whitepaper

Abaxio Client Saved $300,000 and Eliminated All Downtime

No Fields Found.

Cyber Liability Insurance – Important Policy Provisions

Got Cyber Liability Coverage?  Does your business reside in a state where coverage for punitive damages are prohibited?  If so, make sure your policy contains a well-worded “most favorable jurisdiction” provision…

Coverage of Punitive Damages

Punitive damages are intended to punish a defendant (rather than compensate a plaintiff/claimant for a specific loss) and, in effect, are awarded to “send a message” that the defendant’s conduct in causing the claim was unusually objectionable or egregious. The ultimate intent of punitive damages is to deter such actions by this insured (and others) in the future. A significant minority of states, including California, New York, Pennsylvania, Florida, and Illinois, bar or restrict the extent to which punitive damages may be covered by insurance. Nevertheless, cyber and privacy policies generally include coverage of punitive damages except to the extent to which such coverage is prohibited (as in the aforementioned states).

Most Favorable Jurisdiction Provisions

Within the past decade, liability insurers of all kinds have attempted to sidestep the kinds of state-specific prohibitions against coverage of punitive damages noted above, by means of what are known as “most favorable jurisdiction” provisions. Such wording states that, with respect to the insurability of punitive damages (also sometimes called “multiplied” damages), the law of the jurisdiction most favorable to the insurability of punitive damages will apply, provided the jurisdiction meets one of the following criteria.

  • It is the jurisdiction where the punitive damages were awarded.
  • It is the jurisdiction where the act giving rise to the punitive damages award occurred.
  • It is the jurisdiction where the insured is incorporated or maintains its principal place of business.
  • It is the jurisdiction where the insurer is incorporated or maintains its principal place of business.
An Example

A company is incorporated and does most of its business in California, where coverage of punitive damages is prohibited. However, the company’s cyber and privacy policy form is written with a most favorable jurisdiction provision. Thus, as long as punitive damage coverage is not barred in the state where (1) punitive damages were awarded, or (2) the wrongful act giving rise to the punitive damages award took place, or (3) the cyber/privacy insurer is incorporated, coverage for punitive damages will be available under the policy.

When Most Favorable Jurisdiction Provisions Are Critical

Most favorable jurisdiction wording is especially important if, for example, a claim is brought in a state where coverage of punitive damages is prohibited by law despite the fact that the applicable cyber and privacy policy provides such coverage. Under these circumstances, in the absence of most favorable jurisdiction wording, coverage may not be available, even if the claim were made under a policy that affirmatively covered punitive damages.

Accordingly, most favorable jurisdiction wording is imperative when (a) purchasing a cyber and privacy policy in a state where punitive damages are not insurable and (b) for a corporation that has multistate operations and is therefore unable to predictwhere the claims seeking punitive damages will arise.

Two Limitations of Most Favorable Jurisdiction Provisions

First, it is important to recognize that most favorable jurisdiction wording merely modifies the existing level of coverage for punitive damages already provided by a cyber and privacy policy. It does not provide such coverage if punitive damages are otherwise excluded (although this is unusual under cyber and privacy forms). However, if such a policy is written with punitive damages coverage, an endorsement providing most favorable jurisdiction wording should, of course, be requested, if most favorable jurisdiction wording is not already incorporated within the policy form.

Second, the enforceability of most favorable jurisdiction wording has never been tested in court. As a result, it is recommended that insureds request such wording (if it is not already included within a cyber and privacy insurance policy) but should not be required to pay additional premium for a most favorable jurisdiction endorsement. This is because its legal enforceability has not yet been proven; therefore, an insurer’s liability for payment under such an endorsement remains uncertain.

The Comprehensive Approach to Enhanced Cyber Security

Traditionally, companies have taken a reactive, silo approach to managing their cyber risk, making decisions at a systems level with little or no coordination across functions or business units. This approach often sees businesses scrambling to respond to threats, making reactive purchases of software or systems and improvising strategies to combat each new type of risk as it arises. It can leave them dangerously exposed to unidentified threats, whilst wasting valuable resources on incomplete or overlapping solutions from multiple service providers.

Abaxio is distinct in its approach as a single source provider for all of the components of effective cybersecurity planning. Our field experts work with each client to assess their various vulnerabilities from the top down, identifying and evaluating risks across the entire organization. We formulate a comprehensive disaster recovery plan that specifically addresses the unique set of risks faced by their business, ensuring that every aspect of their response strategy is in the best interests of the enterprise as a whole.

