One area where cyber liability insurance and protection has encountered conflict is at the state level concerning cyber breach laws. The regulations companies must comply with regarding the disclosure or security of consumer information are shifting from the federal government to the states. As a result, many states now have data privacy laws that require companies to implement best practices and protections if they store or retain certain customer data, such as phone numbers or addresses. If there is a breach or loss, there are provisions for statutory damages and payments to the affected parties, which can become very costly. For instance, if a company has to pay $10 per customer and has 50,000 customers, it could owe half a million dollars. These costs can add up quickly and be very expensive, including the costs to repair the breach, the network, and any associated fines or notification requirements.
Cyber liability insurance companies are starting to recognize the risks associated with data breaches and are factoring that into their underwriting and policy issuance decisions. If you’re an insurance company that wants to issue a cyber liability insurance policy, you must consider the possibility of a breach occurring for your insured company and having to pay out a claim if it’s a covered claim. A top executive at a major insurance company from Tokyo Marine took notice of the changes in data privacy legislation before the courts modified their schedules. There was a lull in litigation, but since 2020, there has been an influx of class action lawsuits due to the CCPA granting data breach victims the right to file individual or class action lawsuits against organizations that allowed unauthorized access to their private personal information, caused by a failure to implement appropriate security practices. What’s considered appropriate will be determined by the jury. If a company is sued because 5,000 people had their personal information stolen, and some experienced identity theft or could not get loans due to bad credit, the company will be liable.
It’s crucial to be aware of the risks associated with cyber breaches and to have good safety practices or insurance coverage in place. However, not all cyber liability policies cover everything, so it’s essential to read through the policy terms to ensure you have the right coverage and abide by the policy’s requirements. Failure to follow the required prevention practices could make the policy void. The CCPA regulation eliminates the need for plaintiffs to show evidence of damages in lawsuits. All they need to prove is that their personal information was compromised, even without any actual damages. This makes California an attractive forum for plaintiff attorneys, and the regulation is filtering out to other states. As a company, you may create liability and exposure without realizing it. To avoid this, it’s crucial to check your coverage, policies, and internal procedures to ensure that you’re not at risk of severe exposure. Remember that victims don’t need actual damages to win a lawsuit; they just need to show that their information was released. If you lose the case, it can cost a lot of money. So, take the necessary precautions and ensure you’re not under the umbrella of a severe exposure you’re unaware of.