Cyber Liability Insurance Claims Lawyers

San Francisco Cyber Liability Insurance Claims Attorneys Serving Clients Nationwide

New technologies breed new kinds of corporate risks. It used to be a headline; now it’s a common story. Sophisticated global companies have been subject to massive data security and privacy failures. Hackers have attacked companies as varied as Target, Sony and even Google.

Cybersecurity breaches can result in significant business interruption, reputational harm, and brand damage. As cyber risks are better understood, the insurance industry has responded by creating specialized business policies to address these risks.

The Worst-Case Scenario

Hackers penetrate your system and steal the sensitive, personal data of thousands of customers or patients. Identifying the scope and nature of the breach and notifying affected customers can be very expensive. Then the class actions come.

Traditional business policies – commercial, several liability, property, errors, and omissions – may or may not provide coverage in response to a cybersecurity breach depending on the particular policy language. Legal opinions across the country are in conflict on many questions. The insurance industry has responded with specialized policies written to address this specific loss and cyber insurance policies can vary greatly.

What makes cyber liability insurance unique is that it generally contains both first-party and third-party coverage. First-party coverage can include the cost of forensic analysis and crisis management, loss of business income and the cost of restoring IT systems to a pre-data breach state. Third-party coverage can include protection from claims related to the theft of private information such as Social Security numbers, bank and credit card account numbers and medical records.

Facing a denied cyber insurance claim? Pillsbury & Coleman, LLP’s experienced San Francisco attorneys fight bad faith denials for data breaches, ransomware, and more. Recover what you’re owed—contact us today.

Although distinct from technology errors and omissions coverage, many cyber policies contain similar language. However, cyber threats and policies are continually evolving as new cyber threats are discovered and reported. At Pillsbury & Coleman, LLP, our attorneys are experienced in representing California clients whose insurance carriers fail to fulfill the terms of their policy. We can also proactively help you evaluate your policy and help you identify coverage gaps.

Building Your Cybersecurity Action Plan (Based on the NIST Framework)

1. Identify

  • Recognize and understand legal and regulatory requirements across jurisdictions relevant to your business.
  • Map out your data and digital assets: know what data you handle, where it originates and flows, storage methods, access privileges, and how apps interact with it.
  • Be aware of common cyber threats, such as malware, phishing, man-in-the-middle, DDoS, and DNS tunneling

2. Protect & Detect

  • Enforce strong security policies: access control, employee training, clean-desk and data protection procedures.
  • Deploy technical safeguards: VPNs, two-factor authentication, secure Wi-Fi, firewalls, spam/anti-phishing measures, encryption, and internet-use restrictions.
  • Form a cybersecurity response team, including executives (CIO), IT, legal advisors, forensic specialists, and even law enforcement contacts.
  • Set up monitoring systems: anomaly detection, vulnerability scans, alerts for unauthorized use.
  • Get cyber insurance to cover first-party costs (e.g., legal, data recovery, notification, business interruption, forensic services) and third-party liabilities (litigation, settlements, judgments). Be aware insurers may penalize or deny coverage if controls are weak

3. Respond

  • Have procedures ready to contain a breach: preserve affected systems, mobilize response team, bring in forensic help, and consult legal counsel.
  • Understand reporting obligations: U.S. states and the EU mandate notifying individuals and regulators—e.g., California requires disclosure to impacted individuals “without unreasonable delay”

4. Recover

  • Develop recovery strategies: reassess vendor relationships, conduct post-incident forensic reviews, and update your cybersecurity plan based on lessons learned

Cyber Insurance Frequently Asked Questions

1. What is cyber insurance?

Cyber insurance typically protects organizations from financial losses and liabilities caused by cyber-attacks, data breaches, and interruptions of websites or other electronic platforms. Cyber insurance can be quite broad, covering a wide range of financial losses and liabilities including the cost of responding to the cyber incident, the cost of restoring and securing data, extortion expenses, lost profits and payroll expenses caused by business interruption, and even breach of contract damages where a technology company has allegedly failed to provide technlogy services or maintain an electronic platform pursuant to a master services agreement (MSA) or statement of work (SOW).

