Investment managers must be prepared for cyber breaches, because even state-of-the-art cybersecurity measures can fail. In addition to adopting a breach response plan, managers should consider purchasing insurance to mitigate their losses and response costs in the event of a breach. Both of those approaches to mitigating the fallout from a cyber breach were recently considered in depth at a program sponsored by K&L Gates and the Investment Adviser Association (IAA). The program – the fourth installment of the sponsors’ Investment Management Cybersecurity Seminar Series – was moderated by Mark C. Amorosi, a partner at K&L Gates, and featured Laura L. Grossman, assistant general counsel at the IAA; Jason Warmbir, a vice president at Willis Group Holdings Ltd.; and K&L Gates partners András P. Teleki and Gregory S. Wright. This article, the second in a two-part series, discusses the availability of coverage for cyber breaches under conventional insurance policies; the availability and types of specialized cyber liability coverage; and coverage issues that may arise under such policies. The first article
explored the development and testing of a breach response plan; implementation of the plan in the event of a breach; breach notification requirements; and other post-breach actions. For coverage of prior installments in the series, in which Amorosi, Grossman and Teleki also participated, see “K&L Gates-IAA Panel Provides Comprehensive Overview of Cybersecurity Laws and Threats Applicable to Investment Managers (Part One of Two)
,” Hedge Fund Law Report, Vol. 8, No. 16 (Apr. 23, 2015); and “K&L Gates-IAA Panel Addresses Regulatory Compliance and Practical Elements of Cybersecurity Testing (Part One of Two)
,” Hedge Fund Law Report, Vol. 8, No. 20 (May 21, 2015).