Skip to Main Content
Services Talent Knowledge
Site Search


Our attorneys stay on top of changes in legislation, agency regulations, case law, and industry trends—then craft timely legal alerts to keep clients up to date on legal developments important to their business.

February 2, 2017

Cybersecurity Insurance - Considerations for Health Care Providers, Higher Education Institutions and their Lenders

Protecting laptop and desktop computers, servers and mobile devices containing information of patients, students and employees from threats of loss, hacking, or theft is an increasing operational, business and legal challenge for health care providers and institutions of higher education.

As both the number and cost of data breaches have risen, health care providers and higher education institutions should be cognizant of the fact that there is a permanent organizational cost to addressing these matters. Proactive steps – including relatively simple steps such as data mapping, conducting data security assessments, establishing incident response teams, creating appropriate policies and practices, and performing employee training – can help decrease these costs in the long run and better prepare your organization for the occurrence of a data breach. This is not a problem that is going away and the more an organization is able to do up front to prepare, the better the chance is that it will be able to manage the financial and other costs of a data breach event.

Cyber liability insurance coverage is one strategy to manage risk associated with a data breach. In the context of claims arising from a data breach event, the majority of courts in the United States addressing this issue have held that such claims generally will not be covered under a standard general liability insurance policy.

Cyber liability insurance has become readily available. Current policies can provide a variety of coverages including emergency response to identify and stop a breach; notification costs to comply with statutes or regulations (based on number of affected persons) and defense costs of regulatory investigations. Insurance coverage can vary widely in terms of what is covered in the event of a data breach, so it is important to ensure that any coverage obtained suits the risks and concerns of each individual organization.

For example, a breach may trigger notice to regulators but also a requirement of notification to the persons whose information was breached and in some instances, notice to all persons whose information is in the possession of the organization. Notification may require hiring consultants. Notification costs can be significant. If an organization has a properly structured cyber liability insurance, the policy may cover some or all of these costs. However, cyber liability policies vary. Some policies may only provide coverage for costs and fees incurred in relation to a regulatory investigation or civil lawsuit, and may not cover costs relating to items such as notification requirements or the response to and investigation of the actual data breach. An organization should assess its operations and procedures and the potential impacts and internal and external costs of a data breach event in order to properly structure insurance coverage.

As the incidence of data breaches becomes more widespread and costs increase, we expect that lenders will give heightened attention to evaluating the data security policies and procedures and the financial and operational wherewithal of their borrowers to prevent, manage and withstand breaches.
If you have any questions about the firm's Cybersecurity service offerings or the Insurance Coverage & Regulation  Practice Area, please feel free to call or e-mail Nicholas DiCesare at 716-566-1524 or or Mark T. Whitford Jr. at 585-295-4449 or

Featured Media


Fourth Department Finds Language in 1980 Statute Is Gender Neutral for Purposes of Child Victims Act


Priority of Federal Tax Lien on Personal Property: Secured Lender vs. IRS


COVID-19 Business Interruption Update: New York High Court Affirms in Favor of Insurer


USFWS Introduces General Permit for Bald and Golden Eagle Incidental Take


ORES Executive Director Issues First Denial of Section 94-C Permit Application Following Applicant's Partial Loss of Site Control


New Details About OPWDD Spending in the New York State FY 2025 Executive Budget

We're Growing in DC!

We’re excited to announce Barclay Damon’s combination with Washington DC–based Shapiro, Lifschitz & Schram. SLS’s 10 lawyers, three paralegals, and four administrative staff will join Barclay Damon while maintaining their current office in DC’s central business district. Our clients will benefit from SLS’s corporate, real estate, finance, and construction litigation experience and national energy-industry profile, and their clients from our full range of services.

Read More

This site uses cookies to give you the best experience possible on our site and in some cases direct advertisements to you based upon your use of our site.

By clicking [I agree], you are agreeing to our use of cookies. For information on what cookies we use and how to manage our use of cookies, please visit our Privacy Statement.

I AgreeOpt-Out