Do you know what is covered, and what the exclusions are?
One case I heard of, was a claim for coverage ($ to recover and rebuild) was denied, because the company was a service company, and the information stolen belonged to their customers. No data actually owned by the insured was impacted, and the coverage was for data owned by the insured. No coverage there!
Lesson? Read your coverage and exclusions. Carefully.
===============from the article: ============
Cybersecurity executives wonder this out loud all the time: “Will our cyber insurance, or business insurance, cover us if there is some sort of cyber incident? Or will the insurance company declare some reason that we are not covered?”
Denali Advanced Integration after its insurer sued to avoid liability in a hacking related lawsuit.A judge in Seattle may be the one to answer the question of what is covered (or not) for IT vendor
See if you can follow this bouncing ball of liability: Denali was sued by clothing powerhouse Columbia Sportswear in March 2017 over alleged hacks by Denali’s then CTO Michael Leeper. Leeper had come to the IT vendor from Columbia Sportswear and allegedly hacked into Columbia’s systems nearly 700 times after taking a new job with Denali.
That lawsuit is still pending.
Then, on August 8, 2017, Hartford Fire Insurance Company sued Denali in federal court, claiming it is not liable to cover any potential damages from the Columbia lawsuit.
Law360 reviewed and cited the insurance company’s reasoning: