Is your CGL policy a TARGET for a data breach claim?0 June 19, 2014 at 3:58 pm by Carol Kreiling
Every day we read of yet another hospital, hotel, restaurant or retailer that has been the latest victim of a cyber attack. According to a new report issued by Ponemon Institute, a full 59% of IT security professionals in Canada do not believe their organizations can stop the exfiltration of confidential information.
After Target’s highly-publicized data breach last December, companies have been buying more cyber insurance than ever before – and with higher limits. According to a recent New York Times article, Target had $100 million in cyber coverage in place from multiple carriers. Unbelievably, $100 million may not be enough coverage. According to its quarterly earnings reports, Target has spent nearly $88 million in breach-related expenses alone. Analysts project Target’s breach could cost the retailer a total of $420 million.
Given the astronomical costs associated with a data breach claim, it is no surprise that companies are seeking coverage under every possible type of insurance policy. Earlier this year, in Zurich Am. Ins. Co. v. Sony Corp. of Am., 651982/2011 (N.Y. Sup. Ct., N.Y. Cnty. Feb. 21, 2014), a New York judge refused to find coverage for Sony’s data breach under its general liability policy. Analysts project the damages in that case could reach $2 billion. Sony has appealed this ruling, so this case will definitely be one to watch.
Have other courts found coverage for data breaches under CGL policies? How might Ontario’s right to privacy tort, “intrusion upon seclusion,” impact data breach claims made against a traditional CGL policy? In our latest white paper, Is CGL insurance coverage tonic for the data breach blues? Swiss Re’s Senior Legal Counsel Anthony Mormino and I seek answers to these questions as we explore data breach claims made against a CGL policy.
Note: By submitting your comments you acknowledge that insBlogs has the right to reproduce, broadcast and publicize those comments or any part thereof in any manner whatsoever. Please note that due to the volume of e-mails we receive, not all comments will be published and those that are published will not be edited. However, all will be carefully read, considered and appreciated.