Lesser Law Group

Lawsuit draws attention to problems with cyberinsurance

Dark clouds hover over the booming cyberinsurance industry. Cyber policies currently value an estimated $5.2 billion and should reach $7.5 billion by the end of the decade. However, a recent lawsuit shows that these policies might not protect insurance holders as well as they had believed.

After NotPetya -- a malware program allegedly produced by Russia -- struck Mondelez International in 2017, the food giant filed a claim with Zurich American Insurance for $100 million in damages. Zurich had initially agreed to a payment of $10 million but then denied the claim, citing a policy exception for warlike actions. Mondelez filed a lawsuit in response, and although that lawsuit has centered around the definition of cyberwar, it has also drawn attention to several broader concerns with cyber policies.

The spotlight reveals cracks in the shadows

In the wake of the Mondelez lawsuit, journalists and industry insiders have paid more attention to the most common gaps and cracks found around the edges of standard, off-the-shelf policies:

  • Cyberinsurance policies may not protect you from yourself. Off-the-shelf policies often only cover attacks and unauthorized access, not accidents. They may also exclude software or systems that are still in development.
  • Your coverage may not extend beyond your walls. Outsourced systems may not receive full coverage, or they may be excluded. Contractors may also fall outside of coverage - even when your business is legally responsible.
  • Standard policies may introduce unwanted complications. The notification requirements can be overly complex, and insurance companies may limit your ability to appoint your own IT, PR and legal specialists in the wake of an attack.
  • An off-the-shelf policy may not cover the full costs of a cyber event. Protection against data breaches may only cover the money you are legally bound to spend, rather than the larger, practical costs. Likewise, systems interruption coverage may not account for any disruption of business that follows the restoration of network services.

At the very least, if you consider a standard cyber policy, you will want to perform a cyber risk assessment and make sure the policy covers your biggest needs. Otherwise, you might pursue a bespoke cyber policy. Just make sure you work with someone who fully understands the technical aspects of your cyber needs and the structure of your policy.

Understand your needs

Cyberinsurance policies are likely to change in the wake of the Mondelez decision, but it could be months or years before the suit settles. For now, business owners will want to take close stock of their cybersecurity needs and their policies to make sure the two line up.

No Comments

Leave a comment
Comment Information
Email Us For A Response

Tell Us About Your Case

Bold labels are required.

Contact Information
disclaimer.

The use of the Internet or this form for communication with the firm or any individual member of the firm does not establish an attorney-client relationship. Confidential or time-sensitive information should not be sent through this form.

close

Privacy Policy

San Rafael Office
4040 Civic Center Drive
Suite 200
San Rafael, CA 94903

Phone: 415-460-7754
Fax: 415-295-4122
San Rafael Law Office Map

San Francisco Office
315 Montgomery Street
Ninth Floor
San Francisco, CA 94104

Phone: 415-460-7754
Map & Directions

Sacramento Office
333 University Avenue
Suite 200
Sacramento, CA 95825

Map & Directions

Building
San Francisco/San Rafael : 415-460-7754
Sacramento : 916-237-7820
Fax : 415-295-4122