Speed Data: Behind the Scenes of Cyber Insurance Recovery With Scott Godes

Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.

This week, host Megan Garza delves into the world of cyber insurance recovery with Scott Godes, Insurance Recovery Litigator for Barnes & Thornburg LLP. Scott chatted with Megan about the importance of reading insurance policy fine print, how the world of data privacy has changed over the years, and shared why he finds his line of work so personally satisfying.

Fifteen years ago, Netflix was ramping up for success, portable Flip cameras were on everyone’s wish list, and the iPhone was still a novelty. What wasn’t on the global radar yet was the concept of insurance for data privacy — unless you happened to be Scott Godes, Insurance Recovery Litigator for Barnes & Thornburg LLP.

“A few years into my practice, I was with a group that decided that each one of us should have a subspecialty,” Scott said. “And so, given the options of things to do, I chose computers, technology, and what was really barely a thing — data privacy — back in 2008.

“I wrote a whitepaper on insurance for data privacy risks, and shortly thereafter, I started getting client work from inside the firm and outside the firm, and it’s been anywhere between 125% to 75% of my practice, year after year.”

An acclaimed insurance recovery litigator, Scott’s expertise has garnered him 31 honors and awards, and he has been quoted in 192 publications. Working in a niche and often misunderstood field, Scott’s goal is to take the complex and simplify it for his clients, eliminating their frustrations.

Cyber insurance is the least understood of insurance policies, and that’s already a low bar. Policyholders rarely understand what’s included within the policy.

But Scott said, “Insurance recovery is significantly more interesting than people would think. It is sophisticated work, and it takes a lot of time and attention to figure out how to get from where the insurance company says no to where the policyholder wants to be.”

Not all cyber heroes wear capes

Fighting big insurance on behalf of his clients makes Scott quite popular around the firm. His desire to help his clients go from a position of no coverage to a resolution they are excited about is what motivates the Chambers-rated litigator.

“It is always nice to feel like I’m wearing the white hat,” he said. Scott’s favorite part of his job? “Working with policyholders who are coming to me almost always in a situation where they are disappointed in terms of how the insurance company has reacted to them, and figuring out a creative solution to get where they want to be.”

One thing Scott always stresses to his clients is that cyber insurance policies vary quite a bit — there is no one-size-fits-all policy.

“Some carriers are writing coverages that are much broader, coverage for different kinds of risk, but at the bottom, when people are marketed cyber insurance, they are marketed as a panacea for all things cyber-related,” Scott said. “But the people that market them and the people that handle the claims are not the same people. And so it’s worth spending some time to sit down and reviewing what’s actually within the policy and where there might be sub-limits or lower limits of coverage overall.”

Keeping up with cybercriminals

As cyberattackers have evolved their tactics, the cyber insurance industry has had to adjust its game plan.

“The earliest sorts of attacks and cyber events was to take things that could be resold — whether it be health records or payment card data — where there seemed to be an online dark web marketplace,” Scott said. “Now criminals can force people to pay them directly.

“Compared to what it used to be, now there are specific coverage grants for cyber extortion and ransomware — those things just weren’t in the marketplace 15 years ago. We’re in a completely different universe.”