Providing Legal Guidance to the Insurance Industry in the Development and Application of Cyber Insurance Products
As cyber and privacy risks evolve and expand, so do the products that insurance companies offer to address these exposures. Identifying existing and developing threats and the expanding legal and regulatory obligations of businesses faced with these risks are ongoing challenges for insurance companies, as they develop insurance products intentionally (or inadvertently) insuring these risks, and as they address the claims submitted under their policies.
Attorneys in Saul Ewing’s Cyber Insurance Practice represent insurers, reinsurers, insurance brokers, managing general agents, third-party administrators and other entities in the insurance industry on matters related to their cyber insurance products, including product development and policy drafting, claims handling, coverage advice and disputes, and regulatory issues.
Our Services Include:
Product Development and Policy Drafting
- Developing stand-alone cyber policies, multi-line and package policies, and cyber endorsements.
- Drafting exclusionary provisions for insurers and reinsurers seeking to limit their exposure to cyber risks under policies and reinsurance agreements not intended to apply to those risks.
- Identifying issues presented by existing policies, such as stacking of limits, “other insurance” issues, and “silent cyber” exposure, and proposing solutions to these issues.
- Designing industry-specific policies that address the cyber risk exposures for particular industries or professional services.
- Advising private equity-sponsored startups that are developing products to address risks presented by the Internet of Things.
- Updating policies to address, by affirmative coverage or explicit exclusion, increasing cybersecurity and data privacy regulatory requirements.
- Advising insurers and startups entering the cyber insurance market on structuring a cyber insurance program, including drafting policy forms, identifying service providers and creating claims handling protocols.
- For insurers faced with a complex and large exposure claim under cyber policies and endorsements and other lines of insurance impacted by cyber risks, advising on potential claims handling issues, analyzing alleged damages, communicating with insurance brokers and insureds as appropriate, and assisting in managing the claim and its exposures.
- For insurers and third-party administrators in the U.S. and U.K. with an extensive cyber book of business who need assistance in cyber claims management, providing legal support and advice. For reinsurers, helping identify and address cyber risk exposures.
Coverage Advice and Disputes
- Advising insurers and their third-party administrators on identifying and addressing coverage issues that arise from cyber incidents under cyber and other lines of insurance, including general liability, property, home owners, crime and fidelity, D&O, professional liability, and errors and omissions insurance.
- Analyzing allocation and “other insurance” issues that arise when more than one policy is potentially implicated by a cyber incident.
- Identifying exposures presented by cyber claims submitted under policies designed to apply to cyber incidents and those not designed to apply.
- Representing insurers in coverage disputes, litigation, and alternative dispute resolution proceedings that arise from claims involving data breaches and other cyber incidents.
- Advising existing and new entrants into the cyber insurance market on the insurance regulatory framework applicable to the use of new products.
- Providing ongoing information on data regulations and compliance obligations in the jurisdictions in which the insurers or their customers do business.
- Analyzing the regulatory compliance of insurers.
Our attorneys’ knowledge and experience in both the insurance industry and in cybersecurity/data privacy allow us to guide insurance companies through their cyber insurance product development and application.
We have an in-depth understanding of the cybersecurity and privacy legal and regulatory obligations of the entities that insurance companies insure, as well as of the types of claims likely to arise. Many of our attorneys have extensive experience in addressing cyber risk and data privacy compliance issues and in advising on breach response, and work closely with our Cybersecurity Incident Response Team. This allows our cyber insurance attorneys to quickly and knowledgeably assess the issues and exposures presented by cyber risks and claims, and to advise our insurance clients on compliance issues faced by both them and their insureds.
The legal and regulatory obligations and exposures presented by cyber and data privacy risks are constantly evolving and it is critical to stay on top of these changing obligations and potential liabilities. We have a team of attorneys who are familiar with the potential exposures presented by the EU’s General Data Protection Regulation (GDPR), U.S. state and federal privacy and cybersecurity laws and regulations, the Payment Card Industry Data Security Standards (PCI-DSS) and the associated contractual indemnity requirements and assessments, and the industry-specific compliance obligations governing companies in various industries, including health care, financial services, education and government contractors.
Our Cyber Insurance team regularly provides educational and risk management programs on cyber risk identification and mitigation for insurers and their insureds, often accredited for CLE and CE, including in-house seminars designed for the specific issues faced by the company requesting the program.