The Matrix

The increase in cyber breaches and hacks has resulted in litigation, some involving policy interpretation, and some involving new theories of liability. The two cases described below are illustrations of the types of issues that businesses, insureds and insurers continue to face as result of cyber liability. In the first case, the court found that a traditional general liability policy could provide coverage for a cyber breach, a result likely not anticipated by the insurance carrier, nor possibly by the insured. The second case involves injury and death, allegedly caused by a hospital’s inability to use monitoring equipment during a birth because the equipment was inoperable due to a ransomware attack, that likely would be covered under a traditional medical malpractice policy despite the fact that it was a cyber attack that gave rise to the claim for injury and medical negligence.

As cybersecurity incidents increase in frequency and scope, cyber insurance policies are an important tool for companies to mitigate loss from such incidents.  Recent surveys of small and medium businesses reveal, however, that many respondents do not carry cyber insurance.[1] And for those that do, the cost of such coverage is rising.  For companies considering purchasing or renewing a cyber policy in light of new or increasing risk, this article provides a brief primer on the types of coverages that cyber policies offer, potential add-ons to coverage, common conditions and exclusions, and other cyber insurance-related questions.