Connect with us






Misunderstandings over policy language can leave businesses unprotected , Richard Caplan warns in recent blog

Richard Caplan

Richard Caplan

An “alarmingly regular” series of data breaches and other digital attacks against major retailers and other organizations has set off a stampede for cyber insurance, according to Richard Caplan, a litigation associate in national law firm LeClairRyan’s Atlanta office. Purchases of such policies—which buttress traditional crime and general liability coverage—are expected to triple to $7.5 billion by 2020.

“But even if you purchase a cyber-specific insurance policy, disputes over coverage may still arise,” Caplan warns in a recent blog post at Information Counts, which focuses on privacy, data security, information technology, e-commerce and other digital issues. Some recent court rulings illustrate the challenges that businesses face when they try to guard themselves against liability, where decisions can hinge on the meaning of certain key words and phrases in a policy.

For example, following the 2011 Sony PlayStation data breach—where sensitive personal data for some 100 million customers was exposed by hackers—a Supreme Court of New York judge ruled that the insurer had no duty to defend or indemnify the electronics company under its Crime and General Liability policy. While the case was on appeal, Sony and its insurer reached a settlement.

“The insurance company argued its policy ‘was never intended to cover cyber losses,'” Caplan writes in the blog, Cyber Insurance: Make Sure You Understand Your Coverage. “But even if you purchase a cyber-specific insurance policy, disputes over coverage may still arise.”

He also cites a case involving Federal Recovery Services, which allegedly mishandled data from a company that operated fitness centers in several states. Federal had a cyber policy, but the United States District Court in Utah determined the insurance company was not obligated to defend Federal under the policy terms.

“This case illustrates two conflicting issues floating around in the world of cyber insurance,” Caplan explains. “First, that whether an insured is actually covered is not always so clear; and, second, that courts may be requiring a heightened standard of care for insurers to diligently investigate a cyber-related claim.”

Companies considering cyber insurance should start with the basics common to any kind of policy, he advises: “Do you need it, what risks should be covered – first party remediation, third party claims, or both – and how much is enough.”

Other cyber-specific issues include whether the carrier or the insured will choose a forensics expert in the event of a breach, or whether the carrier will impose underwriting conditions like data encryption and periodic audits or penetration tests. Also, “What key data are you trying to protect, how it is currently secured, and what is the risk of third party claims or litigation if it is compromised?” Caplan notes. “Many companies think their GCL or Errors & Omissions policies cover certain cyber risks, when in reality those risks may be specifically excluded.”

Additionally, many companies that have already purchased cyber insurance mistakenly think it covers all first-party costs in the event of an incident – like investigation, notification and credit monitoring – when it actually only covers third party claims, or lawsuits.

“If your cyber coverage only kicks in when a third party makes a claim, then practically speaking you may not have any coverage at all,” he warns. “For now, perhaps the most important thing to do is make sure you do not fall into the category of someone who thinks they are covered when they are not.
Also review the language and scope of your coverage on a periodic basis, speak with counsel about developing law in this rapidly evolving area, and monitor the way insurance companies are modifying their terms and contracts in response to recent legal and other developments.”

To read the full blog post, visit

Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate

Newsletters with Secrets & Analysis. Subscribe Now

Newsletters with Secrets & Analysis. Subscribe Now

Newsletters with Secrets & Analysis. Subscribe Now