Advice from Robinson+Cole, a specialist law firm…:
[…] To help with your conversation with your broker, here are some basic questions (this is not an exhaustive list) to discuss with your broker as you evaluate your cyber-liability insurance needs:
- Confirm first-party coverage for a security incident/data breach for forensic analysis, legal, costs associated with data breach notification to individuals and regulators, and coverage for fines/penalties and costs associated with an enforcement action;
- Confirm first-party coverage for ransomware, malware, wire fraud, phishing incident, social engineering, man in the middle scheme, including business interruption coverage;
- Confirm third-party coverage for security incident/data breach, class action litigation, enforcement actions and individual litigation;
- Discuss in detail the exclusions in the policy so you understand them and the incidents that the exclusions may be applicable to, including Telephone Consumer Protection Act exclusion, and determine whether to purchase the coverage that is excluded;
- Discuss your particular industry and coverage that may be specifically applicable to you, including coverage for PCI fines and penalties, HIPAA privacy and security violations, GDPR or CCPA actions; and
- Specifically discuss crime coverage, a social engineering endorsement, errors and omissions, business interruption, and other coverage you may need to supplement other policies that you have in place.