Chosen by her peers for inclusion in the 2024 and prior editions of The Best Lawyers in America® in Insurance Law, and selected by the National Law Journal for inclusion as part its 2021 inaugural list of twenty-two nationwide Insurance Law Trailblazers, which distinguishes and spotlights a select group of lawyers who have “made sweeping efforts to make a positive contribution” as “agents of change” in the insurance industry, Ms. Sutton is highly experienced and concentrates her practice in the areas of insurance recovery, risk management counseling, and emerging cybersecurity, privacy, and data protection-related issues, including incident planning and breach response, and management liability-related issues.

For over two decades, Ms. Sutton has successfully represented clients in connection with a broad spectrum of insurance claims and issues arising under almost every kind of business insurance policy, and has extensive experience in the selection, drafting, negotiation, and placement of Cybersecurity, Privacy and Data Protection (Cyber), Directors & Officers (D&O), Management Liability, Errors and Omissions (E&O), and Technology E&O insurance coverage. Her experience includes all phases of coverage litigation through trial and appeal, and international arbitrations.

In addition to aggressively and successfully pursuing her clients' insurance recoveries in disputed insurance claims settings, and assisting clients in recovering hundreds of millions in insurance assets to date, Ms. Sutton counsels clients proactively on complex insurance placement and risk management issues. She advises clients in assessing their potential cybersecurity, privacy, and management liability risks, among myriad other forms of organizational risk, and in securing appropriate insurance to cover those risks. Ms. Sutton provides clients with strategic advice on how to best maximize the value of their current and historic insurance assets. She also has extensive experience conducting insurance due diligence and placing Representation and Warranty insurance in connection with mergers and acquisitions, and in drafting contractual risk transfer provisions, including insurance and indemnity clauses.

A recognized national authority in cybersecurity, privacy, and data protection, insurance recovery, and directors and risk management issues, Ms. Sutton frequently lectures on these subjects, including most recently serving as a featured speaker at the RIMS 2024, 2023 and 2022 RISKWORLD™ annual conferences in San Diego, Atlanta and San Francisco, and provides interviews to leading industry and mainstream publications, such as The New York Times and The Washington Post.

She is delighted to have been selected to serve on Law360's 2022 Cybersecurity & Privacy Editorial Board and to have coauthored the cybersecurity guide for executives, Navigating the Digital Age: The Definitive Cybersecurity Guide For Directors and Officers.

Representative Experience

  • Successfully served as lead insurance recovery counsel in connection with one of the largest retail data breaches to date.
  • Successfully served as lead insurance recovery counsel on behalf of one of the four largest U.S. bank holding companies in pursuing recovery under its financial institution bonds/fidelity insurance policies in connection with a substantial employee theft loss.
  • Successfully represented a worldwide oil and gas exploration and production company in a case regarding recovery under Bermuda Form policies for class action litigation alleging Hurricane Katrina-related property damage.
  • Successfully served as lead trial counsel in a precedent-setting victory on behalf of the insured in a landmark decision concerning CGL insurance coverage for losses caused by a mechanical equipment failure.
  • Successfully represented one of the largest U.S. diversified financial institutions regarding recovery under its vehicle residual value insurance policy; the case settled favorably on the eve of trial for a mid-nine figure recovery.
  • Successfully represented a group self-insurance fund policyholder regarding recovery under its crime/fiduciary policy in connection with a substantial employee theft loss.
  • Placement of cybersecurity, data privacy and Management Liability/D&O insurance for:
    • Largest global telecommunications company
    • Fourth-largest media conglomerate
    • Largest private operator of health care facilities
    • Second-largest food and beverage company
    • Third-largest producer of aluminum
    • Fourth-largest chemical company
    • World-class private research university
    • Largest third-party payment processor for issuing banks in North America
    • One of the five largest U.S. banks
    • Fortune 500 multinational financial services corporations
    • Fortune 500 retailers
    • Second-largest electricity generator in New Zealand
    • Cloud-based technology companies
    • Multibillion-dollar freight transportation and logistics company

