Cyber Insurance , Events , Governance & Risk Management

Watch Out for Cyber Insurance Caveats

Attorney Steven Teppler of Sterlington PPLC on Meeting Insurers' Latest Demands
Steven Teppler, privacy and cybersecurity practice chair, Sterlington

Cyber insurance is getting much tougher to obtain, and coverage for security incidents is not guaranteed even when policies are issued, says attorney Steven Teppler, chair of the privacy and cybersecurity practice of law firm Sterlington PLLC.

See Also: OnDemand | 2023 OT Cybersecurity Year in Review: Lessons Learned from the Frontlines

"Your cyber insurance rates are typically three times what they were a couple of years ago - if you can get [policies]," he says.

Insurers are also asking organizations for details about whether they have implemented important security controls, policies and practices. "These questions are not easily answered," he says. "It you fib, it gives the insurer a chance to deny coverage if you have a cyber incident."

In a video interview with Information Security Media Group at RSA Conference 2022, Teppler also discusses:

  • The list of security controls and best practices cyber insurers expect before issuing policies;
  • The threat of class action lawsuits and regulatory enforcement actions - including from the Federal Trade Commission and the U.S. Department of Health and Human Services - in the wake of cyber incidents;
  • The most common security practice weaknesses that have been leading to major health data breaches;

Teppler leads Sterlington PLLC's cybersecurity, privacy and electronic discovery practice. He's also the former co-chair of the American Bar Association's Information Security Committee and a founder and former co-chair of the ABA's IoT National Institute and its National Institute on Electronic Discovery and Information Governance.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.