A Case for Reviewing Cyber Coverage at the Onset of M&A Activity
It’s no secret that M&A activity reached an all-time high in 2015 with a total of $4.3 trillion in mergers. While merger activity in 2016 currently lags behind during the first six months, it appears that an interest in cyber-related risk and the transfer of that risk through the purchase of cyber insurance has simultaneously increased with M&A activity. Concerning cyber insurance, most people think of covering the losses resulting from a data breach, but what many do not consider is how a cyber policy can change within the context of a merger or acquisition. A recent PropertyCasualty360 article highlights that specific provisions are typically written in cyber insurance policies that directly impact coverage following an M&A transaction. As a result, it is pivotal that organizations dissect and examine their policy in the early stages of the process to ensure coverage will continue after the transaction.
In fact, typical cyber insurance policies often include specific requirements that the insured must meet to obtain coverage, meaning all subsidiaries acquired must also meet clear cybersecurity protocols outlined in the policy. Not to mention, many cyber policies include conditions, definitions and even exclusions on what may or may not be covered after a merger or acquisition. Some requirements include: written notice before the acquisition, the insurer’s written consent prior to the acquisition and an agreement to pay additional premiums following the merger. As a result, it is critical to review cyber coverage before the deal-making process begins to ensure all policy requirements are in compliance.