In addition to expert risk evaluation services and strategic advice, Abaxio delivers powerful, effective solutions to support every aspect of a complete disaster recovery plan. While there are dozens of providers offering business continuity, cyber liability insurance, penetration testing, or malware scanning, Abaxio is exceptional in having both the expertise and the product range in-house to deliver a single, comprehensive and cost-effective cybersecurity solution.

Our advisors are extensively trained in all aspects of cyber risk management and disaster recovery planning, and have a thorough knowledge of all our products and services. This gives them a unique, holistic perspective that enables them to recognize where individual system faults may be symptoms of deeper issues requiring a coordinated response at organizational level.

We provide full, specialized support to our customers, from initial consultation right through the implementation and ongoing operation of their risk management solutions. This means that clients of Abaxio receive expert support at all times from a single point of contact who thoroughly understands their business and risk profile – ensuring that all potential risks get addressed quickly and efficiently, and saving them all the time, hassle, cost and risk associated with managing a range of systems and service providers.

The rest of this article explores some of the key components of a complete disaster recovery plan, and explains how Abaxio’s extensive suite of security solutions combine to deliver total protection against those threats.

Business Continuity – Instant Recovery from Data Disaster

In today’s competitive environment many businesses would struggle to survive the financial and reputational impact of being offline for more than a few hours. Any significant downtime or loss of data (be it a software malfunction, a deliberate cyber attack or a natural disaster) requires instant recovery. That’s why having a Recovery Time Objective (the target for getting operations back online after a disaster) is a critical element of the disaster recovery plan for any organization.

With so much at stake businesses need a Recovery Time Objective that is tested and guaranteed – which means having a proven data recovery system that can realistically deliver on their expectations. Abaxio’s Nimbus Instant Recovery Appliances combine the strongest elements of all available backup options, delivering both the agility our clients need in their daily operations and the extra protection they depend on in the case of a major emergency.

With a combination of local and cloud-based storage, image-based backups and a robust, duel-engine backup agent, Nimbus provides a fast, precise and flawless backup process that has minimum impact on network resources.

Network Penetration Testing, Virus Scanning and Malware Protection

Personal data is now protected by a raft of laws and regulations, so the consequences of a privacy breach can be severe and wide-ranging. As well as the financial and legal implications of allowing customers’ personal data to fall into someone else’s hands, the impact on the company’s reputation could be catastrophic.

Intellectual property, proprietary business knowledge and other corporate data are equally valuable, and just as vulnerable to theft or corruption. In addition to the ever-increasing range of viruses that can compromise or permanently disable a network, there have been a growing number of cryptoviral extortion (“ransomware”) attacks in recent months.

Abaxio’s Octoguard Vulnerability Management and Web Application Scanning products are driven by the most comprehensive vulnerability KnowledgeBase in the industry. Octoguard delivers continuous protection against all the latest malware, worms and security threats as they evolve, enabling organizations of all sizes to effectively manage vulnerabilities and maintain control over network security. There’s no software to install or maintain, allowing Abaxio clients to fully safeguard their network systems and web apps without the substantial cost, resource and deployment issues associated with traditional software.

Abaxio cybersecurity professionals employ various means to assess the deeper vulnerabilities present in the targeted network, including scanning and sniffing, metasploit, social engineering, vulnerabilities caused by cross-site scripting, and sql injection. This intensive approach delivers a level of protection that cannot be achieved by automated scanning alone.

Cyber Insurance – A.K.A. Network Security & Privacy Coverage

Like public liability and professional indemnity insurances, cyber insurance is now essential to most businesses operating in today’s online environment. Cyber insurance provides protection against the liabilities associated with the theft or compromise of private customer data, as well as safeguarding companies against the impact of material business interruption due to network security breaches.

At Abaxio we have such conviction in our ability to protect our clients against cyber threats that our products come with built-in insurance. Our cloud security products are the only tools on the market to come with a $1,000,000 of coverage built-in, underwritten by AIG and Lloyds of London, via our exclusive partner Benchmark Cyber Partners.

Abaxio works with corporations of all sizes, across the entire range of industries and sectors. For specialized advice on creating a disaster recovery plan for your business, or to learn more about Abaxio’s comprehensive range of cybersecurity services, contact us today at 1-800-213-2120.