February 24, 2020

February 24, 2020

Subscribe to Latest Legal News and Analysis

Health Insurance for Data Breaches

In a previous post we reviewed insurance coverage that is now available to protect companies against potential third-party claims resulting from their failure to protect the private or confidential data of consumers and other businesses.

An important compliment to “third-party” cybersecurity liability insurance is “first-party” cyber-risk insurance. “First-party” insurance coverage protects the insured against losses or damage that the insured itself sustains. Well-known “first-party” coverage includes health insurance and fire, flood, and other coverages afforded under traditional homeowner insurance policies.

In the cyber-risk field, “first-party” coverage protects companies against losses of their own data, damage to information systems caused by a cyber attack, and income lost while systems are off-line following a breach or other catastrophic failure.

More specifically, “first-party” insurance coverage is available to compensate companies for the following types of losses:

  • Costs resulting from denial of service attacks or inability to access websites or systems

  • Costs resulting from the unauthorized access to, use of, or tampering with data

  • Costs of forensic investigation to determine the cause and extent of data loss

  • Costs resulting from the loss of company data or digital assets

  • Costs resulting from the introduction of malicious code or viruses into company systems

  • Costs resulting from “cyber-extortion” or terrorism threats

  • Costs of data or system restoration

  • Business interruption expenses

As in the “third-party” field, “first-party” cyber-risk insurance (covering losses that may be excluded or otherwise not covered by traditional policies) is a recent addition to the insurance marketplace. Actuarial data is limited, coverage terms and conditions have not been tested rigorously in the courts, and loss cycles remain in progress. Limited data presents a challenge to any company seeking to purchase cyber risk insurance for damages and losses incurred from data breach incidents.

However, the uncertainty inherent in the sale of a new product presents an opportunity to companies seeking to negotiate favorable terms and conditions, to tailor coverage that relates to their specific business circumstances, and to negotiate reduced premiums as competition in the business continues to expand. Experienced counsel can assist companies not only in understanding the business and legal risks they face from cyber breaches, but also in assessing the utility of coverage terms, conditions, limitations, and exclusions proposed by potential insurers.

Copyright © 2020 by Morgan, Lewis & Bockius LLP. All Rights Reserved.


About this Author

Jeffrey S. Raskin, Morgan Lewis,litigation lawyer

Jeffrey S. Raskin advises clients in litigation, mediation, and arbitration around insurance coverage matters, and intellectual property, commercial, real estate, and environmental disputes. Head of Morgan Lewis’s Insurance Recovery Practice in the San Francisco office, Jeffrey counsels clients seeking recovery for catastrophic losses in securities, environmental, asbestos, silica, toxic tort, product liability, intellectual property, and employment practices cases. Jeffrey has handled first-party claims for loss covered by policies for physical damage and business...

Peter Watt-Morse, Morgan Lewis, Intellectual property lawyer

Peter M. Watt-Morse, one of the founding partners of the firm’s Pittsburgh office, has worked on all forms of commercial and technology transactions for more than 30 years. Peter works on business and intellectual property (IP) matters for a broad range of clients, including software, hardware, networking, and other technology clients, pharmaceutical companies, healthcare providers and payors, and other clients in the life science industry. He also represents banks, investment advisers, and other financial services institutions.

Glen Rectenwald, Morgan Lewis, Technology Attorney

Glen W. Rectenwald focuses his practice on technology, outsourcing, and commercial transactions. He regularly assists a broad range of clients with development, licensing, and distribution agreements; strategic alliances and joint ventures; manufacturing and supply agreements; complex outsourcing and strategic commercial transactions; and general commercial matters. Glen’s experience also includes mergers and acquisitions, private equity, venture capital, and general corporate matters.