As we mentioned in Part 1 of this series, cyber coverage has been on the market now for over a decade, and a predictable pattern of obstacles to the sale, and the typical order in which they occur, have emerged.
The first objection is, “A breach won’t happen to us.” We’ve debunked that myth in the previous article, so let’s move on to the second objection: “We are already covered by our existing insurance policies.” But, in fact, existing Property, Casualty and Professional Liability policy wording has evolved to make the policies’ intent clear that security breaches are not covered.
For example, a Building and Personal Property policy would typically have language such as, “Covered property does not include… Electronic data, except as provided under Additional Coverages.” Under the Additional Coverages section, the indicated limit would typically be very low – say $2500. This low limit acts more as an exclusion than as enhanced coverage.
General Liability policies also fail to provide protection, because they deal with “tangible property.” But electronic data is not tangible property, and so cannot be covered under the “property damage” provision.
Professional Liability coverage is a third type that an insured might believe will provide some help in the event of a cyber claim. But many of these policies specifically exclude Network Security and Privacy losses, and also have language excluding payment of claims based on the misuse or improper release of confidential, private, or proprietary information.
It is clear that standard insurance forms are specifically excluding coverage. Note that some forms are adding back small slices of Cyber coverage with low limits. These additional small limits are typically highly inadequate but are added by carriers to more clearly restrict coverage by reducing ambiguity about what coverage is offered.
Helping an insured understand the inadequacy of traditional policy types to handle a cyber event is key, because small and medium-sized businesses (SMBs) are under increasing threat of a digital attack. The impact of a breach can cause significant damage, and the insured would be well-served if cyber liability coverage is in place.
Brian Brown is a guest author for INSUREtrust. He is an expert in cyber liability coverage, and has held a number of senior positions in the insurance industry for over a decade. He may be contacted by email at briandykerbrown@gmail.com or by phone at 404-849-3004.