For comprehensive coverage, an organization will need to add cyber liability coverage to both its GL and E&O policies.
4. Security measures based only on cyber crime. Tech companies and security consultants often focus on increasing network security to reduce risk. While network security is important, training employees about data security costs less, may be just as important and is often overlooked.
Cyber crime attracts most of the attention, but an even greater number of data breaches are caused unintentionally by employees and contractors.
5. Vague claim reporting policies. For a professional liability claim to be covered, it typically must be reported within either 60 or 90 days, depending on how the policy is written.
However, some insurers start the reporting period before a lawsuit is even filed. A heated discussion or the threat of a lawsuit may be enough to trigger the reporting period, even if management is unaware that it took place.
Vague policies can put a claim at risk, so the company must make certain its insurer has clear reporting procedures. Some policies don't begin the reporting period until the company is notified that a lawsuit has been filed. The policy should also define who must report the claim and what duties that person has when informing the insurer.
An organization may also want to consider adding an extended reporting period to its policy.
Finally, as an integral member of the risk management team, an attorney should review all contracts to ensure they do not run counter to any liability policy. If a company enter into a contract that is at odds with its liability policy, a claim may not be covered and the policy may not be renewed.