How not to void your cyberinsurance policy

• Published in: Risk management Vol. 62; no. 2; pp. 12 - 13
• Main Author: Wall, Travis
• Format: Magazine Article
• Language: English
• Published: New York Sabinet Online 01.03.2015; Risk and Insurance Management Society, Inc
• Subjects: Compliance; Cybercrime; Data encryption; Data integrity; Data security; Federal court decisions; Insurance coverage; Insurance industry; Insurance policies; Insurance premiums; Jurisdiction; Language; Methods; Misrepresentation; Negligence; Policyholders; Provisions; Rescission; Risk management; Safety and security measures; State court decisions; Underwriting; Warranties; United States; United States > US
• ISSN: 0035-5593

Insurers have a number of tools to manage and limit risk. For example, cyberinsurance policies might exclude particular losses, such as those involving unencrypted data. Insurers could require the policyholder to implement particular safeguards during the policy period to lessen the risk of data breach or loss, and a failure to comply might void the coverage. If a policy contains a promise to implement a particular safeguard during the policy period, the policyholder should strictly comply with the requirement, as substantial compliance might not be enough. Policyholders need to take special care when answering questions about data security measures. Policyholders should also strictly comply with any promissory warranties. An insured could have defenses to rescission or a claim denial, such as ambiguities in policy language or waiver or estoppel arguments. The requirements for rescinding insurance are not especially difficult to meet, however, and a breach could result in a total loss of coverage.