The Developing Cyber-Gap In Insurance Coverage

edi-spotlight-banner

Conventional wisdom has been that insureds might be able to recoup losses for cyber-related risks causing personal injury or property damage to third parties by submitting claims to their general liability insurers.   But that window is closing.

In 2013, the Insurance Services Office (ISO), an industry organization responsible for drafting coverage language, issued two endorsements for CGL policies which eliminate the possibility of CGL coverage for cyber-related losses:

  • ISO Endorsement CG 21 07 05 14 excludes coverage for damages arising out of: “The loss of, loss of use of, damage to, corruption of, inability to access, or inability to manipulate electronic data.” “Electronic data” includes “information, facts or programs stored as or on, created or used on, or transmitted to or from computer software, including systems and applications software … which are used with electronically controlled equipment.”
  • ISO Endorsement CG 21 06 05 14 contains  identical language, but contains a limited exception for bodily injury.

These endorsements are appearing more frequently in CGL policies, and insurers are likely to argue that they exclude liability coverage for  bodily injury or property damage claims which are the result, for example, of security breaches in to computers, and electronic programmable controllers of all kinds,  including ubiquitous programmable logic controllers (PLCs), used in everything from Christmas trees to cars to manufacturing plants.

Moreover, in its current form, stand-alone cyber insurance may not close the gap.  Most existing cyber-insurance policies, or ones in development, contain exclusions for bodily injury or property damage.  These exclusions are based on an assumption which is becoming less and less true — that CGL coverage responds to such losses.

Those monitoring this industry issue say it is likely too soon in the process to tell if the gap is likely to become a significant one.  While not all insurers are using the new ISO language, it is becoming more and more popular, however.  The case law remains in its infancy, so there is little to no current guidance on this specific problem.

Conducting a thorough review of existing insurance policies to diagnose the gap is an important first step.  Filling the gap, however, is somewhat more complicated.  It may be that unique products like captive insurance coverage might be the best solution for this exposure, unless and until the conventional insurance market responds.

Reach  me at chaddick@dmclaw.com or 717-731-4800 for more information and a no-cost consultation..

 

 

Advertisement

Author: CJ Haddick

C.J. Haddick is a Director with the law firm of Dickie, McCamey, & Chilcote, PC, based in Pittsburgh, Pa. He has advised and represented insurers in insurance coverage and bad faith litigation for more than three decades, and written and spoken throughout the United States on insurance coverage and bad faith prevention and litigation. He is Managing Director of the firm's Harrisburg, Pa. office. Reach him at chaddick@dmclaw.com or 717-731-4800.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: