More and more companies are purchasing cyber insurance as the risks to the company’s businesses from the breach of their networks expand. More companies are also requiring that their vendors and contractors obtain cyber insurance to protect themselves from breaches caused by third parties. As the cyber insurance market place grows, it’s important for companies to know what they get with their cyber insurance policies to maximize the advantage of their purchase.
The failure to understand insurance coverage can create significant gaps in a company’s exposure. Businesses need to make sure they understand the terms of their policies when shopping for coverage to make sure what looks like a good deal isn’t paying a little less money for a lot less coverage. Professional liability policies, also known as errors and omissions coverage, can create some of these issues simply because of the way these policies vary from normal insurance coverage.
A trend has existed in recent decades increasing the liability of corporate directors for their failures to adequately oversee the companies they are in charge of. Directors and Officers liability insurance policies were created to address this liability trend. Directors and Officers insurance, commonly referred to as D & O insurance, is normally purchased by the corporation and indemnifies the directors, officers, and executives of the corporation from lawsuits filed alleging they acted negligently in running the company. In this sense, D & O insurance functions like malpractice insurance for CEOs and Chairmen of the Board.
The cyber market has evolved incredibly in a few short years. It’s been barely more than twenty years since the internet became a ubiquitous presence in the lives of most Americans. As cyberspace has grown, the risks attendant on cyberspace has grown as well. To meet the challenges of combining scope and risk, legislators and courts have had to move quickly to regulate this area and protect individuals from loss. At the same time, insurance companies have had to tailor policies to protect companies from the risks of doing business online.
Commercial general liability policies provide insurance on a per occurrence basis. What constitutes an occurrence, though, is an area of significant debate. This is an issue that constantly arises in construction cases, especially construction defect. The commercial general liability standard language defines an occurrence as an “accident . . .”. Yet courts have divided on whether faulty workmanship in the course of construction constitutes an “accident” and therefore an “occurrence” triggering coverage under a commercial general liability policy.
The clash between the stringent privacy requirements of HIPAA and the known vulnerability of most cyber systems creates a host of anxieties for most modern medical care providers. The Health Insurance Portability and Accountability Act requires that medical providers and insurers take reasonable precautions to ensure that the medical information of their patients remains private. At the same time, it is increasingly apparent that almost all cyber information systems have at least a few vulnerabilities, even if only through their users, and few systems can withstand a dedicated, concentrated cyber assault.
Wire transfer fraud claims resulting from cyber attacks have increased dramatically over recent years, and companies are losing millions of dollars in these attacks. As is common when a new business risk develops, organizations look to their insurance policies to help cover their losses. As we have shared in previous examples, the coverage is not always adequate.
The extent of coverage for a company that has been a victimized may be sparse, and the costs of any breach are ongoing. Consequences of a fraudulent wire transfer depend not just on the specific wording in the policies a business has purchased, but as seen in the following instances, also being upheld differently in different states.
When people think of Directors and Officers Liability Insurance, they often think of massive, publicly traded multinational corporations and shareholder derivative lawsuits that allege damages in the billions of dollars. This can lead smaller, private companies to assume that such coverage does not provide them with significant benefits. Yet these policies can cover a number of different types of losses that impact small companies. All businesses should consider whether directors and officers liability coverage might help them better manage their risks.
In claims handling and litigation, a little creativity with definitions can help advance a case forward. Occasionally, though, that creativity gets pushed a little too far. Fireman’s Fund recently won a declaratory judgment ruling they did not owe coverage to a luxury apartment building. The case hinged on the interpretation of a relatively simple word in the insurance policy - “vehicle.”
Social engineering scams continue to see reported increases in the number of claims filed and the damages suffered. These scams, also known as “The President’s Letter”, involve clever impersonation over email to trick employees into wiring money to the wrong bank account. A recent forecast estimated that damages suffered due to social engineering attacks would surpass $9 billion in 2018. With losses that high, businesses need to review their procedures and exposures as it relates to protecting themselves from social engineering scams.