Cyber Liability Due Care Requirements: Prepare Your Organization to Address Them

January 2017

Night Lion Security has released a report that focuses on the concept of due care in the cyber risk industry. This 5-page paper features a discussion on how organizations can prepare cyber liability due care requirements.

Understanding the Concept of Due Care

What is due care in cyber liability policies? What are the guidelines for due care and how can they be met? What is the National Institute of Standards and Technology’s (NIST) Cyber Security Framework? These are some of the questions answered in this paper from Night Lion Security.

Due care is an intentionally gray area that can encompass many aspects of security and cyber preparedness. The definition of due care will ultimately rest with the courts and prosecutors looking to potentially file suit against your organization for lack of adherence to a particular set of standards or principles. When in doubt, a third party consulting firm can provide a very valuable and un-biased view of your organization’s practices.

As insurance providers tighten requirements for claims payouts, companies will be forced to meet a minimum standard of acceptable practices, thereby improving their overall security posture. Boards would be wise to start putting pressure on their companies to focus on understanding their cybersecurity risk and set an urgency around the issue to prevent brand damage and loss in shareholder value,” – Sam King, Chief Strategy Officer, Veracode