Reed Smith Client Alerts

According to a report issued last week, tens of thousands of cannabis dispensary customers' personal data has been exposed following a data breach of a sales system that at least three (and likely more) cannabis dispensaries may have used to manage their sales to customers. This breach highlights the increasing threat that cyber crime poses to the cannabis industry.

Given the vast amount of information that cannabis retailers and distributors are required by law to collect from customers, coupled with the fact that this is a new and rapidly growing industry operating in an uncertain regulatory environment, the unfortunate reality is that those in the cannabis business may be prime targets for cybercrime. As cyberattacks become more sophisticated - including recent threats that cybercriminals will publish data stolen from victims who refuse to pay ransom - cyberliability insurance coverage is one risk management tool that cannabis companies should consider as a part of a comprehensive security and privacy breach response plan. Cyberliability policies continue to evolve, and thus they may be negotiable and can (and should) be customized wherever possible.

Although a holistic review of all insurance policies is important, because cyberliability policies vary significantly in scope, it is critical to review and understand either your company's current cyberliability policies or cyberliability policies that you are considering purchasing. Further, although the cyberliability insurance market is slowly opening for cannabis businesses, increasing cyberliability insurance premiums highlight the importance of tailoring coverage to a company's specific needs.