Before the data breaches at Anthem, Home Depot, Neiman Marcus, and Target, there was Sony. In 2011, the Sony Playstation Network was hacked resulting in the theft of customer data. Sony pushed to have their insurer, Zurich, cover the losses resulting from the data breach, but Zurich denied the claim. Sony had a general liability policy, but not a cyber liability policy with Zurich.
Zurich sued Sony stating its general liability policy does not extend coverage, in this case defending and potentially indemnifying Sony against class action law suits, government investigations, and other miscellaneous claims associated with being hacked. The New York Supreme Court agreed with Zurich’s claim denial in 2014 when they cleared Zurich of obligation to cover Sony for litigation connected with the hacking.
A similar situation arose between Travelers and PF Chang’s in October of last year. Customer data consisting of credit and debit card information, was stolen from 33 of PF Chang’s 211 restaurants. The restaurant chain had general liability coverage with Travelers, but not cyber liability coverage. Travelers asked for a judicial ruling stating it is not obligated to provide indemnity coverage and defense costs associated with PF Chang’s breach.
Both of these instances should signal to all businesses commercial general liability policies do not include coverage for cyber liability claims. Unfortunately, 39% of all privately held businesses share the belief their commercial general liability policies provide coverage for cyber liability. Some carriers are including exclusions in their policy language clearly stating losses from a data breach are not covered under their general liability coverage.
The solution is for companies and any organization that has individuals personal data (names, addresses, credit / debit card account numbers, etc.) to have cyber liability insurance. This isn’t just a problem for large companies operating on a national or global basis either. Small companies are as much, if not more at risk, as large ones. They are usually easier to hack (see https://wiseinsurancegroup.com/cyber-liability-insurance-three-big-trends/). How many churches and non-profits accept on-line donations? Physician groups, solo practitioners, hospitals, CPA firms, and financial advisors have extensive information on most patients and clients.
I do not see cybercrimes diminishing anytime in the future. I believe they will become much worse and occur more frequently. The move to smart debit and credit cards with chips implanted on them may help curtail data breaches at point of sale terminals, but they do very little to deter a loss of data resulting from a breach. And the cost to companies for such a breach will only rise. The cost to Sony from the Playstation Network breach was $178 million.
Does your company have cyber liability insurance? Share why or why not, along with your comments, questions, and experiences with me on our Google +, Facebook, and LinkedIn pages. I’d love to hear from you!