Cybersecurity liability and insurance

Cybersecurity insurance provides an organisation with the ability to insure itself against certain cybersecurity risks.

By obtaining cybersecurity insurance, an organisation seeks to transfer the risk of financial loss associated with a cybersecurity incident to the insurer.

Cybersecurity insurance policies vary in the nature and extent of the risks covered. They also vary in the nature and extent of the exclusions from insurance coverage.

If an organisation does not have cybersecurity insurance, it may be required to pay the costs associated with cybersecurity incidents itself that it may otherwise have been able to claim under the insurance policy.

An organisation may seek to limit or exclude its liability for breaches of data security by entering into a contract with another organisation or person that contains provisions that limit or exclude the organisation’s liability for breaches of data security.