SAN DIEGO – Risk management concerns should be part of cyber incident response plans to ensure companies make the best use of their insurance coverage and reduce unnecessary disclosure of potentially damaging information, experts say.
By overlaying insurance information on response plans, companies can quickly access approved vendors and ensure that communications during the crucial period after a breach are covered by legal privilege, they said.
Companies should have cyber incident response plans in place long before they are hit by a cyberattack, said Andrea DeField, a partner at Hunton Andrews Kurth LLP in Miami. She spoke Tuesday during a session at Riskworld, the Risk & Insurance Management Society Inc.’s annual conference.
The first step risk managers should take after a cyber incident is discovered and their organizations are mobilizing their response is to review their insurance policies. To ensure they have access to the policies, they should have hard copies or have them located on another system, such as with a broker, she said.
In addition to cyber liability policies, organizations may be able to seek coverage under other policies,…
