310 Appendix A · Legal Principles for Information Security Evaluations gering levels in the coming years, and this trend is capturing the attention of some of the more sophisticated insurance companies. Some companies are developing products to provide coverage for losses resulting from breaches of information security. Companies should contact their carriers and do their own independent research to determine what coverage, if any, is or will become, available. Customers of information security consultants, with the advice of quali- fied and experienced counsel, must take into account all of these issues in determining how best to mitigate their legal risk. A key component of miti- gating that risk is the relationships established with information security con- sultants, including qualified and experienced counsel and skilled and respected technical consultants.Those relationships, of course, must be established and governed by written contracts (discussed in the next section). What to Cover in Security Evaluation Contracts 64