Watch Out for Cyber Insurance CaveatsAttorney Steven Teppler of Sterlington PPLC on Meeting Insurers' Latest Demands
Cyber insurance is getting much tougher to obtain, and coverage for security incidents is not guaranteed even when policies are issued, says attorney Steven Teppler, chair of the privacy and cybersecurity practice of law firm Sterlington PLLC.
"Your cyber insurance rates are typically three times what they were a couple of years ago - if you can get [policies]," he says.
Insurers are also asking organizations for details about whether they have implemented important security controls, policies and practices. "These questions are not easily answered," he says. "It you fib, it gives the insurer a chance to deny coverage if you have a cyber incident."
In a video interview with Information Security Media Group at RSA Conference 2022, Teppler also discusses:
- The list of security controls and best practices cyber insurers expect before issuing policies;
- The threat of class action lawsuits and regulatory enforcement actions - including from the Federal Trade Commission and the U.S. Department of Health and Human Services - in the wake of cyber incidents;
- The most common security practice weaknesses that have been leading to major health data breaches;
Teppler leads Sterlington PLLC's cybersecurity, privacy and electronic discovery practice. He's also the former co-chair of the American Bar Association's Information Security Committee and a founder and former co-chair of the ABA's IoT National Institute and its National Institute on Electronic Discovery and Information Governance.