<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1557350231232256&amp;ev=PageView&amp;noscript=1">

Insurance Companies Changing Vague Coverages To Avoid High Costs Of Cyber Risks

Posted by Jeffrey Forbes on Apr 16, 2020 5:00:00 PM

Avoid High Costs Of Cyber Risks

Companies without cyber insurance can find themselves in difficult situations.  As more and more vital business functions migrate to electronic systems, companies without cyber insurance have to try and find coverage for any damage to their systems through traditional insurance policies.  That approach can work depending on the specifics of a policy and a claim, but it might lead to additional legal costs fighting with the insurance company.

Cyber Attacks Leave Businesses Footing The Bill

A graphics and screen printing company recently discovered this in respect to a ransomware attack the company suffered in 2016.  National Stitch and Ink is a Maryland company that lost access to its data and software as part of a cyber attack.  The company had to hire an information technology contractor to restore its systems to working order, but the protective systems installed rendered the system slow and caused a decrease in efficiency and the recovery of a number of intellectual property items such as artwork could not be completed.  Lacking a cyber insurance policy, the company filed a claim through its traditional property coverage.  The insurance company, State Auto Property & Casualty Insurance, denied the claim.  National Stitch and Ink filed a lawsuit seeking a judgment against State Auto requiring them to cover the claim.

See the April 2020 Employee Benefits Newsletter Now

The Courts Focused On Insurance Benefitting The Insured

The Court’s analysis focused on the specific language of the insurance contract.  Maryland follows the general rule that ambiguities in an insurance contract should be resolved in favor of the holder.  The policy at issue explicitly provided coverage for electronic data  processing and software and the data stored on electronic data processing media. It also provided coverage for “direct physical loss or damage” to such property. 

Click for the COVID-19 Coronavirus Business Risk Update Resources

Courts Find Coverage In Broad Statements

Looking to the plain language of the contract, the Court determined that the ransomware attack caused “damage” both to National Stitch and Ink’s data and the computer system on which it was stored.  Because of the broad language in this particular policy, the Court did not apply a number of precedents that required some type of direct physical damage to the servers or computers in order for a property policy to cover this type of loss.  This meant that State Auto Property & Casualty had to cover the loss.

3 Reasons Why Employers Should Be Upskilling Right Now

Language In Policies Are Being Updated As Time Goes By To Avoid Vague Coverage Statements In Policies

Unfortunately for companies that do not wish to purchase cyber coverage, most property policies have been modified to explicitly exclude coverage for this type of loss.  Insurance companies are consistently tightening the language in standard policies to ensure those policies will not cover cyber losses.  This makes the purchase of cyber coverage even more important for most businesses, as creative legal arguments attempting to find coverage under other policies are less likely to succeed.  Instead, companies must find competitive and broad cyber coverage in the insurance marketplace that fits their company’s needs.

Blog Post- Don't get burned by contractual Liability Exclusions in Cyber Policies

Topics: Policies, For Your Business, cyber, Insurance Coverage, cyber security, Cyber Insurance, Risks For Businesses, Contracts, Cyber Attack