Presentation is loading. Please wait.

Presentation is loading. Please wait.

Insurance Coverage for IT Security Breaches International Technology Law Association San Francisco, CA – May 4, 2006 Steven Brower Stephan Oringher Richman.

Similar presentations


Presentation on theme: "Insurance Coverage for IT Security Breaches International Technology Law Association San Francisco, CA – May 4, 2006 Steven Brower Stephan Oringher Richman."— Presentation transcript:

1 Insurance Coverage for IT Security Breaches International Technology Law Association San Francisco, CA – May 4, 2006 Steven Brower Stephan Oringher Richman Theodora & Miller Orange County, California sbrower@sortm.com

2 Insurance One of the primary goals of most contracts is to allocate the risk (costs) of certain reasonably foreseeable outcomes in such a manner that a party which has honestly and competently performed its obligations, including taking steps to control the risks, has a fair probability of making a profit on the contract. One of the primary goals of most contracts is to allocate the risk (costs) of certain reasonably foreseeable outcomes in such a manner that a party which has honestly and competently performed its obligations, including taking steps to control the risks, has a fair probability of making a profit on the contract. The goals of the parties to insurance policies should be similar to other contracts. However, they are generally intended to spread the risk of less frequent outcomes, which are, in many cases, less subject to the control of the parties, and which occur with a lower frequency. The goals of the parties to insurance policies should be similar to other contracts. However, they are generally intended to spread the risk of less frequent outcomes, which are, in many cases, less subject to the control of the parties, and which occur with a lower frequency.

3 Potential Insurance Benefits Reimbursement for first-party losses Reimbursement for first-party losses Costs of investigation Costs of investigation Costs of replacement/reconstruction Costs of replacement/reconstruction Loss of profits Loss of profits Defense of third-party claims Defense of third-party claims Costs of Defense Costs of Defense Settlements/Judgments Settlements/Judgments Expert support services Expert support services

4 Types of Insurance General Liability General Liability Computer Errors & Omissions Computer Errors & Omissions Specialty E&O Specialty E&O Specialty Computer/Data Security Policy Specialty Computer/Data Security Policy Directors & Officers Liability Directors & Officers Liability “ Special Risk ” Coverage “ Special Risk ” Coverage

5 Circumstances Computer system with 2 sets of accounting records Computer system with 2 sets of accounting records Website without adequate safeguards for personal data Website without adequate safeguards for personal data Demand by third-party for payment in exchange for information about security problem Demand by third-party for payment in exchange for information about security problem

6 General Liability Coverage (CGL) Bodily Injury Bodily Injury Property Damage Property Damage Computer data is not tangible property Computer data is not tangible property Personal Injury Personal Injury Invasion of Privacy Invasion of Privacy Advertising Injury Advertising Injury

7 Computer Errors & Omissions “ Classic ” policies are generally sufficient “ Classic ” policies are generally sufficient Check for exclusions for security breach Check for exclusions for security breach Some provide explicit coverage for viruses and other related issues Some provide explicit coverage for viruses and other related issues Is the failure to include proper security in IT products a breach of the standard of care? Is the failure to include proper security in IT products a breach of the standard of care? Money in a bank Money in a bank Consider other E&O Coverage (Attorney?) Consider other E&O Coverage (Attorney?)

8 Specialty IT Security Policy Consider whether it is redundant and/or whether the exclusions are appropriate Consider whether it is redundant and/or whether the exclusions are appropriate Coverage potential is obvious Coverage potential is obvious

9 Directors & Officers (D&O) Expansions in coverage Expansions in coverage Not limited to D ’ s and O ’ s, at least for securities (securities, not security) Not limited to D ’ s and O ’ s, at least for securities (securities, not security) May cover investigations, including criminal May cover investigations, including criminal May cover any wrongful act as a D/O May cover any wrongful act as a D/O Is there an allegation that it was an undisclosed problem which affected the stock price? Is there an allegation that it was an undisclosed problem which affected the stock price?

10 D&O Continued Discovery into the underlying action may be delayed until after it is concluded Discovery into the underlying action may be delayed until after it is concluded CONSIDER: What will the effect be on the insurance for the company? CONSIDER: What will the effect be on the insurance for the company?

11 “Special Risk” Policies Kidnap & Ransom policies explicitly cover product extortion Kidnap & Ransom policies explicitly cover product extortion They include the services of experts They include the services of experts Your client won ’ t know whether they have this coverage Your client won ’ t know whether they have this coverage


Download ppt "Insurance Coverage for IT Security Breaches International Technology Law Association San Francisco, CA – May 4, 2006 Steven Brower Stephan Oringher Richman."

Similar presentations


Ads by Google