Article
Business insurance policies may not cover cybersecurity
An organization can obtain cybersecurity insurance, also known as cyber liability insurance, to assist in lowering the financial risks related to conducting business online. The insurance contract transfers some of the risks to the insurer.
Overview of who’s covered
Most of the country’s top insurance providers offer consumers cybersecurity insurance choices. Depending on the cost and kind of coverage, the customer might anticipate reimbursement for additional expenses brought on by the theft or physical destruction of information technology (IT) assets. Typical costs connected with such expenditures include the following:
- meeting extortion demands from a ransomware attack;
- notifying customers when a security breach has occurred;
- paying legal fees levied as a result of privacy violations;
- hiring computer forensics experts to recover compromised data;
- restoring identities of customers whose PII was compromised;
- recovering data that has been altered or stolen;
- repairing or replacing damaged or compromised computer systems.
Traditional insurance policies typically exclude cyber-risks, which has led to the growth of cybersecurity insurance as a separate, stand-alone type of coverage.
The Employee Retirement Income Security Act of 1974 (“ERISA”) established the Advisory. Council on Employee Welfare and Pension Benefit Plans, or the ERISA Advisory Council, to advise the Secretary of Labor on carrying out her responsibilities under ERISA.
The 2022 Advisory Council is examining cybersecurity insurers and the current market for cybersecurity insurance.
Conclusion
The Council’s forthcoming report should assist plan fiduciaries by defining best practices to ensure that their plans qualify for reimbursement of losses from cyber-attacks. It’s notable that some insurers have denied payment to covered plans due to their violations of insurance provisions.