Publications and Speeches

Recent Featured Speaking Engagements

  • "Ransom, Regulation, Kinetics and Biometrics: Cutting-Edge Insurance Solutions for Today’s Risk Landscape," RIMS Annual Conference, San Francisco, CA, May 5-May 8, 2024
  • "Your Ransom Risk Playbook: Attack Planning, Insurance and OFAC Compliance," RIMS Annual Conference, Atlanta, GA, April 30-May 3, 2023
  • "Ransom, Regulation, Kinetics and Biometrics: Cutting-Edge Insurance Solutions for Today’s Risk Landscape," RIMS Annual Conference, San Francisco, CA, April 10-13, 2022
  • "Your Ransom Risk Playbook: Attack Planning, Insurance and OFAC Compliance," RIMS Annual Conference, San Francisco, CA, April 10-13, 2022
  • "Managing Risk at the Intersection of Cybersecurity, Data Privacy and Business," "SCREENS LOCKED AND FILES BLOCKED: YOU HAVE THAT COVERED, RIGHT?", TIPS 2020 Cyber Security Conference, Georgia State University College of Law, Atlanta, GA, March 5-6, 2020
  • "Privacy Compliance Process Management," The Inner Circle: Insight-Influence-Ideas, Legal Operations, Beverly Hills, CA, February 9-11, 2020
  • "Data/Information Management" and "eDiscovery Process Management," Today's General Counsel Institute's The Exchange Legal Operations Forum, Chicago IL, October 3, 2019
  • "Privacy Compliance Process Management," Today's General Counsel Institute's The Exchange Legal Operations Forum, Beverly Hills, CA, February 26, 2019
  • "The State of Data Breach Litigation and What You Need to Know and How to Protect Yourself," LegalTech, New York NY, January 31, 2019
  • "Cybersecurity: Securing Your Campus with Finite Resources," National Association of College and University Attorneys (NACUA) Annual Conference, Minneapolis, MN, June 24-27, 2018
  • “Cause and Effect of Cyber Risk: Cutting-Edge Insurance Solutions," RIMS Annual Conference, San Antonio, TX, April 15-18, 2018
  • Cyber And Technology Risks for the 21st Century- Modern Hazards and Modern Coverages, "The Broker's Role in Modern Claims," 2018 FSLC Midwinter Meeting, Washington, DC, January 25, 2018
  • "Data Security and Privacy Litigation," The Exchange Data Privacy & Cyber Security Forum, Today's General Counsel and Institute Conference, Washington, DC, November 2-3, 2017
  • "The Legal and Insurance Aspects of Information Technology," Pittsburgh CIO Forum, Pittsburgh, PA, September 20, 2017
  • "AIG Manufacturing Client Forum - Solving Cyber Risk," Pittsburgh, PA, September 14, 2017
  • "Current Developments in Privacy and Cybersecurity," Pennsylvania Bar Institute CLE Program, Pittsburgh, PA, October 10, 2017
  • "Data Security and Privacy Litigation," The Exchange Data Privacy & Cyber Security Forum, Today's General Counsel and Institute Conference, New York, NY, May 23-24, 2017
  • "Cyber Insurance Coverage for Business Email Compromises and Ransomware Attacks: Current Trends and Developments," Strafford CLE Webinar, June 6, 2023
  • "Insurance Coverage for Data Breaches and Other Privacy, Cybersecurity and Data Protection-Related Incidents," Strafford CLE Webinar, December 3, 2019
  • "Data Privacy and Information Security Compliance Under Heightened Scrutiny: Responding to a Data Breach or Cyber Attack," Strafford CLE Webinar, May 29, 2019
  • "Insurance Coverage for Cyber Risk and Reality ," Internet Society Cybersecurity SIG Webinar, August 29, 2018
  • "Insurance Coverage for Data Breach and Privacy Violations: Current Status of Coverage Under CGL, D&O, E&O and Cyber Policies," Strafford CLE Webinar, August 23, 2017
  • "Cyber Liability Insurance: Costs, Coverage and Things You Need to Know," The Knowledge Group CLE/CPE Webcast, September 25, 2017
  • "Managing Data Privacy and Cybersecurity Risks in M&A Deals," Strafford CLE Webinar, May 4, 2017

