The problem with current cyber-liability insurance policies
The repercussion from the massive breach are still reverberating through Sony and, as the company managers move to minimize the losses, an unexpected development could throw a wrench in their plans.
Zurich American Insurance Company, one of Sony’s insurers, has recently petitioned the Supreme Court of New York to exonerate it from compensating Sony for the losses that it might incur if it looses one or all of the many lawsuits being filed against it due to the recent breaches.
According to Computerworld, this situation has brought to the fore the fact that insurance in case of cyber attacks and data breaches has become a separate coverage not included in the General Liability policy.
Also, the companies need to examine carefully what a cyber-liability insurance policy includes, since it often covers the cost of recreating lost data but rarely the costs that stem from the breach, such as legal expenses and data notification costs.
According to Alan Paller, director of research at the SANS Institute, there are currently very few insurance companies whose cyber-liability insurance policy includes those costs.
And with those who do, the high premiums and limited payouts – not to mention the fact that the onus to prove that they have made an adequate effort to keep intruders out rests with the company – make many businesses decide against it.