Everyone’s Working From Home Due to the Coronavirus – Is There Insurance Coverage for a Data Breach?

Apr 13, 2020 Published Article

Most organizations are now requiring that their employees work from home (“WFH”) with the ongoing COVID-19 (commonly referred to as the Coronavirus) pandemic.   These remote working arrangements provide new opportunities for hackers to infiltrate computer systems, and not surprisingly, attempted cyber attacks are on the rise.  Given the rapid deployment of employees being forced to work from home, many employees are using their personal laptops, tablets and other devices to complete their work.  The use of such personal devices increases the risk to network systems, including a potential breach or data loss.

However, in the event of a breach or other incident, there may be limitations in your cyber liability insurance policy based upon the type of hardware being used.  Businesses need to be proactive to protect themselves from attacks by practicing vigilant cyber safety, and also reviewing their insurance policies in detail for coverage considerations prior to the occurrence of any cyber incident.

Cyber Attacks Are Increasing

Today’s “WFH” environment provides great opportunities for bad actors as they are very aware of the limited number of individuals physically working in office locations.  Cyber attacks and phishing scams have increased significantly from the beginning COVID-19 pandemic, with some estimating that attacks have increased by as much as 4,000%.

One of the latest phishing scams involves sending e-mails to coordinate online meetings.  Due to the high volume of e-mails being received to coordinate and schedule these meetings, users are less likely to carefully verify the information in the request.  Upon acceptance of a meeting, malware is executed which compromises a company’s technical environment.

Security Measures for the WFH Environment

Organizations should be utilizing robust security protocols and network security measures to protect their systems and data with employees working remotely.  Such measures include strong access controls for applications and systems, and multi-factor authorization.

Further, all employees working remotely need to be provided with guidance on technology they are expected to use when working from home, including any security protocols for personal devices, such as updating programs and using anti-virus software.  Lastly, organizations should remind employees of the increased likelihood for an attempted cyber attack at this time, whether related to the Coronavirus or otherwise.

Am I Covered For a Cyber Incident?

Even with security protocols in place to protect systems and data, there is still the risk that a cyber incident may occur.  Many companies look to cyber liability insurance as a tool to manage this risk.  As with all contracts, whether there is coverage or not will depend on the specific terms and conditions of the insurance policy itself.

One issue that may be overlooked is that many cyber liability insurance policies make a distinction between computer hardware owned by the insured company and computer hardware or other devices owned by company employees.  This distinction becomes critical as the insuring agreements may limit or exclude coverage for computer hardware that is not owned by the named insured.  The insurance policy may also have other requirements related to the use of personal devices by employees, such as requiring a formal written policy to address the use of such devices.

Some organizations may provide company-owned laptops to employees, while others allow employees to use their own devices to perform work.  Companies may be forced to allow employees to work from home during this pandemic - using personal laptops, tablets and other devices necessary to complete their work.  Depending on the cyber liability policy, there may not be coverage for the use of such non-company owned hardware.  And in the event of a breach or other cyber incident, there may not be coverage for subsequent damage or other coverage that you expect to have.

Why Does This Matter

  • Cyber safety measures should be employed throughout your organization.  This includes providing direction to all employees working remotely about the use of personal devices.
  • Cyber liability insurance policies should be reviewed by experienced cyber insurance coverage attorneys to understand all available coverages and limitations.
  • It is best to be proactive and immediately complete an insurance review to ensure you have the coverage you expect during this pandemic.

For additional information, you can consult with a Task Force attorney Task by emailing NDCovid19Response@ndlf.com or contacting our office directly at 949-854-7000.