularly tested and updated as needed. Failure to do so has resulted, and will continue to result, in denial of coverage.

The Expanding Litigation Threat

The biggest risk of this kind that businesses face is not from individual plaintiffs asserting damages from a data breach—it’s a class action brought on behalf of all those similarly situated. In the past, Article III standing cases have generally held that plaintiffs could not establish the requisite “injury in fact” based on the mere risk of future harm because their personally identifiable information or protected health information was exposed.

For years, class-action data breach cases have foundered on that basis. However, a growing body of case law provides guidance on what constitutes “concrete harm,” and the number of class-action cases finding a concrete injury is on the rise. For a good summary of the law on this critical issue, see TransUnion LLC v. Ramirez (2021) and Hunstein v. Preferred Collection and Management Services, Inc. (2022).

Loss of Insurance Coverage

Recent reports have shown that an insured party’s perception of its security versus reality often differ greatly. One of the biggest reasons for coverage denial concerns misrepresentations in the company’s application and/or the failure to maintain security practices amid the ever-changing threat environment. Most cyber insurance policies provide broad coverage for cyber extortion, data restoration, public relations, computer fraud, business interruption, regulatory compliance and related elements. However, the coverage under a policy depends on the representations the insured made in its application, and its subsequent compliance with them.

A typical application for cybersecurity insurance will contain a privacy and security liability questionnaire, as well as a portion about information security. Key items insurance providers require for such policies, according to an August 2022 FitchRatings report, include the use of multifactor authentication, employee training on phishing and other types of cyberattacks, strength-of-password requirements, regulatory reporting obligations, an assessment of the quality of one’s incident-response plan and penetration testing. In addition, all 50 states have data-breach notification laws, and law firms or clients must comply with the requirements of each state in which they do business.

Companies must regularly monitor, update and test all cybersecurity requirements mandated in their policy.”

The hole in the cyber insurance net stems from the insured’s potential misrepresentations in its application and its failure to adjust to the changes in the methods by which bad actors gain illegal access to data. Recently, one insured business that suffered an enormous data breach was denied coverage and had its policy rescinded. See Travelers Property Casualty Company v. International Control Services, Inc. (2022).

Travelers’ success was based on the fact that International Control Services, in its policy application, stated (and signed a separate attestation) that it required multifactor authentication to gain administrative access to its data. Upon investigation, Travelers determined that ICS misrepresented the scope of its authentication process, resulting in the breach.

A business’s failure to follow the policies and procedures claimed in its application is dire. In fact, most insurance policies have a specific exclusion that precludes coverage for claims arising from the policyholder’s failure to maintain adequate security standards. Companies must regularly monitor, update and test all cybersecurity requirements mandated in their policy. The same is true for policies regarding cyber extortion and ransomware attacks.

It’s not just insurance companies that require businesses to have solid procedures and policies to prevent and contain data breaches. Banks, corporate clients and a multitude of others require similar assurances from law firms they deal with that the firms have, comply with and regularly test, update and monitor a written information-security policy and incident-response plan.

Takeaways

The increase in data breaches, the costs resulting from them (which can include potential criminal and regulatory liability), the representations required by clients and insurance companies and the need to meet constantly changing threats in this data-driven age demand that law firms and their clients implement and closely monitor cybersecurity policies and practices. To that end:

  • Read your cybersecurity insurance policy application and representations to confirm each representation is accurate.
  • Update your policies and practices to stay on top of changes and innovations in data security.
  • Train and test your employees in data security practices and potential breaches, especially phishing schemes.
  • Keep an open line of communication with your insurance provider and follow its recommendations regarding cybersecurity.
  • Consider having an outside vendor run penetration tests of your data security systems.

The bottom line: Breaches may be inevitable, but diligence and preparation can mitigate both their financial and reputational impact.

Robert W. Wilkins, a Jones Foster shareholder, and the Litigation & Dispute Resolution Practice Group Chair, is double Board Certified by The Florida Bar in the areas of Business Litigation and Civil Trial. He is Co-Chair of the E-Discovery Subcommittee and the Data Security Subcommittee of the ABA Litigation Sections’ Commercial and Business Litigation Committee. He is also an active member of The Sedona Conference Working Group 1, Electronic Document Retention and Production and Working Group 11, Data Security and Privacy Liability.

