Doing Business in Florida Blog

Hurricane Preparedness Should Include a Plan to Protect Critical Data from a Security Breach

June 21, 2018

By: Gina Clausen Lozier

As hurricane season resumes for 2018, businesses should prepare for disruptions to networks, critical databases, as well as electrical power sources, telecommunications systems, and other utilities which can compromise or destroy critical infrastructure and trigger significant losses.

Businesses should also take stock of their insurance coverages and make an insurance plan before a hurricane is on the horizon. Planning in advance to avoid risk and maximize insurance protection for data security and privacy claims and investigations should be part of those preparations. Should a hurricane hit, in addition to property damage, a business may be required to cease business operations or incur additional expenses to access their and their customer’s data. As such, insurance coverage for business income and extra expenses should be reviewed in tandem with a cyber insurance policy to determine which policies afford coverage, where coverages may overlap, and how the insured can maximize the offsetting of its risk onto its insurance carriers.

If critical data is lost during a hurricane, or other event, the first step in response to most data breach incidents is to retain counsel and forensic professionals to determine the scope of the breach and identify the legal landscape. Cyber insurance policies often have riders that instruct the insured to call specific providers or a panel of providers who are pre-approved by the insurance company to assist the insured. Some policies permit the insured to hire counsel and providers of the insured’s choosing but may be paired with a reduction in coverage limits. The size and scope of the data breach may instruct as to whether the insured should opt for the professionals designated by the insurance company or choose to work with the insured’s preferred counsel. Other considerations include the geographic location of counsel and forensic professionals, whether the data breach is a symptom of additional issues in the company, and whether the data breach event is an isolated incident. In the event a data security breach is caused at least, in part, by a weather event, hiring counsel nearby may be a wise decision.

Further, if the insurance carrier directs the insured to work with counsel located in another state, the insured may have cause for concern regarding the ability of the insurance-appointed counsel to visit the loss site, hire experts to help the insured adjust its claim, or even have the ability to provide legal advice in the insured’s state. In short, during moments of crisis or following a major weather incident, boots on the ground may be more valuable to stabilizing the company’s ability to operate than most anything else. Just like every company is unique, so are hurricanes and data security breaches and their effects on a company’s ability to operate and comply with legal obligations.

Hurricanes can also lead to the loss of critical data, private client-information, and severely impact an organizations ability to operate day-to-day. Business interruption coverage may provide some insulation from losses suffered by down-time, operational damages, lost business opportunities, and other measurable financial losses. When businesses sell products or services online, network interruptions may lead to immediate lost sales as well as ongoing mistrust and lost consumers due to the actual or perceived insecurity of the insured’s web-based platform.

While integrated business operations like large retail chains, hospitals, banks, and brokerage houses may come to mind, many small and medium sized businesses rely on network security and sensitive data to operate day-to-day. Protecting digital assets, consumer and employee personally identifiable information, payment data, and trade secrets is important to most businesses, large and small. Each company is unique, has different risks and traditional formulas relied upon by insurance underwriters may not suffice. Companies with operations and data stored in hurricane zones must also analyze whether data is protected and insured for the additional risk of data breaches should a hurricane compromise critical systems.

Should you have any questions or concerns about your insurance coverage, please do not hesitate contact Gina Clausen Lozier in our Chambers ranked Insurance Litigation Department.