FYI: Cyber Claims Excluded from General Liability Coverage
Unique ID: f5684da4-6de8-4ba1-acf8-fbb91dfc1102
Download our Cyber Liability E-Book for more tips!
It seems like every day there’s another data breach affecting hundreds of thousands of people, costing millions of dollars. So who’s actually paying for all the defense, personal data monitoring, forensic investigation and network equipment replacement? Well that’d be insurance carriers and the companies themselves.
Most companies have been relying on their commercial general liability (CGL) policy to provide that coverage. But, that’s about to change. Recently some insurance carriers have pushed the issue to ban cyber coverage under the commercial general liability (CGL) policies through the courts, and they’re having some success. This new coverage battle between carriers and policyholders is significant as many companies are relying on their CGL policy to provide coverage for a data breach.
The latest carrier to make this move is Travelers Cos. unit who sought a court ruling that it’s not obligated to indemnify and defend P.F. Chang’s China Bistro for a 2013 data breach. Travelers is basically saying that the “property damage” covered in its CGL policy doesn’t include loss or damage to “electronic media and records.” In addition to Travelers, a New York State Supreme Court judge held in a bench ruling in that Zurich America Insurance Co. doesn’t have to cover New York-based Sony Corp. of America for litigation related to the 2011 hacking of its PlayStation Network.
The Insurance Services Office (ISO) recently revised its standard commercial general liability policy forms to exclude cyber coverage. It’ll take time for this exclusion to be widely adopted by the insurance industry, but as long as data breaches continue to increase along with the cost, it’ll be an industry standard exclusion for all. Some policyholders have had success in getting the CGL insurer to provide coverage for data breaches, but the fact the carriers are willing to file law suits against their customer is a good indication that carriers are drawing a line in the sand with regards to cyber coverage under CGL policies.
So what should a business do to make sure data breaches and cyber-attacks are covered? First, you should consult with your insurance broker to determine if or what kind of cyber insurance you need. Make sure your policy limits are adequate to cover potential losses and make sure the policy has retroactive coverage. Also, don’t put all your eggs in one basket; make sure that you align your cyber policy with other policies like property, crime, or kidnap and ransom to ensure multiple layers of coverage.
To learn more about data security breaches, check out this Assurance University replay.
ABOUT THE AUTHOR