Headline Image: istock/TU IS

Related Articles

How Client Testimonials Fuel Client Acquisition for Law Firms


by Nancy Lippincott

Learn how client testimonials boost client acquisition for law firms. Enhance credibility, engage clients and stand out in a competitive legal market.

Woman holding blurb of online reviews

Mail-in Ballot Mayhem: Pennsylvania’s Current Electoral Mix Up


by Gregory Sirico

An appeals court recently stated that Pennsylvania has a glaring discrepancy with its mail-in ballot, which, if left untreated, could result in invalid votes.

U.S. ballot box with voting signage

Key Developments and Trends in U.S. Commercial Litigation


by Justin Smulison

Whether it's multibillion-dollar water cleanliness verdicts or college athletes vying for the right to compensation, the state of litigation remains strong.

Basketball sits in front of stacks of money

Texas’ New Immigration Enforcement Bill Hits Federal Appeals Court


by Gregory Sirico

Enacted in 2023, SB-4 is reshaping immigration in Texas, establishing new legal provisions that could only look to increase tension between the U.S. and Mexico

Border patrol officer oversees scene

Recruiting, Raising and Retaining the Next Generation


by LaVon M. Johns and Patricia Brown Holmes

With savvy recruiting, great culture and a focus on work/life integration, learn how any law firm can still get the most out of its greenest personnel.

Animated figures putting massive puzzle together

Generation Gaps


by Victoria Brenner

A major case upended aspects of grandparents’ disputed visitation rights regarding their grandchildren. 20 years on, where do laws around the country stand?

Child with hands over older man's eyes

Beyond the Billables


by Michele M. Jochner

In a recently conducted, comprehensive study, data reveals a plethora of hidden realities that parents working full-time in the legal industry face every day.

Women in business attire pushing stroller takes a phone call

Preventing Malpractice Issues in Pediatric Practice. A Lawyer's Perspective


by Sean M. Cleary

Despite medical breakthroughs and patient care, hospitals often act as a source of medical malpractice claims, leaving patients in dire need of legal counsel.

Sketch of doctor providing medical care to child

The Push and Pitfalls of New York’s Attempt to Expand Wrongful Death Recovery


by Elizabeth M. Midgley and V. Christopher Potenza

The New York State Legislature recently went about updating certain wrongful death provisions and how they can be carried out in the future. Here's the latest.

Red tape blocking off a section of street

Combating Nuclear Verdicts: Empirically Supported Strategies to Deflate the Effects of Anchoring Bias


by Sloan L. Abernathy

Sometimes a verdict can be the difference between amicability and nuclear level developments. But what is anchoring bias and how can strategy combat this?

Lawyer speaking in courtroom with crowd and judge in the foreground

How Maine’s Yellow Flag Law Stacks up Against Other New England Gun Restrictions


by Gregory Sirico

New England states currently boast some of the lowest firearm mortality rates in the nation and world, but the state laws of the region vary quite drastically.

Silhouetted hand covering the barrel of a gun

The Critical Role of Content in Law Firm SEO Strategy


by Nancy Lippincott

From building trust to staying competitive with thought leadership, explore how SEO content creation establishes authority in a largely digital landscape.

Animated internet servers, charts and laptop connected to SEO label

Why Backlinks Matter for Law Firm SEO


by Nancy Lippincott

The key ingredient to a law firm's online search visibility could lie within backlinks, a driving factor in the industry's efforts to build an SEO-based future.

Collection of search bars, menus and posts in front of gray background

Maximizing SEO: The Power of Online Directories for Law Firms


by Nancy Lippincott

By harnessing the power of online directories, law firms can boost SEO, strategically enhancing visibility and overall digital presence in the legal industry.

Unseen figure in suit pointing to world map

Announcing The Best Lawyers in Japan™ 2025


by Best Lawyers

For a milestone 15th edition, Best Lawyers is proud to announce The Best Lawyers in Japan.

Japan flag over outline of country

The Best Lawyers in Singapore™ 2025 Edition


by Best Lawyers

For 2025, Best Lawyers presents the most esteemed awards for lawyers and law firms in Singapore.

