For example, some cyberliability coverage policies include Internet media coverage, but may only cover content on the insured’s website. Additional coverages can be easily added to cyberliability policies, but because there is no standardized cyberrisk policy, the coverage will need tweaks and endorsements, Srail says.

The ambiguity of privacy rights in social media, as exemplified by the Weiner flap, has "far-reaching implications" for the corporate world, says Jennifer G. Smith, vice president of global technology and private practice at Lockton Companies, LLC.

Part of the issue is the divergent views taken by the U.S. and the rest of the world on basic privacy rights, Smith says. "The EU takes a different view of who's responsible for the accuracy of online or website content. In the UK especially, an individual's right to privacy is a fundamental right, which is not the case in the U.S. We protect consumer rights, but individual privacy rights are not guaranteed. This means multi-national companies with locations in the EU and/or UK may have a greater exposure for online content, as well as data privacy. If your corporation has a global insurance policy, your exposures could be different from one country to another."

Another example of this dichotomy involves the use of online images that may invade an individual’s right to privacy, Smith said. For instance, there are many EU privacy lawsuits involving the use of Google Earth satellite imagery technology, which essentially is a non-issue under U.S. law, where privacy is not constitutionally protected, Smith said.

So how would insurance coverage respond to lawsuits arising from the Weiner scandal? Not well, Smith says. "Cyberliability programs deal strictly with protected data. In the U.S., if the data is not protected by federal or state law, the policy will not respond. In this case, Twitter would not have a remedy, unless under the media or professional liability insuring agreements of E&O coverage."

Because Twitter, Facebook and other social media sites do not collect "protected information" such as personally identifiable information like Social Security numbers or confidential health data, they are not subject to most state or federal privacy laws; they would be “off the hook” against an unauthorized access claim from Rep. Weiner.

However, a defamation claim could be more feasible. Smith referenced the landmark 2009 defamation and reputation damage lawsuit filed by a fashion designer against celebrity Courtney Love, which Love has since settled but which legal types were hoping would go to trial to establish a precedent around social media liability. As it stands now, "people have been arrested under obscure state laws" for online defamation, hostile environment and cyber-stalking -- none of which, if proven, are covered under current cyberliabilty or employment practices liability policies, Smith says.

This means the insurance industry has some tweaking to do to protect policyholders operating in the wild worldwide web. Establishing conduct exclusions, rethinking triggers under cyberliability policies and determining the extent to which behavior falls under E&O policies could all play a part.

Things change so quickly in the online world that corporations that bought comprehensive cyberliability coverage only a few years ago need to revisit their exposures in light of those changes, he says. “A company that a year ago stated in their social media policy that they didn’t want employees speaking on social media on behalf of the company have recognized that sites such as Linkedin can be useful business tools for marketing and are encouraging just that,” he says. “This changes not only the company’s IT security practices, but could require changes in insurance coverage as well.”

Agents and brokers counseling their clients on cyberliability should know that if the coverage was considered three or more years ago, it’s time to take another look at it. “The risk appetite may not have changed, but coverage and pricing have, as has the breadth of coverage now available,” Srail says. “It’s an issue that needs to be revisited on an ongoing basis.”

In the meantime, the proverbial ounce of prevention can go a long way in protecting corporations against the sort of woes Weiner is experiencing. Smith suggests:

• Having a written social media policy, either in employee handbook or as separate document, signed by employees;
• Training and monitoring employees on appropriate social media use
• Ensuring that the C-suite is familiar with their own technology and meeting with IT, compliance and/or the chief privacy officer;
• Developing a Data Breach Incident Response plan, stressing internal control as the first line of defense; and
• Considing firewalls and/or blocking social media use during office hours.