The Expert Podcast

…One of the areas where cyber protection cyber insurance has started to see some conflict is in the area of state level. Cyber breach laws and what's happening is the regulations for companies…to abide by. Disclosure or protections of consumer information is creeping from…the federal government level down to the states. And many states now have data privacy laws, which require any company that stores. records or retains certain customer data it could be as simple as your phone number your address. Have to have certain best practices in place certain protections in place. And…if there is a breach or a loss. There is a provision. For statutory damages and payments that have to be made to the parties. And this can get very expensive. So if there's a breach. And the company has to pay even $10 per customer and they have, you know $50,000 customer 50,000 customers that could be a half a million dollars…and these costs can be very draconian and add up quickly Not only do you have to pay to fix the breach and pay to repair your your network, you could have very serious costs and fines that go along with that breach. And notification requirements.

So what's happening with the cyber liability insurance companies is they're starting to recognize this and factor that in. To their decision-making on underwriting and issuing policies. If you are an insurance company looking to issue a cyber liability insurance policy. You're going to have to account for the fact that you might have one of these breaches for your insured company, that you have to pay out a claim. If it's a covered claim. And one of the executives for a major insurance company cyber tech. or Tokyo Marine. Took note of the changes in data privacy legislation right before the height the courts modified their schedules. We saw a lull in litigation but now we're starting to seeing it influx of class actions. Lawsuits and for since 2020… The CCPA grant data breach victims to rut the right to file individual or class action lawsuits against businesses that allow unauthorized access to their private personal information. And it's because of a failure to implement appropriate. Security practices and what's appropriate That's going to be up to the jury. And when you're a company sitting there and you're being sued because 5,000 people had their. personal information stolen and some of them have identity theft. they couldn't get a loan because they had bad credit. You're going to be on the hook.

So you got to make sure that you are aware of this and whether or not you just put in good safety practices or you have good insurance coverage, make sure that the coverage you get. Is matching what you think you're gonna get a lot of cyber policies may or may not cover all these things. So you want to make sure that you read through the policy terms to make sure you have the right coverage and that you will abide by the requirements of that policy, because some policies will become void If you don't take certain. basic. Prevention practices in your company And here's the scary part This regulation CCPA eliminates the requirement for plaintiffs to show evidence of damages. Instead all they have to show is that their. Personal information… was compromised. That's it They don't even have to have damages They just have to have potential damages. For this reason. California is an attractive form for plaintiff attorneys because it's a California based rule, but it's. It's filtering out to other states. So if you're a company you may find that your. Business practices are creating a liability and exposure that you may not be aware of. So again these victims don't even have to have any actual damages They just have to show my information was released and that's it. And if they do that they win and you lose in a cost a lot of money So check your coverages. Check your policies and your procedures internally to make sure that you're not. Living under the umbrella of a serious exposure that you might not be aware of.