- Page 1
- Page 2
- Page 3
- Page 4
- Page 5
- Page 6
- Page 7
- Page 8
- Page 9
- Page 10
- Page 11
- Page 12
- Page 13
- Page 14
- Page 15
- Page 16
- Page 17
- Page 18
- Page 19
- Page 20
- Page 21
- Page 22
- Page 23
- Page 24
- Page 25
- Page 26
- Page 27
- Page 28
- Page 29
- Page 30
- Page 31
- Page 32
- Page 33
- Page 34
- Page 35
- Page 36
- Page 37
- Page 38
- Page 39
- Page 40
- Page 41
- Page 42
- Page 43
- Page 44
- Page 45
- Page 46
- Page 47
- Page 48
- Page 49
- Page 50
- Page 51
- Page 52
- Page 53
- Page 54
- Page 55
- Page 56
- Page 57
- Page 58
- Page 59
- Page 60
- Page 61
- Page 62
- Page 63
- Page 64
- Page 65
- Page 66
- Page 67
- Page 68

- Flash version

© UniFlip.com
background image
F A L L 2 0 1 5
27
cover "tangible" property. If a court finds
that software and data are covered under
"tangible" property, a general liability
policy may be sufficient. However, with
the costs incurred by a cyber breach, that
is not a risk worth taking.
AOL experienced first-hand the
problems of having a policy that just
covered "tangible" property. AOL's
commercial general liability policy
did not define "tangible." When AOL
suffered a data breach, it sought coverage
under its commercial general liability
policy. The court held that the damage
caused by the cyber breach was not
covered under the term "tangible," and
ruled in favor of the insurance carrier.
6
On the other hand, the Court of Appeals
of Minnesota found that a commercial
general liability policy was ambiguous as
to whether "tangible" property included
coverage for a computer tape containing
data belonging to a third party, and the
court ruled in favor of coverage.
7
Whether a court will consider
electronic data "tangible" property is just
one of many issues that can arise when
relying on a commercial general liability
policy. Another issue to consider is a
claim for defense and indemnification.
In 2011, Sony Corp. of America and
Sony Computer Entertainment America
suffered a breach in which over 77
million user accounts were hacked,
costing Sony around $2 billion.
8
The
insurance company denied Sony's
defense and indemnification claim, and
the insurance company filed suit seeking
a ruling that it did not have to defend
Sony against any data breach claims.
In 2014, the New York Supreme Court
determined that the insurance company
had no duty to defend. Specifically,
the court found that the policy covered
material published directly by Sony,
and not the third party who stole the
data.
9
The Sony case recently settled.
One blogger calls the case a "Super
Bowl ad for cyber liability insurance"
and remarks that "Sony showed that
companies cannot look to general
liability policies to cover data breaches.
They need to get cyber insurance."
How can you protect your
company from the damages
of a cyber attack?
There are many different cyber insurance
policies available. When negotiating
a cyber liability policy, analyzing your
potential exposure is the first step. One
way to analyze your exposure is to hire
a forensic firm to perform a forensic
analysis of your company's exposure to
cyber risks. Once you receive the report,
"Other key considerations include
whether the company has overseas
operations, whether the company has
call centers, the extent of the company's
internet operations and the company's
reliance on cloud computing."
10
These
factors will help determine the risk of
your firm's data and help to provide the
best coverage for your business.
Conclusion
After considering the risks involved in
failing to procure coverage for a cyber
breach, the advantages of purchasing
cyber liability insurance are worth
the cost. You would never leave the
door to your business unlocked after
closing time, why leave data exposed
to cyber threats 24/7? According to
ComputerWeekly.com, "Data breaches
are now a fact of life together with taxes
and death."
11
If your company is not
prepared for a cyber attack, now is the
time to do so. Conducting a forensic
analysis of your company's exposure to
cyber threats, addressing those security
issues and procuring cyber liability
insurance for coverage in the event of
a cyber attack are crucial to protecting
your company from the extensive costs
of a breach. Relying on your commercial
general liability policy is not enough.
Procuring coverage through a cyber
liability policy is the best decision to
ensure coverage.
1 Ponemon Institute, 2014 Cost of Data Breach Study:
Global Analysis at 1, PONEMON INSTITUTE LLC (May
2014), available at http://public.dhe.ibm.com/common/
ssi/ecm/se/en/sel03027usen/SEL03027USEN.PDF (last
visited February 23, 2015).
2 Id.
3 Ponemon Institute, 2014 Cost of Data Breach Study:
Global Analysis, PONEMON INSTITUTE LLC (May
2014), available at http://public.dhe.ibm.com/common/
ssi/ecm/se/en/sel03027usen/SEL03027USEN.PDF (last
visited February 23, 2015).
4 Id.
5 ISO Comments on CGL Endorsements for Data Breach
Liability Exclusions, INSURANCE JOURNAL (July 18,
2014), available at http://www.insurancejournal.com/
news/east/2014/07/18/332655.htm (last visited February
23, 2015).
6 America Online, Inc. v. St. Paul Mercury Insurance Co.,
207 F. Supp.2d 459, 462 (E. D. Va. 2002).
7 Retail Systems, Inc. v. CNA Insurance Companies, 469
N.W.2d 735, 737 (Minn. Ct. App. 1991).
8 Young Ha, N.Y. Court: Zurich Not Obligated to Defend
Sony Units in Data Breach Litigation, INSURANCE
JOURNAL (March 17, 2014) available at http://www.
insurancejournal.com/news/east/2014/03/17/323551.
htm (last visited February 23, 2015).
9 Id.
10 Latham & Watkins Client Alert, Cyber Insurance: A Last
Line of Defense When Technology Fails, LATHAM &
WATKINS INSURANCE COVERAGE LITIGATION
PRACTICE (April 15, 2014), available at lw-
cybersecurity-insurance-policy-coverage.pdf (last visited
February 23, 2015).
11 Sarb Sembhi, An introduction to cyber liability insurance
cover, ComputerWeekly (July 29, 2013), available at
http://www.computerweekly.com/news/2240202703/
An-introduction-to-cyber-liability-insurance-cover (last
visited February 6, 2015).