Insurance & Reinsurance

Cyber Insurance

Helping clients navigate cyber and privacy insurance matters.

Meet the team

Locke Lord's Privacy & Cybersecurity Group utilizes an interdisciplinary approach to help clients navigate cyber and privacy insurance matters. Our group partners with global insurance clients to consider policy wording and potential cyber and privacy exposures under stand-alone cyber policies or endorsements as well as under a variety of first-party and third-party policies, such as property, CGL, D&O, E&O, fidelity and EPL. Our experience includes product development, risk management and coverage work involving claims analysis, claims monitoring, litigation, mediation and arbitration.

Locke Lord also supports our insurance clients with evolving coverage issues, including issues arising from developing technologies and new or changing regulatory and statutory developments as well as those issues often seen with many other kinds of risks. Our Privacy & Cybersecurity Group has keen insight into how different jurisdictions have ruled or may rule on coverage issues affecting cyber and privacy insurers. This comes from our familiarity with cyber and privacy exposures, and our experience with cyber and privacy wordings and risks as well as many other types of policies and claims.

In addition, we have been selected or approved by insurers to advise insureds on incident response and in other data security matters (Incident Preparedness & Risk Management), and to defend insureds in litigation and other legal and regulatory proceedings (Privacy Compliance & Enforcement).

Our experience involves more than 1,000 claims and includes:

  • Assisting insurer clients in the development of cyber and privacy insurance products and programs
  • Working with clients on cyber and data-related wordings in other lines of policies, including E&O, technology, media and game developer policies
  • Assessing, negotiating and litigating coverage issues for cyber, data, privacy, technology and media risks and claims, such as
    • Incident response
    • Cybersecurity and privacy liability
    • Regulatory proceedings
    • Ransomware and extortion
    • Malware and other system and network disruptions
    • Wire transfer fraud and other business email compromises or social engineering compromises
    • Business interruption or business income loss
    • Data or system restoration or replacement costs
    • Website or media content liability
    • Payment Card Industry Data Security Standard (PCI DSS) compliance
  • Providing risk management and education programs on cyber and privacy risk identification and mitigation for insurers and their insureds
  • Analyzing potential cyber and privacy exposures under other lines of coverage and in reinsurance contracts (“silent cyber”)
  • Preparing and negotiating data security, indemnity and insurance provisions in vendor, supplier and other third-party agreements

Members of our Privacy & Cybersecurity Group focused on cyber insurance also liaise with Locke Lord's Insurance Regulatory and Transactional Group. This skilled group has strong connections with various state departments of insurance throughout the United States and provides key support to secure licenses for new or expanding insurers and approvals for forms and wordings for admitted insurers.

We frequently speak and write on cyber and privacy risk management and insurance issues. Members of our Privacy & Cybersecurity Group have been featured at conferences and webinars sponsored by, among others, Advisen, Professional Liability Underwriting Society (PLUS), NetDiligence, the Association of California Insurance Companies, the International Association of Insurance Receivers and the American Conference Institute. We also participate in internal education programs for insurers throughout the United States, UK and EU.

Visit our Insurance & Reinsurance Blog ( for the latest news and developments in Cyber Insurance.