Singapore flag over outline of country

Trending Articles

Presenting The Best Lawyers in Australia™ 2025


by Best Lawyers

Best Lawyers is proud to present The Best Lawyers in Australia for 2025, marking the 17th consecutive year of Best Lawyers awards in Australia.

Australia flag over outline of country

Legal Distinction on Display: 15th Edition of The Best Lawyers in France™


by Best Lawyers

The industry’s best lawyers and firms working in France are revealed in the newly released, comprehensive the 15th Edition of The Best Lawyers in France™.

French flag in front of country's outline

How To Find A Pro Bono Lawyer


by Best Lawyers

Best Lawyers dives into the vital role pro bono lawyers play in ensuring access to justice for all and the transformative impact they have on communities.

Hands joined around a table with phone, paper, pen and glasses

How Palworld Is Testing the Limits of Nintendo’s Legal Power


by Gregory Sirico

Many are calling the new game Palworld “Pokémon GO with guns,” noting the games striking similarities. Experts speculate how Nintendo could take legal action.

Animated figures with guns stand on top of creatures

Announcing The Best Lawyers in New Zealand™ 2025 Awards


by Best Lawyers

Best Lawyers is announcing the 16th edition of The Best Lawyers in New Zealand for 2025, including individual Best Lawyers and "Lawyer of the Year" awards.

New Zealand flag over image of country outline

Announcing the 13th Edition of Best Lawyers Rankings in the United Kingdom


by Best Lawyers

Best Lawyers is proud to announce the newest edition of legal rankings in the United Kingdom, marking the 13th consecutive edition of awards in the country.

British flag in front of country's outline

Announcing The Best Lawyers in Japan™ 2025


by Best Lawyers

For a milestone 15th edition, Best Lawyers is proud to announce The Best Lawyers in Japan.

Japan flag over outline of country

The Best Lawyers in Singapore™ 2025 Edition


by Best Lawyers

For 2025, Best Lawyers presents the most esteemed awards for lawyers and law firms in Singapore.

Singapore flag over outline of country

Announcing the 16th Edition of the Best Lawyers in Germany Rankings


by Best Lawyers

Best Lawyers announces the 16th edition of The Best Lawyers in Germany™, featuring a unique set of rankings that highlights Germany's top legal talent.

German flag in front of country's outline

How Much Is a Lawyer Consultation Fee?


by Best Lawyers

Best Lawyers breaks down the key differences between consultation and retainer fees when hiring an attorney, a crucial first step in the legal process.

Client consulting with lawyer wearing a suit

Celebrating Excellence in Law: 11th Edition of Best Lawyers in Italy™


by Best Lawyers

Best Lawyers announces the 11th edition of The Best Lawyers in Italy™, which features an elite list of awards showcasing Italy's current legal talent.

Italian flag in front of country's outline

Presenting the 2024 Best Lawyers Employment and Workers’ Compensation Legal Guide


by Best Lawyers

The 2024 Best Lawyers Employment and Workers' Compensation Legal Guide provides exclusive access to all Best Lawyers awards in related practice areas. Read below and explore the legal guide.

Illustration of several men and women in shades of orange and teal

Things to Do Before a Car Accident Happens to You


by Ellie Shaffer

In a car accident, certain things are beyond the point of no return, while some are well within an individual's control. Here's how to stay legally prepared.

Car dashcam recording street ahead

Combating Nuclear Verdicts: Empirically Supported Strategies to Deflate the Effects of Anchoring Bias


by Sloan L. Abernathy

Sometimes a verdict can be the difference between amicability and nuclear level developments. But what is anchoring bias and how can strategy combat this?

Lawyer speaking in courtroom with crowd and judge in the foreground

The Push and Pitfalls of New York’s Attempt to Expand Wrongful Death Recovery


by Elizabeth M. Midgley and V. Christopher Potenza

The New York State Legislature recently went about updating certain wrongful death provisions and how they can be carried out in the future. Here's the latest.

Red tape blocking off a section of street

Attacked From All Sides: What Is Happening in the World of Restrictive Covenants?


by Christine Bestor Townsend

One employment lawyer explains how companies can navigate challenges of federal and state governmental scrutiny on restrictive covenant agreements.

Illustration of two men pulling on string with blue door between them