Think Your Commercial General Liability (“CGL”) Insurance Protects You From a Cyber-Attack? Think Again.

April 28, 2016

As the world around us becomes increasingly ever connected, the risk of a data breach of your computer system increases significantly. Instances of corporate data breaches are in the headlines more often that even before.  From the unprecedented hacking of Sony Entertainment just over a year ago, to the very recent hacking of Hollywood Presbyterian Hospital in which its computer system was taken over and held for ransom, cyber-based security breaches have the ability to cost you a lot of money in either actual damages or damages to a third party. Target, for example, recently paid out over $10 million as a result of a class action lawsuit arising from the breaches of its customers’ privacy.

While you might think that your CGL policy would protect your business from such occurrences, recent policy exclusions have curtailed many of the protections once covered by CGL Coverage A policies.  Traditionally, Coverage A covers property damage for tangible property.   For policies issued before 2001, court rulings have been split on whether or not cyber-attacks resulted in the damage of tangible property.  After 2001, most policies started expressly stating that electronic data is intangible, therefore excluding insurance coverage from cyber-attacks.  Specifically, in 2004, most Coverage A policies started to introduce language that eliminated coverage for “[d]amages arising out of the loss of, loss of use of, damage to, corruption of, inability to access, or inability to manipulate electronic data.”

More recently, Coverage B CGL’s have been tested in the courts to provide insurance against cyber-attacks for damage that falls under injuries resulting in personal or advertising injury.  As the results of these court rulings, CGL Coverage B policies have started introducing language that excludes claims “arising out of any access to or disclosure of any person’s or organizations confidential or personal information.” Similarly, Fidelity and Crime policies often expressly exclude coverage for damages as a result of theft of data or information.  However, Fidelity and Crime policies have been found to cover instances of fraud for when an employee has been tricked into improperly transferring funds or disclosing confidential information.

Given the fact that the most common types of CGL’s coverages exclude cyber attacks, a prudent business owner will want to know what type of protection is available.  Those business owners may rest assured; the insurance industry has reacted to the ever present threat of cyber-attacks and has developed products that would protect your operation from such occurrences, including Technology and Errors & Omissions policies, Medical Liability policies, and Cyber Policies. These are often offered as standalone products or as part of a greater comprehensive “cyber risk” policy.

An unexpected cyber-attack can potentially interrupt your business indefinitely – or result in costly privacy breaches. In order to evaluate your exposure to the risks of today’s technological society or for and in depth evaluation of your current insurance policies, the professionals at Rock Fusco & Connelly are readily available to address all of your insurance coverage related inquires.