Prepare Now For Cyber Insurance Disputes

Limits on coverage from standard commercial general liability (CGL) insurance were codified in a 2004 rewrite of the standard form, to exclude “[d]amages arising out of the loss of, loss of use of, damage to, corruption of, inability to access, or inability to manipulate electronic data.” (A subsequent rewrite, which applied only to some policies, restored coverage for bodily injury.) While the intent of the exclusion was to preclude coverage for more typical kinds of cyber-breach damage, like loss of data or computer functionality, the way it plays out in coverage disputes is far from settled. As for the newer product – dedicated cyber insurance – the parameters of its coverage are also uncertain, writes McGuireWoods attorney Paul K. Stockman. But he notes that in cases where losses are very large, you can be sure the carrier will be “tempted to engage in so-called ‘retrospective underwriting,’ an exercise in ‘Monday morning quarterbacking,’ in which its claims staff pores through the policy looking for some textual excuse – any excuse – to deny coverage for a risk that the insurer and its customer both intended to be covered, but that has now turned out to be unprofitable.” Given this unsettled insurance landscape, the author provides suggestions on what policy holders can do to mitigate their risk.