2. How is cyber insurance written to cover such losses?

Cyber insurance policies generally provide coverage for “technology wrongful acts” or “technology incidents.” The insuring agreement of a cyber policy typically provides that: “The insurer will pay damages and claims expenses by reason of a claim first made against an insured during the policy period for a technology incident which first occurs on or after the retroactive date and prior to the end of the policy period.” The bold terms are usually further defined in the body of the policy. This is one example of cyber coverage, however, there is no standard coverage form universally used by insurance carriers. Each carrier writes its policy using their own definitions and language tailored to cover specific risks. It is therefore important to understand the coverage provided by your policy before making a claim.

3. How is cyber insurance different from commercial general liability (CGL) insurance?

Cyber insurance covers different risks and financial losses. CGL policies cover “bodily injury,” “property damage,” and certain “personal injury” liability resulting from claims of libel, slander, and copyright infringement. CGL policies typically do not cover the financial risks and losses associated with cyber-attacks, data breaches, and interruptions of websites or other electronic platforms.

4. How do I submit a cyber insurance claim?

Embedded within the policy is a notice provision that details where to provide notice to the insurance carrier if a cyber incident gives rise to a claim. This language typically appears in the “declarations” page of the policy or in the “conditions” section of the policy. These notice provisions usually provide an address, email, or contact person for the insurance carrier in the event of a claim. Your coverage attorney or insurance broker can assist you in complying with these provisions and providing notice to your carrier.

5. Are there conditions I need to comply with when submitting a cyber insurance claim?

Yes. In addition to the notice provisions discussed above, there are other provisions in the policy that may impact coverage. For example, most cyber insurance coverage is written on a “claims made and reported” basis. This means that the cyber insurance claim must not only occur within the policy period, but also that the claim must be made and reported to the insurance carrier within the policy period. Carriers often require strict compliance with this provision. If a claim is made or reported after the policy period expires, it can result in the denial of coverage. Once you become aware of a cyber incident that may give rise to a claim, you should immediately contact your coverage attorney to determine whether to submit a claim to the carrier.

6. Are there exclusions that preclude coverage for my cyber insurance claim?

Cyber insurance policies contain many different exclusions. They typically appear in their own section of the policy. Some of the most prominent include: “prior knowledge” exclusions which preclude coverage for claims the insured knew of before the effective date of the policy; “intentional act” exclusions that preclude coverage for any claim arising from fraudulent, criminal, malicious, or intentional acts; “infrastructure outage” exclusions which preclude coverage for electrical or mechanical failures that result in the interruption of internet access or internet service providers; “employment practices” exclusions that preclude coverage for discrimination arising from employment relationships; and “intellectual property” exclusions that preclude coverage for claims arising from allegations of infringement on copyright, trademarks, and trade secrets.

7. What happens after I submit my cyber insurance claim?

Once a claim is submitted, the carrier will often assign their own coverage counsel and claims person as your point of contact for the claim. Your coverage attorney can typically facilitate communication with them to ensure compliance with policy provisions. Once of those provisions is a “cooperation” clause that requires you to cooperate with the carrier as it conducts its investigation of the claim. During this investigation, the carrier will make requests for information and documents. So long as those requests are reasonable, you will need to provide that information pursuant to the “cooperation” clause. If the requests are unreasonable or unrelated to the coverage issues, then your counsel can push back on the requests for information on that ground. All communications with your insurance carrier should be timely and professional.

8. How should I document my cyber insurance claim?

You should retain all documentation relating to your cyber insurance claim. This includes emails, contracts, letters, and other correspondence. The carrier will want to know the timeline of how the cyber incident occurred and what transpired thereafter. You will also want to document your financial losses. If you suffered an interruption of your business, you will need to submit a proof of claim to prove up your lost profits. This will often require the services of a forensic accountant who will analyze your company’s gross profits and operating expenses in the months leading up to the cyber incident to determine the amount of your lost profits. This typically involves the calculation of the momentum of your increased or decreased sales and profits over time. The forensic accountant will then use this momentum calculation to calculate your lost profits for each day that was impacted by the cyber incident.

If your company has suffered a cyber incident the attorneys at Pillsbury & Coleman LLP can help guide you through the process of submitting your cyber insurance claim. Pillsbury & Coleman LLP has recovered over a billion dollars for its clients and has decades of experience of holding insurance companies accountable.

Stay Ahead of the Game – Contact Pillsbury & Coleman, LLP

To meet the needs of today’s fast-paced, high-tech world, our lawyers have made new law and expanded the rights of policyholders. To learn if we can be of assistance when your business is facing a crisis, please call our San Francisco office at (415) 433-8000 or send us an email today.