4.1 Privacy Disputes (and Exposure) Have Skyrocketed
Q:
What is non-breach privacy risk and why should my company care?
“Non-breach privacy" refers to situations where legally protected information (business or personal) is collected, transferred, stored, used, or given access to without the express notice or consent of the data subject. Generally, the risk derives from gaps in a company’s data collection and privacy posture. It results in entities unwittingly collecting, transferring, disclosing, or misusing personal or business information in violation of state and federal laws. A typical example is a marketing department using tools to collect this information without the IT or legal departments knowing what information is being collected.
Privacy-related disputes arising out of the use and collection of digital information skyrocketed in 2024. The plaintiffs’ bar has used “wiretapping laws,” like the California Invasion of Privacy Act, and other “multiparty consent” state and federal laws against companies. In a typical scenario, plaintiffs’ lawyers conduct scans of websites to see if ad tracking technology is deployed and sharing information without notice or consent on a company’s website. They then leverage one or more individuals to serve as a putative plaintiff or claimant and assert that the individual(s) went to the website and had their information collected without notice. As a result, the use of ad tracking tools, including pixels, cookies, session replay, and chat bots increases a company’s exposure for both lawsuits and regulatory scrutiny.
Insurance coverage for this risk varies and as the risk continues to evolve, it’s important to discuss with your broker the availability of coverage in your cyber policy.
BLOG
Privacy Violations: Mitigation Strategies and Cyber Insurance Considerations
In recent years, we have seen a surge in litigation involving privacy violations. In this blog, we'll explore recent litigation and suggest ways to protect your company from similar lawsuits.
4.2 Steps for Successful Underwriting Outcomes
Q:
Who needs to be involved to make the cyber insurance buying process successful?
In 2025, we expect the underwriting environment to continue to be in-depth, complex, and multi-faceted. Besides the usual robust ransomware controls, which are now non-negotiable, underwriters will be looking for an in-depth discussion around privacy controls relating to wrongful collection of data, biometric information, and privacy policy governance and enforcement. This means insureds may need a data privacy leader as well as strong privacy and data governance controls if they maintain, process, or share large volumes of personally identifiable information (PII).
To drive successful cyber insurance renewal outcomes, insureds will need to bring all stakeholders to the table—not just the CISO and risk manager—to prepare a detailed underwriting submission. They can also ensure that the coverage in place aligns with the company’s balance sheet protection strategy, data privacy goals, and network security and ransomware resilience. Use a well-known framework like NIST 2.0 or CIS, and engage your broker to facilitate frank and cross-functional dialogues with your company’s stakeholders and security vendors. These steps will save time and work and is a big advantage for companies trying to differentiate their risk and security culture to underwriters.
4.3 When You Need Intellectual Property Insurance
Q:
When should you consider intellectual property (IP) patent insurance and what can it cover?
We recommend IP coverage if your IP is considered high risk for disputes, you have contractual obligations to indemnify others against IP infringement, or you are involved in M&A transactions. IP coverage can provide protection against costly litigation, fulfill indemnity commitments, and supplement due diligence efforts during mergers and acquisitions.
In addition to covering legal fees and expenses, including settlement or damages, it can also cover:
- Scheduled products, processes, and services
- Both competitor and non-practicing entities (patent trolls) claims
- Appeals and counterclaims
- Contractual indemnity coverage and indemnified party defense
4.4 Leveraging Errors & Omissions Insurance in Fintech
Q:
How are fintech companies leveraging different types of Errors & Omissions insurance to support their growth?
As a rapidly growing segment of the financial services sector, fintech companies are no strangers to complex risks. Looking past their traditional cybersecurity risks, fintech companies can face liability risk when their product or service fails to perform as intended.
Errors & Omissions insurance can help mitigate this risk—but one size does not fit all when it comes to E&O insurance. For fintech companies providing a technology solution to support financial services clients, a technology E&O policy will provide the most appropriate risk transfer. However, for those fintech companies providing a technology platform that provides actual financial services to customers, a financial services E&O policy will be best suited to address their risk. Working with a broker experienced in these often-overlapping types of risk will allow you to customize an insurance solution that can power your business.
