A CGL Policy May Provide A Duty To Defend Data Breach Claims – 4th Circuit Court of Appeals DecisionApril 14, 2016 | Thomas Rice
Generally, coverage for cyber risk and liability is divided into two classes: First-Party coverage and Third-Party coverage. First-party coverage applies to protect the insured from the costs to its business in the case of a breach. Examples of such costs include expenses like business loss/interruption and replacing/repairing equipment that may have been damaged or affected during the breach.
Third-party coverage applies to the costs an insured may have to pay to third parties or due to injuries of third-parties. Examples of such coverage include judgments as a result of a lawsuit and other expenses a company would have to pay to a third-party, expenses associated with notification of a breach to affected persons and credit monitoring. Also, third-party coverage can insure expenses in responding to government regulators after a breach for purposes of investigation into the breach or penalties/fines as a result hereof. Investigation into the cause of a data breach is often times costly and time-consuming.
There is not a “one-size-fits-all” policy with respect to insuring cyber liability. Instead, policies can be tailored to the needs of the company seeking coverage. By way of example, coverage and premiums can vary based on the following:
- The industry in which a company operates;
- The geographical area in which the company operates (local, national, international);
- The size of the company;
- Coverage for actions of third party vendors storing/accessing a company’s information;
- Effective date of the policy (retroactive v. date policy purchased);
- Remediation coverage; and
- Business loss.
For a company, the decision to purchase cyber liability insurance is not always an easy one. A company is well-advised to evaluate its risk, exposure, and needs to ensure it purchases the correct level and type of coverage. Often times, policies have room for negotiation with respect to coverage and price. Costs can vary between carriers, even for similar levels of coverage. A company should also be informed on the specific requirements that are sometimes included in a policy. For example, certain policies may require that a company engage in preventative measures to ensure that its costumer’s data is safely stored. The issue with some policies, however, is that it will include language like “due care” which is difficult to define. A company that fails to adhere to the requirements of policy may be denied coverage in the event of a data breach. When purchasing a policy, a company should also be aware of not only the total limits of the policy, but of any sub-limits. Specifically, a policy may limit the amount of coverage for investigation, notification, and remediation portions of a breach event that may be smaller than the overall coverage limit.
Cyber liability insurance policies will continue to evolve due to the dynamic nature of cyber security. Companies are well advised to continuously monitor the risks, exposure, and needs to ensure that they have adequate protection in the event of breach.
Class Actions Based on Wrongful Application Of Labor Depreciation In Property Insurance Claims Are Active In MissouriApril 10, 2015 | Thomas Rice
Three separate class actions have been filed in Missouri challenging how depreciation is used in calculating the actual cash value of property damage under homeowners and commercial property insurance policies. In the past insurers used replacement-cost-less-depreciation to calculate actual cash value. This calculation takes the entire estimated replacement cost of property (materials, labor and other items) and depreciates the property based on age and condition. The Missouri class actions allege only materials should be depreciated as a component of the replacement cost, and labor should not be depreciated.
The Missouri class actions raising the labor depreciation issue are McLaughlin v. Fire Insurance. Exchange., 1316-CV11140 (16th Circuit Court for Jackson County, Mo.); Bellamy v. Nationwide Affinity Insurance Company, 1516-CV06346 (16th Circuit Court for Jackson County, Mo.); and Riggins v. American Family Mutual Insurance Company, 2:14-cv-04171-NKL (W.D. Mo.). No rulings on the merits or class certification in any of the three class actions have been rendered.
About Insurance Law Blog
The BSCR Insurance Blog examines topics and developments of interest to insurance carriers, with a particular focus on Missouri and Kansas law. Learn more about the editor, Angela M. Higgins, and our Insurance practice.
The Insurance Law Blog is made available by Baker Sterchi Cowden & Rice LLC for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. Your use of this blog site alone creates no attorney client relationship between you and the firm.
Do not include confidential information in comments or other feedback or messages related to the Insurance Law Blog, as these are neither confidential nor secure methods of communicating with attorneys. The Insurance Law Blog should not be used as a substitute for competent legal advice from a licensed professional attorney in your state.