Businesses are trying to push risk to vendors and clients contractually as breaches and other cyber attacks grow in number and magnitude. To understand whether or not this strategy will work for your company, you can begin by considering the following questions:
- Is additional insured status available from your vendor’s or client’s policy?
While the quick answer will typically be “yes,” it will only be for vicarious liability. Vicarious liability refers to a situation in which one person or organization is held responsible for actions or omissions committed by another person or organization. Privacy law is clear when it comes to ownership of personally identifiable records. If your data has been breached, you are responsible and liable for it regardless of who is hosting or holding the data.
- If your business can obtain additional insured status and transfer risk contractually (varies by state) do you also need to purchase a cyber insurance policy?
Even if your company has successfully obtained additional insured status from others, there are several reasons your business should maintain its own cyber coverages:
- Properly structured cyber policies…
