Immediate Vault Immediate Access

Check Your Policy: ‘C’ in CGL Doesn’t Stand for Cyber

Posted on by

Data breaches continue to escalate and garner national attention, and 2014 may be known as the turning point when businesses realized the dramatic significance of such a risk—and that it is not when, but if, a breach will occur. The sheer number of high-profile breaches is also waking up policyholders to the fact that cyber insurance is a critical part of any insurance program.

In response to the continually-growing risk of loss from cyber and privacy violations, insurers are reacting in two ways. First, most insurance companies have excluded cyber risks from more traditional insurance policies, such as commercial general liability (CGL) or commercial property.

Secondly, insurers are racing into the market with new products aimed at providing specialized coverage for such losses. Now is the time to analyze exposure for cyber risks and address insurance needs to close any gaps in coverage.

CGL isn’t for Cyber Coverage

Just as insurers reacted to CGL policies providing coverage for environmental exposures, they are now doing so with respect to cyber losses. Last May, Insurance Services Office (ISO) introduced several new endorsements addressing access or disclosure of confidential or personal data. These new endorsements will strip most, if not all, coverage for data-related losses from CGL policies.

The losses that are excluded could be those at the heart of an enterprise that if uninsured, could cripple a business with response and rebuilding expenses related to their network infrastructure. These endorsements are already showing up in most renewals.

Perhaps even more significantly, the endorsements not only exclude coverage for the compromised data or information itself, but also for the costs of responding to and remediating the data breach or violation. The endorsements specifically exclude any coverage for, “notification costs, public relations expenses or any other loss, cost or expense,” incurred as a result of the event.

The Sony coverage case is cementing the idea that CGL policies will not provide coverage for data breaches. Zurich American denied Sony’s claim for defense and indemnification in wake of the massive data breach with its Playstation system. The data breach exposed personal information of tens of millions of users, and Sony’s losses are reportedly estimated to be as high as billion.

online pharmacy xifaxan with best prices today in the USA

Zurich sought a ruling that it did not have to defend or indemnify Sony for any data breach claims.

In his bench ruling last March, New York Supreme Court Justice Jeffrey K. Oing ruled that acts by third-party hackers do not constitute, “oral or written publication in any manner of the material that violates a person’s right of privacy,” in the coverage B (personal and advertising injury coverage) under Zurich’s CGL policy.

Insurers are certain to resist efforts to find coverage under CGL policies.

A True Cyber Policy is an Insured’s Best Protection

The good news is that businesses can obtain cyber insurance for losses, but it is critical to understand the full scope of the coverage you purchase. Insurance to protect your property and network can include:

• Computer data restoration

• Re-securing a company’s information network

• Theft and fraud coverage

• Business interruption

• Forensic investigations

• Extortion

Commentators note that first-party losses are usually the higher costs to a business suffering a cyberattack, so adequate coverage in this area is vital.

Organizations need liability insurance as well. Of course, most coverage in this area will provide for a defense to litigation brought by customers for their direct losses due to a breach. Insurance may also cover: crisis management, credit monitoring for customers, the cost associated with notifying customers of a breach, media and privacy liability and responses to regulatory investigations.

There is no time like the present for policyholders of all sizes to analyze their insurance programs to determine if their current insurance will cover cyber risks.

online pharmacy vilitra with best prices today in the USA

However, the policy forms among the different carriers vary tremendously, and policyholders must be vigilant to ensure they purchase the right coverage.

A critical area to watch for with cyber insurance are the sublimits.

online pharmacy lasix with best prices today in the USA

While many policyholders have a far better understanding of standard CGL and property coverage, it remains critical for them to take extra time to truly understand the nature of a new cyber policy being added into their insurance program.

An ounce of prevention upfront from such an analysis may prevent the type of insurance fight many policyholders are facing in order to get the coverage they paid for from their insurer.

This entry was posted in Uncategorized by Collin Hite. Bookmark the permalink.

About Collin Hite

Collin Hite is a partner and practice leader of the insurance recovery group at Hirschler Fleischer in Richmond, Va. He handles insurance recovery and coverage litigation nationally, as well as providing insurance policy and program audits for policyholders. He may be reached at chite@hf-law.com.