Cyber Insurance Exclusions To Watch Out For

Attorney Stephen O’Donnell from Steptoe & Johnson, writing in The D&O Diary, looks at the varieties of litigation that can follow a cyber breach (he finds seven of them, ranging from customer litigation to shareholder lawsuits), and the coverage issues that can arise when defendants then try to invoke their cyber liability policies. He finds there are some loopholes in most of them, major ones being the retroactive date and policy inception date-related exclusions. These would come into play because the allegations in these cases “inevitably include a contention that the hacked company failed to implement computer system protections.” Generally that action – or more to the point, failure to act – spanned a period of time that goes back into the past, almost certainly before the policy was retained. “Depending on the wording of retroactive date and policy inception date-related exclusions, the third-party liability protections afforded by a given product may be less than meets the eye,’ O’Donnell writes. By by understanding this potential issue, he says, the company may be able to negotiate a better set of terms, no doubt for an increased premium.