Cyber Liability Insurance: The Value of an Educated Broker in the Age of E-Commerce (PLUS Journal Archive)

PLUS CyberIn this preview of an article from Issue XXIV, Volume 12 of the PLUS Journal (December 2011) authors Richard J Bortnick and Abby J Sher look at how intangible cyber losses are not typically covered under a CGL policy.

PLUS is offering exclusive cyber liability and data security sessions as part of the upcoming Medical PL and Professional Risk Symposia, March 29 & 30 in Chicago.

From the Journal article:

A typical CGL policy defines “property damage” as “physical injury to tangible property, including all resulting loss of use of that property.” Although this definition would apply to traditional property damage losses (such as those arising from fires, impaired property and the like), many policyholders and brokers might incorrectly assume that it also extends to technology and cyber privacy losses involving intangible property, such as electronic data. Such an interpretation, however, may be regarded as contrary to the plain and ordinary meaning of the policy language, which specifies that “property damage” is premised upon ” physical injury to tangible property.”

This misconception perhaps is based upon the intuition of policyholders and brokers that traditional policy forms should adapt to protect against evolving risks.  While this assumption may seem reasonable to policyholders, it is not one ratified either by policy drafters or the courts, as will be discussed more fully below.

Prior to the widespread use of technology and paperless systems, the disclosure of confidential information and destruction or theft of client or employee records would, generally speaking, have involved paper documents – that is to say, “tangible” property – and thereby possibly would have been covered by a CGL and/or fidelity policy. At the same time, prior to the advent of the internet and the widespread use of computers, the possibility that a company might  be damaged by the electronic “equivalent” of a data theft or computer breakdown was largely unimaginable, and surely not contemplated by underwriters, brokers or their policyholders.  Thus, CGL policies were not drafted with the thought that such risks would exist – or be covered.

Oddly, it is sheer coincidence that a typical CGL policy specifically carves out intangible property damage from its definition of “property damage.”   Indeed, ISO’s addition of the word “tangible” to its standard CGL form in 1966 was in response to efforts by policyholders to obtain coverage for rights, obligations, and other forms of economic loss.  Prior to 1966, “property damage” was defined as “injury to or destruction to property.”  The 1966 definition, which defined “property damage” as “injury to or destruction of tangible property” was “misleadingly simple.” Laurie Vasichek, Liability Coverage for “Damage Because of Property Damage” Under the Comprehensive General Liability Policy, 68 Minn. L. Rev. 795, 801 (1984).  In view of this and other criticisms of the 1966 revision, ISO further clarified the definition in 1973 so as to require “physical injury to tangible property.”  Like the 1966 amendment, this change was designed to limit coverage to the intended categories of loss, and to preclude coverage for diminution in value and other intangible losses.

It nonetheless remains that CGL policies were not drafted in contemplation of cyber losses and were not rated to address their potential breadth, as the scope of a cyber loss can easily exceed the loss resulting from a typical property damage claim. In the course of a data breach, a large quantity of data can be remotely accessed, duplicated, and disseminated within a fraction of a second; certainly far more permanent damage can be done in a nano-second than in the case of a defective product or a natural catastrophe involving traditional brick and mortar property damage.  Moreover, if stolen personal or confidential corporate information is circulated on the Internet, the harm becomes both permanent and widespread.  The potential implications of this loss extend far beyond the scope of traditional tangible property damage. Cyber breach remediation requires time, intelligence and a significantly more advanced means of reparation, if any such repairs are even achievable when it comes to personal and confidential corporate information.

PLUS members can read the entire article on  www.plusweb.org.You must log in to the website to view this content.

This entry was posted in Cyber, General Risk Management and tagged , , , by plushq. Bookmark the permalink.

About plushq

The Professional Liability Underwriting Society (PLUS) was founded in 1986 by industry professionals who recognized the need for a forum for individuals involved in the field of professional liability. The Society is a non-profit organization with membership open to persons interested in the promotion and development of the professional liability industry. Membership consists of over 6,500 individuals, representing over 1,000 companies active in the many fields of professional liability. PLUS currently receives the support of more than 200 companies through corporate membership. PLUS is recognized as the primary source of professional liability educational programs and seminars, assistance to its members to help serve clients, and information regarding professional liability. The Society is continually seeking new means to fulfill its mission statement and better serve its members.

2 thoughts on “Cyber Liability Insurance: The Value of an Educated Broker in the Age of E-Commerce (PLUS Journal Archive)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s