A number of recent lawsuits against corporate chief information officers have resulted in increased legal fees for data breaches, and insurance agents want clients to know that not all such costs will fall under a cyber policy.
Matthew Karlyn, a partner at Foley & Lardner LLP, believes that the likely-pending lawsuit against US Office of Personnel Management CIO Donna Seymour will set an important precedent for future data breach legal disputes. Karlyn believes that “we are absolutely going to see more CIOs taking the fall and ultimately being named in lawsuits.”
Karlyn told Insurance Business America that this trend is due to “an assumed fiduciary duty for CIOs, which may include the conception, installation, monitoring and adaptation of cybersecurity measures.” This could mean a transfer of some of the risk from the cyber product to the policies of directors and officers because cyber liability does not cover litigation as a result of negligence, according to Ian Cavalier, Head of Claims for cybersecurity broker Safeonline LLP.
Cavalier said that in the market he is seeing “D&O coverage taking a hit due to breaches; especially in light of large scale hacks at Target, Sony and Adobe, which have resulted in lawsuits against both company and directors that are still ongoing. But there is plenty of scope for growth, particularly as the cyber market is still in relative infancy with regard to premium.”