Given the vast amount of information that cannabis retailers and distributors are required by law to collect from customers, coupled with the fact that this is a new and rapidly growing industry operating in an uncertain regulatory environment, the unfortunate reality is that those in the cannabis business may be prime targets for cybercrime. As cyberattacks become more sophisticated - including recent threats that cybercriminals will publish data stolen from victims who refuse to pay ransom - cyberliability insurance coverage is one risk management tool that cannabis companies should consider as a part of a comprehensive security and privacy breach response plan. Cyberliability policies continue to evolve, and thus they may be negotiable and can (and should) be customized wherever possible.
Although a holistic review of all insurance policies is important, because cyberliability policies vary significantly in scope, it is critical to review and understand either your company's current cyberliability policies or cyberliability policies that you are considering purchasing. Further, although the cyberliability insurance market is slowly opening for cannabis businesses, increasing cyberliability insurance premiums highlight the importance of tailoring coverage to a company's specific needs.