The strategic importance and economic value of intellectual property (“IP”) can hardly be overstated in today’s global marketplace. Recognizing this, companies devote considerable time and resources to protect their vital IP assets and minimize the financial harm if/when problems arise. Evaluating the risks, understanding the insurance options available, and purchasing meaningful coverage that aligns with the needs of the business are critical pieces of the risk-management puzzle. Navigating the various options can be difficult. This article outlines some of the major issues.
Initially, policyholders have traditionally looked to their Commercial General Liability (“CGL”) policies to respond to IP disputes. Standard-form CGL policies typically cover “advertising injury” (sometimes called “personal and advertising injury”) which, depending on how these terms are defined in the policy, can cover some types of IP claims.
As cybersecurity incidents continue to mount and as the issue of data security becomes increasingly important and a source of potential liability, companies should consider whether their standard commercial general liability (“CGL”) policies provide adequate coverage. The case law, although limited, suggests that policyholders might face an uphill battle in obtaining coverage.
In Innovak International, Inc. v. The Hanover Insurance Company, No. 8:16-cv-2453-MSS-JSS, — F. Supp. 3d —, 2017 WL 5632718 (M.D. Fla. Nov. 17, 2017), the Court found that the insurer was not required to provide a defense to the policyholder because the underlying complaint did not allege that the policyholder published the private data. Innovak develops and markets accounting and payroll software and maintains a database accessible via Internet portals. The complaint alleged that as a result of Innovak’s negligence, hackers were able to access class members’ personal information, including social security numbers, addresses, dates of birth, telephone numbers, employment information, and spousal information. The complaint included claims for negligence, breach of implied contract, gross negligence, unjust enrichment, and fraudulent suppression. The claimants alleged that they suffered psychic injuries including stress, nuisance, loss of sleep, worry, and the annoyance of dealing with the data breach. Continue reading “CGL Coverage for Cyber Data Breaches: Court Finds No Coverage unless the Policyholder Itself Publishes the Private Information”
In Part I of this two-part series, I identified first-party and third-party insurance claims that could result from a cyber event or attack on the Smart Grid. In this part, I examine how insurance policy language governs resolution of these claims and how to minimize gaps in coverage.
Examine Your Insurance Policies
Traditionally, third-party losses are covered by a company’s commercial general liability (“CGL”) policy. To qualify for coverage under a CGL policy, the policyholder typically must be confronted with a claim for “bodily injury” to another person or “physical injury to tangible property” (collectively known as “Coverage A”), or with a claim for “personal and advertising injury” (injury arising out of certain enumerated offenses such as malicious prosecution or invasion of privacy) (“Coverage B”). Various disputes have arisen as to whether cyber-related losses fit within these coverages. Continue reading “Be Smart about Insurance for the Smart Grid: Coverage for Losses from Cyber Events—Part II”
According to FBI data, cyber-criminals are on pace this year to collect approximately $1 billion through cyber extortion. This is a practice in which extortionists threaten to cripple a computer system or obtain and/or release confidential information unless their demands (usually for money) are satisfied. Although much of this money is coerced from individuals in increments of several hundred dollars, more and more organizations are finding themselves in cyber extortionists’ crosshairs, including documented incidents against local governments, schools, hospitals and businesses in a range of industries. As cyber extortionists increasingly target organizations rather than individuals, security professionals fear the costs of cyber extortion incidents could dramatically increase. Continue reading “The Ins and Outs of Cyber Extortion Insurance Coverage”