Michael asked "Where can I obtain information about security insurance as pertains to e-discovery vendors? In particular, I am  wanting to learn more about insurance coverage and limits for cybersecurity incidents that arise while the data is in the custody or control of third parties."

A few years ago, I incorporated this type of insurance in a City-wide contract for off-site storage of records; not the identical situation, but perhaps close enough. Here's the language I used:

15.4.3.            Security and Privacy Insurance with limits of at least $250,000 per occurrence and $1 million aggregate. The City, together with its officials and employees, shall be named an Additional Insured.         NOTE:  While Security and Privacy Insurance may have begun as specifically-applicable to "cyber exposure", according to insurance industry information, it is today more generally-applicable to the unauthorized release of information, regardless of the medium on which that information is carried (see, for example, This insurance needs to cover the consequences of the unauthorized release of information.

NOTE:  the Zurich URL cited above is out of date; the current URL is

Also, I benefited greatly from the advice of Kenneth Fontana; his email was [log in to unmask]<mailto:[log in to unmask]> (not sure if this is his current email address; if not, you can find him on LinkedIn).

I hope this helps.



Frederic J. Grevin

Vice-President, Records Management

New York City Economic Development Corporation<>

[log in to unmask]<mailto:[log in to unmask]>

212-312-3903 (w)

List archives at
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]