Akin Gump litigation partner and cybersecurity practice co-head Michelle Reed was interviewed by Metropolitan Corporate Counsel for its September issue. The article, “Buying Cyberinsurnace Helps Uncover System Weaknesses,” covers cyber threats facing companies, data protection and cyberinsurance risk assessment, among other topics.
Among Reed’s observations:
- On cyber risks facing corporations: “The biggest risk in my view is the head-in-the-sand mentality of too many companies, wherein companies acknowledge the issue, hand it off to the IT department, and then check it off the list.”
- On the shifting threat landscape: “While advances in vulnerability assessment and security governance have greatly mitigated risks, no company is immune to zero-day attacks, which exploit holes in software unknown to vendor and user. The company is literally blindsided.”
- On planning an adequate defense: “[E]veryone should look at certain controls, such as password protection, access limitations, proprietary encryption and effective policies on data retention and disposal. You also want to perform risk assessments on all software products and conduct top-notch employee training that includes exercises to ensure full awareness of necessary protocols.”
- On shopping for cyberinsurance: “[D]etermine whether you need first- or third-party insurance. Ask yourself, ‘What am I worried about? Someone suing me because of a data breach? Or the cost of notification and mitigation in the event of a security breach?’… First-person insurance covers direct loss and out-of-pocket expenses incurred by the insured. Third-person covers liability incurred from harm actually caused by the insured. So if you’re the target of a consumer class action for failing to properly secure your systems, you would need third-party coverage. You also want to look at the liability limits, a tricky area because the market is changing….Retailers will need a greater amount of coverage and will pay higher premiums because of the types of data they hold. If payment card data is breached, the notification cost will be significant.”
To read the full interview, please click here.