In our digital age, businesses of any size can be victimized by security incidents and cyber breaches, and the technology behind security breaches are continuously evolving in sophistication and precision. As a result, careful attention to data security measures, policies, and practices—as well as the legal requirements for compliance and reporting—has become vital to company-wide operations, and cyber preparedness is a necessary component of every company’s overall risk management strategy.
Following a cybersecurity breach, companies may face litigation—whether a civil action for damages or a regulatory enforcement proceeding by a government agency. Cases are filed on a regular basis seeking damages as a result of the disclosure of confidential and other information, but the decisions to date are a mixed bag of results, with courts reaching different conclusions based on similar circumstances. Regardless of this perceived lack of clarity as to available legal rights and appropriate remedies, new filings have not slowed and are likely to continue unabated into the future as security breaches continue to expand in size, scope, and impact.
Apart from comprehensive pre-breach planning and programming, many companies look to insurance as an integral component of a cyber risk management strategy. However, recent coverage litigation and other developments provide a stark reminder that the availability of insurance coverage for losses resulting from cybersecurity incidents and breaches is not certain, even under policies specifically tailored to address “business-specific” cybersecurity risks.