Mitigating Cyber Risks

Let’s face it, the Internet can be a scary place from a risk standpoint. Indeed, it seems that on practically a daily basis we hear about a massive security breach and the theft of sensitive and personal data.

So, what are companies to do to mitigate cyber risks? Of course, they should employ the best in class technologies that are designed to block cyber intrusions and attacks. They also should implement and enforce cyber security company-wide policies.

Still, such technologies and policies never are perfect in terms of creating a silver bullet against all cyber risks. Accordingly, what else can companies do to cover Internet perils?

They can procure cyber-insurance. While insurance has been around for hundreds of years, cyber-insurance relatively is young — about fifteen years old.

When cyber-insurance first came to market in its infancy, it was an immature product. Assessment of Internet risks was just beginning, and cyber-insurance policies varied widely in terms of coverage, exclusions, and price.

Since that beginning, there has been more experience with Internet risk assessment, and cyber-insurance has progressed with some greater uniformity. Nevertheless, companies seeking to procure cyber-insurance carefully should consider the specific types of cyber risks they face and from there they should seek specific or tailored coverage for those risks.

Given that Internet risks are still unfolding and evolving, insurers themselves want to mitigate their exposure when it comes to issuing cyber-insurance. They may insist on certain exclusions, they can set premiums at a high level, and they may make sure to have reinsurance in place.

That being said, cyber-insurance is valuable in backstopping companies’ technological and company policies in seeking to thwart Internet threats.

Hopefully, more companies will move forward on all three fronts.

Eric Sinrod (@EricSinrod on Twitter) is a partner in the San Francisco office of Duane Morris LLP, where he focuses on litigation matters of various types, including information technology and intellectual property disputes. You can read his professional biography here. To receive a weekly email link to Mr. Sinrod’s columns, please email him at ejsinrod@duanemorris.com with Subscribe in the Subject line. This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author’s law firm or its individual partners.