Partner Ken Rashbaum was quoted in an article published by DarkReading, a news site that provides information on cybersecurity strategy and latest trends. Ken was quoted in the article, “Despite More CVEs, Cyber Insurers Aren’t Altering Policies” which looked at the growing rate of Common Vulnerabilities and Exposures (CVEs) that threaten cybersecurity and how cyber insurers can penalize companies that don’t address these vulnerabilities in a timely manner.
Ken comments on the importance of companies carefully reading and negotiating their cyber insurance policies so that they understand what’s included and excluded in their coverage:
Attorney Kenneth Rashbaum, a partner at New York firm Barton LLP, emphasizes that policyholders need to read their entire policy to fully understand their obligations, as well as reread their applications to ensure they are implementing the security controls to which they attested. They also need to be aware of what coverage they purchased and what they did not.
“One thing to remember: Insurance, from the legal perspective, is a contract,” he says. “You only get the coverage specified in the contract.”
If there is an exclusion, the company needs to be aware of those limitations, he adds.
Technology is surpassing policy language, Rashbaum says. He warns that the force majeure and war exclusions in policies may not align with today’s potential cyberattacks and should be clarified before signing the policy.
“If you want to have your exclusion fit the current information environment, you’re the drafter of the agreement. You change it,” he says. “You can’t expect the insurance company to change it.”
You can read the full article here.
Kenneth N. Rashbaum