Insights

When cyber incidents affect investment banks, advisors, and broker-dealers, the resulting damages are often significant, given the transactions involved. Few industries are more susceptible to such large damages. Most financial firms are already very aware of the risk and the importance of cyber insurance. One of the most overlooked benefits of maintaining a cyber policy, is the comfort of having a response team at the ready. Cyber incidents are chaotic and can create significant confusion.

As an M&A consultant or broker-dealer / investment bank providing M&A advisory services, implementing a well-structured insurance program is critical. Navigating the different insurance solutions however can be a bit dizzying.

Medical practices and healthcare facilities are subject to some unique litigation. When structuring insurance for healthcare institutions, policyholders should be acutely aware of these unique risks and whether or not their D&O, E&O, or other specialized policies, will respond when such claims arise.
 

When structuring D&O insurance, one of the most difficult questions to address is, how much is enough? You’ll often hear brokers referring to limit adequacy or insufficiency, but what exactly is an adequate limit? When deciding on an optimal limit, there are a number of factors that can affect both the likelihood of a claim, and the potential severity of a claim, both of which need to be considered when structuring coverage.

When going to market for professional and management liability insurance, most policyholders, brokers and attorneys, go to great lengths to assess policy terms, and rightfully so. Of secondary importance however, is assessing the insurer itself - as task that too often gets overlooked. Here are some considerations for policyholders when underwriting prospective carriers.

Cyber risk is a broad term, often used to refer to a wide range of computer, and digital/online related claims. Some of these claims have been traditionally insured under typical liability and property policies for years, which gave rise to the term "silent cyber coverage". With cyber insurance now a mature product, many carriers are developing firmer lines in the sand, eliminating any silent cyber within their forms, clearly isolating the risks they insure, however there are still many cyber risks that can be insured both on and off cyber policies.

When structuring D&O, E&O or Cyber insurance for an acquisition, there are 2 distinct time periods: 1) wrongful acts or incidents that occurred before the acquisition, and 2) those that occur after the acquisition. Most insurers will provide the purchasing company with automatic coverage for newly acquired subsidiaries, however they only agree to provide such coverage for (future) wrongful acts asserted after the acquisition date.

When reviewing a cyber policy, nothing creates more confusion that the computer crime insuring agreements. Business email compromise is often insured under a social engineering insuring clause, except when it’s referred to as e-theft or fraudulent instruction, which sounds a lot like funds transfer fraud which is an entirely different insuring agreement (sometimes). That’s also not to be confused with computer fraud which is also different. Dizzy yet?

Lost income and expenses related to business interruptions account for some of the most significant damages incurred during an intrusion. In fact, the damages can be so significant that one of the primary considerations organizations make when deciding whether or not to pay a ransom demand, is the potential lost income that would result from refusing such a payment. While almost all cyber policies provide coverage for breach related business income losses, there are some critical differences among carriers’ coverage triggers and the damages they insure against.

Broad indemnification agreements are a staple protection for corporate officers of both public and private companies alike. Unfortunately, corporate indemnification isn’t a guarantee. There are a number of situations in which such protections may become unavailable or indemnification may be wrongfully denied by the company. In such situations, the only source of funds available to executives, are those provided by a the Side A insuring agreement of a D&O policy which provides coverage for non-indemnifiable claims.