The Policyholder Law Blog
  • Blog
  • John L. Watkins
  • Contact John

Does Your Insurance Cover Cyber Liabilities? Better Check

7/14/2015

 
We live in a world where hack attacks and cyber breaches are common. In addition to the well-publicized Target and Sony breaches, the federal government just admitted it experienced a breach involving over 20 million individuals, and that included highly sensitive security clearance forms.

The risk is not limited, however, to large companies or the government. Almost every business relies on electronically-stored information in one way or another. But if your company experienced a data breach and was sued, your insurance would cover it, wouldn't it?

The short answer is "maybe, but maybe not." Commercial General Liability ("CGL") policies provide the most common liability coverage for businesses. Most CGL policies are written on forms written by the Insurance Services Office ("ISO"), an organization that prepares insurance policy forms for the insurance industry.

The CGL policy used to be called "comprehensive general liability" coverage, but that nomenclature changed in the 1980s. Today, CGL policies are neither that comprehensive nor that general. I have written about the ever-shrinking CGL policy on prior occasions.

In the realm of data breach risks, policyholders have had some luck--but hardly universal luck--in finding coverage under CGL policies. For example, some insureds have been able to recover under "Coverage B" for "personal and advertising injury," which is often defined to include the "offense" of “oral or written publication, in any manner, of material that violates a person’s right of privacy.” The results, however, have been far from uniform. The insurance companies tend to fight these claims hard, and sometimes they win.

More importantly, since 2001, ISO has repeatedly either modified the CGL coverage form or prepared endorsements for CGL policies designed to restrict or eliminate claims for data breaches. An endorsement is simply an amendment to a policy that can either expand or restrict coverage. When a policy contains such restrictive provisions, it becomes even harder to recover.

Unfortunately, my experience is that many businesses have no idea what their policies contain. They do not know, for example, whether their CGL policy, which they may have been faithfully renewing for many years, has been changed to limit coverage for cyber-related risks. 

There is not all bad news. If an insured knows about the restrictions, it may be possible for a savvy agent or broker to eliminate restrictive endorsements. Many carriers now also offer stand-alone cyber coverage. ISO has also now promulgated forms for add-on cyber coverage.

This is still, however, an evolving area of insurance. The new policy forms differ greatly. It is difficult to compare offerings. There has also not been much experience with how carriers will, as a practical matter, handle claims. There are indications, however, that some carriers will take aggressive coverage positions even for these specially-designed products.

For now, policyholders will want to assess their risks, and review their coverage. They may want to consider discussing additional coverage options with a broker, and, if necessary, a coverage attorney.

Comments are closed.
    Picture

    John L. Watkins

    John Watkins is a lawyer with Thompson Hine LLP in Atlanta, Georgia, who represents business policyholders in claims and disputes with their insurance companies.

    These posts are for informational purposes only and do not constitute legal advice. Insurance coverage issues vary substantially from jurisdiction to jurisdiction, and are often fact-specific. Be sure to consult qualified coverage counsel in your jurisdiction for legal advice.

    The views expressed herein do not necessarily reflect the views of Thompson Hine LLP or its other attorneys.


    Archives

    September 2017
    January 2016
    July 2015
    May 2013
    March 2013
    October 2012
    February 2012
    January 2012
    December 2011
    November 2011
    October 2011
    September 2011
    July 2011

    Categories

    All
    Agent
    Attorney
    Broker
    Buried Treasure
    Business
    Buyer Beware
    Buying Insurance
    Cgl
    Computers
    Construction
    Construction Defects
    Coverage
    Cyber
    Cyber Risks
    Exclusions
    Georgia Supreme Court
    Hathaway Case
    Insurance
    Insurance Agents
    Insurance Coverage
    Insurance Policies
    John L. Watkins
    Liability
    Long Tail Exposure
    Policy
    Policyholder
    Reservation Of Rights
    Risks

    RSS Feed

Proudly powered by Weebly