Speed Data: Behind the Scenes of Cyber Insurance Recovery With Scott Godes

Scott Godes, Insurance Recovery Litigator for Barnes & Thornburg LLP, chats about the importance of cyber insurance, and how data privacy has evolved.
Megan Garza
2 min read
Last updated March 25, 2024
Megan Garza and Scott Godes

Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.

This week, host Megan Garza delves into the world of cyber insurance recovery with Scott Godes, Insurance Recovery Litigator for Barnes & Thornburg LLP. Scott chatted with Megan about the importance of reading insurance policy fine print, how the world of data privacy has changed over the years, and shared why he finds his line of work so personally satisfying.

 

Fifteen years ago, Netflix was ramping up for success, portable Flip cameras were on everyone’s wish list, and the iPhone was still a novelty. What wasn’t on the global radar yet was the concept of insurance for data privacy — unless you happened to be Scott Godes, Insurance Recovery Litigator for Barnes & Thornburg LLP.

“A few years into my practice, I was with a group that decided that each one of us should have a subspecialty,” Scott said. “And so, given the options of things to do, I chose computers, technology, and what was really barely a thing — data privacy — back in 2008.

“I wrote a whitepaper on insurance for data privacy risks, and shortly thereafter, I started getting client work from inside the firm and outside the firm, and it’s been anywhere between 125% to 75% of my practice, year after year.”

An acclaimed insurance recovery litigator, Scott’s expertise has garnered him 31 honors and awards, and he has been quoted in 192 publications. Working in a niche and often misunderstood field, Scott’s goal is to take the complex and simplify it for his clients, eliminating their frustrations.

Cyber insurance is the least understood of insurance policies, and that’s already a low bar. Policyholders rarely understand what’s included within the policy.

 

But Scott said, “Insurance recovery is significantly more interesting than people would think. It is sophisticated work, and it takes a lot of time and attention to figure out how to get from where the insurance company says no to where the policyholder wants to be.”

Not all cyber heroes wear capes

Fighting big insurance on behalf of his clients makes Scott quite popular around the firm. His desire to help his clients go from a position of no coverage to a resolution they are excited about is what motivates the Chambers-rated litigator.

“It is always nice to feel like I’m wearing the white hat,” he said. Scott’s favorite part of his job? “Working with policyholders who are coming to me almost always in a situation where they are disappointed in terms of how the insurance company has reacted to them, and figuring out a creative solution to get where they want to be.”

One thing Scott always stresses to his clients is that cyber insurance policies vary quite a bit — there is no one-size-fits-all policy.

“Some carriers are writing coverages that are much broader, coverage for different kinds of risk, but at the bottom, when people are marketed cyber insurance, they are marketed as a panacea for all things cyber-related,” Scott said. “But the people that market them and the people that handle the claims are not the same people. And so it’s worth spending some time to sit down and reviewing what’s actually within the policy and where there might be sub-limits or lower limits of coverage overall.”

Keeping up with cybercriminals

As cyberattackers have evolved their tactics, the cyber insurance industry has had to adjust its game plan.

“The earliest sorts of attacks and cyber events was to take things that could be resold — whether it be health records or payment card data — where there seemed to be an online dark web marketplace,” Scott said. “Now criminals can force people to pay them directly.

“Compared to what it used to be, now there are specific coverage grants for cyber extortion and ransomware — those things just weren’t in the marketplace 15 years ago. We’re in a completely different universe.”

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

what-is-the-minimum-acceptable-risk-standards-for-exchanges-(mar-e)?
What is the Minimum Acceptable Risk Standards for Exchanges (MAR-E)?
Under the Affordable Care Act (ACA) of 2010, there are now online marketplaces to buy health insurance. These are essentially websites that allow consumers to shop around for an insurance...
speed-data:-thinking-from-a-cyberattacker's-perspective-with-dalal-alharthi
Speed Data: Thinking From a Cyberattacker's Perspective With Dalal Alharthi
Dr. Dalal Alharthi talks about the importance of organizations anticipating a breach and seeing the world through the eyes of an attacker.
speed-data:-rethinking-traditional-cybersecurity-principles-with-rick-howard
Speed Data: Rethinking Traditional Cybersecurity Principles With Rick Howard
Rick Howard, author, journalist, and Senior Fellow at the CyberWire, chats about his new book on rebooting cybersecurity principles with Varonis' Megan Garza.
do-executives-and-cybersecurity-pros-agree-on-today’s-biggest-cyber-threats?
Do Executives and Cybersecurity Pros Agree on Today’s Biggest Cyber Threats?
Breaches cost companies billions, erode trust and can have a long-lasting negative impact on a company’s brand. With so much as stake, we wondered: are C-Suite executives aligned with their...