100+ publications

  • Author of 100+ articles in professional journals and academic law reviews on insurance coverage and recovery related issues, all from the insured's perspective
  • Co-author, Navigating the Digital Age: The Definitive Cybersecurity Gu-ide For Directors and Officers
  • Author, Cutting-Edge Insurance Coverage for Privacy, ABA TIPS Cyber and Privacy Committee Fall 2022 Newsletter (Fall 2022)
  • Author, "Securing Insurance for Social Engineering Exploits," ABA TortSource Volume 20, Number 4, Summer 2018
  • Author, "Ransomware Make You WannaCry? Maximizing Coverage Is Worth the Try: Ten Tips for Maximizing Insurance for Ransomware Attacks," Business Insurance, June 2017
  • Author, "Consider Ransomware Now So You Don't WannaCry Later," Law360, May 15, 2017
  • Author, "5 Key Insurance Tips In The Wake Of Hurricane Harvey," Law360 (September 5, 2017)
  • Author, "White House Initiatives Look Toward the Future of Civilian Drone Technology," Public Policy and Law Alert, August 18, 2016
  • Author, "Global Boardroom Risk Solutions Newsletter, K&L Gates Publication, July 2016 Policyholder Takeaways From Portal," Insurance Coverage Alert, May 2, 2016
  • Author, "Securing Insurance for the 'Internet of Things', Special Report: Insurance Coverage," Financier Worldwide Magazine, March 2016

Recent Featured Interviews

  • "Driving Data Suits Highlight Auto Privacy, Insurance Risks," Law360, April 25, 2024
  • "Expanding Privacy Law Enforcement Broadens Insurer Woes," Law360, September 20, 2023
  • "Cyber Carriers Divided On Response To Online Privacy Risk," Law360, May 24, 2023
  • "Merck’s War Exclusion Appeal Win May Shift Policy Language," Law360, May 3, 2023
  • "A Guide To Insurance Coverage For Biometric Privacy Suits," Law360, November 6, 2017
  • "Fear of data breach consequences splits appeals courts," Business Insurance, August 15, 2017
  • "Travelers' Win Deepens Divide Over Computer Fraud Coverage," Law360, August 2, 2017
  • "Anthem's $115M settlement likely to inspire future breach litigation," Advisen Cyber Risk Network, June 29, 2017
  • "Microsoft's New Patch Not A Panacea For Avoiding Cyber Risk," Law360, June 15, 2017
  • "Global Ransomware Attack Shows Cyber Coverage Is Critical," Law360, May 15, 2017
  • "WikiLeaks' release of CIA trove a wake-up call for cyber security," Business Insurance, March 13, 2017
  • "Ransomware attacks covered under multiple insurance policies," Business Insurance, March 6, 2017

Memberships and Affiliations

  • Vice-Chair for the American Bar Association (ABA) Tort and Insurance Practice Section (TIPS) Cybersecurity and Data Privacy General Committee
  • Co-Chair of the ABA Section of Litigation’s Insurance Coverage Litigation Committee’s Cyber Risk & Data Privacy Subcommittee
  • Vice-Chair for the ABA Insurance Coverage Litigation General Committee
  • ABA TIPS Cybersecurity Task Force
  • CGL Reporter,Editorial Board Member

News, Events & Insights


University of Pittsburgh School of Law, J.D.

  • magna cum laude
  • Order of the Coif
  • University of Pittsburgh Law Review
  • Faculty Award For Excellence In Legal Scholarship
  • CALI Excellence for the Future Award ®

Carnegie Mellon University, B.A.

  • cum laude

Previous Experience

  • K&L Gates LLP, Partner
  • Cohen & Grigsby, P.C., Director


  • Pennsylvania

Recent News

Jump to Page

By using this site, you agree to our updated Privacy Policy and our Terms of Use