Cyber Insurance

Hunton Andrews Kurth’s Insurance Coverage Counseling and Litigation practice group provides 360-degree support to policyholders in all industry sectors facing cyber, privacy and physical security challenges. From coverage selection to dispute resolution, our seasoned lawyers develop comprehensive solutions that are mindful of each client’s specific business and legal goals, while taking into account the rapidly-evolving cyber insurance landscape.

Coverage-Need Assessment and Counseling

Whether you are new to cyber insurance or have a policy in place, your cyber coverage must fit your business and the technology it uses today. In addition, effective technology, breach response plans, employee training and business protection plans must be up to date and front of mind. We help clients address these needs by analyzing existing insurance programs, evaluating threat areas and advising on the most appropriate and effective forms of insurance. We also team with client personnel to improve security readiness and incident response preparedness.

Policy Selection

As the cyber insurance market grows, it is critical that your chosen products are tailored to fit the realities of your business. Our lawyers have decades of experience doing just that. We combine this experience with a deep understanding of the most current products available and the threats facing modern industry. Utilizing this knowledge allows us to craft policies most in tune with client business models and everyday risks.

Incident Response

The tenor of claim presentation begins long before the paperwork goes to your insurer, and even before a security breach has occurred. Our team works with clients and their brokers before loss strikes and, if it does, from the moment the security breach is discovered, to make sure clients recover as much as possible as soon as possible. And, unlike brokers, we analyze the incident through the lens of emerging cyber case law, as well as decades of decisions shaping legacy coverages, to identify and manage possible threats to coverage. When appropriate, team members partner with the firm’s internationally ranked Global Privacy and Cybersecurity practice and Cyber and Physical Security Task Force to address the full scope of issues resulting from a cyber, privacy or physical security incident, including regulatory concerns, media exposure or damage mitigation. This approach is unique, and allows us to provide clients with coordinated, thorough support for any issue that arises.

Claim Presentation

Facts, words and timing are all critical considerations when presenting claims to an insurer. Decades of experience working with insurance companies have given us a deep familiarity with these intricacies, and have equipped us to prepare persuasive claims for our clients. We also know how to anticipate and work around carrier stonewalling, coverage defenses and apparent holes in coverage, all of which can become points of dispute during claim presentation.

Dispute Resolution

Recovery negotiation, mediation, litigation and arbitration are cornerstones of our practice. Our team has achieved successful results in insurance coverage matters worldwide — both in and out of the courthouse. We have the capacity and knowledge to handle the most complex of cases, from multidistrict litigation to class actions, from mass torts to international disputes.

Experience

  • Coverage-Need Assessment and Counseling

    • Advised major energy companies on appropriate cyber insurance and data security programs.
    • Audited insurance programs to evaluate current status, threat areas and areas for protection against cyber losses.
    • Analyzed responsiveness of cyber insurance coverage for data breach incurred by major educational institution.
    • Drafted provisions concerning cybersecurity and insurance for agreement between global investment and advisory firm subsidiary and compliance software service provider.

    Policy Selection

    • Developed internet insurance forms for a multinational property and casualty insurance company, including policy review and development of cyber loss strategy.
    • Evaluated proposed insurance coverage for loss from point-of-sale attacks on international retailer.
    • Analyzed sufficiency of proposed cyber insurance coverage for various clients, including major credit card processing company and major bank.
    • Analyzed availability of cyber insurance coverage for losses associated with breach of client’s sale systems.

    Incident Response

    • Advised clients regarding coverage for losses arising out of fraudulent wire transfers.
    • Analyzed cyber insurance coverage after data breach of government contractor involved in national intelligence issues.
    • Analyzed cyber insurer position in response to significant data loss incurred by major retail operation.
    • Analyzed opportunities for contractual indemnification and insurance coverage following breach of customer data at major fast food restaurant chain.
    • Advised government contractor on coverage under cyber-risk and liability policies for claims arising out of mass shooting on US government property.

    Claim Presentation

    • Assisted client recovery of cyber losses under crime and other traditional first-party policies.
    • Negotiated cyber insurance coverage claim with insurer for data breach affecting customer information for major retailer.
    • Prepared claims under multiple policies for government contractor following cyber breach affecting personal data.
    • Prepared claim for losses associated with malware on sale system.
    • Prepared claim for losses associated with unauthorized access to credit card data.

    Dispute Resolution

    • Represented policyholder in coverage dispute regarding losses arising from Web applications.
    • Litigated coverage under cyber insurance policy for alleged fraudulent payment for medical services.
    • Assisted in settlement negotiations about coverage for hardware-related losses resulting from breach.
    • Represented policyholder in coverage dispute regarding coverage under commercial umbrella policy for cyber losses following hacking event.

Insights