Companies without cyber insurance can find themselves in difficult situations. As more and more vital business functions migrate to electronic systems, companies without cyber insurance have to try and find coverage for any damage to their systems through traditional insurance policies. That approach can work depending on the specifics of a policy and a claim, but it might lead to additional legal costs fighting with the insurance company.
While the world steps through the global pandemic, we know our clients are facing the same questions, concerns, and decisions that we are grappling with. The collective safety of our employees, families, clients, and your business interests weigh heavily on everyone’s mind. Disaster planning can only take you so far when experiencing anything of this magnitude.
How does insurance play into the events unfolding? Insurance policies address coverage in general terms. The specific circumstances around each loss or situation will determine whether or not coverage applies. However, in general terms, we’d like to share an overview of the potential claims issues in various lines of coverage and how those policies might respond.
Given the relative newness of cyber insurance policies, comparatively little case law exists interpreting these policies in the context of claims. Courts have sometimes struggled with how to interpret unique policy provisions in the context of variations of computer fraud. While some courts have taken highly technical approaches to the language contained in the policy, other courts have taken a more relaxed approach based on the understanding of the parties. A recent case out of the Eleventh Circuit Court of Appeals highlights these issues. Principle Solutions Group, LLC v. Ironhorse Indemnity, Inc. tackled a claim dispute between an insured business and an insurance company involving a cyber claim.
Claims made insurance coverage can create some confusing issues. A claims made policy covers claims that are made against the policy during the period of the policy’s effective dates. This is in distinction to an occurrence policy, which covers claims based on the policy in effect when the incident giving rise to the claim occurred.
There are recognized patterns of higher risk. For example, Hurricanes and earthquakes do catastrophic damage to a specific geographic area. These natural disasters pose unique risks to insurance companies as a result of that history. If an insurance company insures at lot of this type of risk, it can face massive losses and have its financial stability threatened. For this reason, insurance companies try to avoid insuring too many homes or businesses (for this example) in an at risk area for hurricane or earthquake damage. While this helps keep insurance companies financially sound, it can make coverage harder to obtain for those who need it most.
Lawsuits are expensive... and they only ever get more costly as time goes on. To reduce delays, state governments have searched for ways to fairly apportion damages for certain types of accidents without having injured parties resort to filing lawsuits for some time. Workers' Compensation is one example of a system that states have used to avoid and prevent lawsuits in the specific field of workplace injuries by eliminating any requirement for fault or negligence.
Pollution coverage in commercial automobile coverage can be a tricky subject. The standard commercial automobile policy excludes coverage for pollution events unless the pollution stems from a substance necessary to the operation of the vehicle; this means substances like gasoline or brake fluid. There are three ways companies get around this exclusion – through the MCS-90, through transportation pollution liability coverage through a stand-alone policy or as part of a contractor’s pollution liability policy, or through the CA-9948 endorsement.
Have you insured your property to its full value? It can be tempting to underestimate the value of your property when purchasing insurance to obtain lower premiums. Someone thinking about employing this strategy might only want coverage to a certain level and be willing to accept the negative consequences of a loss that exceeds the policy limits.
When people think of cyber losses and cyber insurance, they tend to think of privacy breaches. The exposure of personally identifying information and concomitant risk of identity theft, which is followed by notification costs and regulatory fines is a recognized threat. More and more, though, the interruption of day to day business is the highest cost of a breach. These losses can lead to lost sales, lost productivity, reputational damage, and missed deadlines leading to breach of contract.