Companies not only need to get the right cyber insurance, but they must also know how to properly use it once they have it. One of the things that few truly understand is the impact that cyber insurance has on incident response planning and the incident response process.

Can you imagine how disruptive this scenario would be?

• You go through the effort of creating an incident response plan, train the incident response team on their roles and responsibilities, and practice table top exercises. You are ready to respond.
• You experience an incident and are ready to execute your plan.
• Only then do you discover that not only does your company have cyber insurance, but that insurance policy specifically dictates what cyber forensic firms you can use, what public relations firms you can use, what notification vendor you can use, and what breach counsel (aka privacy counsel or breach quarterback) you can use—and none of those "approved vendors" are the ones that you included on your external incident response team!

Unfortunately, this is a situation that we see far too often.

Fortunately, however, there are many ways to address these issues before an incident happens, as well as other issues that are just as important and impactful. The key to doing so is knowing what issues to look for, what questions to ask, and how to find the right professionals to help you get the right solutions to work with your company's needs.

Cyber insurance is critical for that by providing your company with the resources it needs to properly respond to and recover from an attack.

speaker photo
Shawn Tuma
Co-Chair, Data Privacy & Cybersecurity Practice, Spencer Fane, LLP

Shawn Tuma is an internationally recognized cybersecurity, computer fraud and data privacy law attorney, areas in which he has practiced for two decades. He is Co-Chair of Spencer Fane’s Data Privacy & Cybersecurity Practice where he regularly serves as cybersecurity and privacy counsel advising a wide variety of businesses ranging from small and mid-sized companies to Fortune 100 enterprises. Shawn has been named a Cybersecurity Law Trailblazer by the National Law Journal, SuperLawyers Top 100 Lawyers in DFW, and Best Lawyers in Dallas. He serves as the Practitioner Editor for Bloomberg Law’s Texas Privacy & Data Security Law, among many other activities.