Earlier this month, I gave a presentation with Irfan Saif, principal of Deloitte & Touche, on cyber insurance at the Institute for Advance Corporate Counsel (iACC) in Burlingame, CA.  We discussed how companies can analyze their data-related risks and develop strategies to mitigate those risks, including through the purchase of insurance.  Because cyber insurance is still a developing market, insurance policy forms are far from standardized and often can be negotiated.  As a result, it is important to carefully analyze your company’s data security risks and the proposed policy forms when considering the purchase of cyber insurance.  This is particularly critical when the company’s risks are related its data held by third-parties or computer systems that rely on third-party systems, as the scope of coverage for these risks varies widely among the policy forms currently available.

I will be moderating a panel on cyber insurance What You and Your Clients Should Know About Cyber Coverage at noon on May 29 at BASF in San Francisco and presenting on the coverage available under commercial general liability (CGL) policies for data security breaches on July 16.  I’ll circulate more information about each of these events as it becomes available.