Cyber Risks & Liabilities
CGL Versus Specialized Cyber Liability Coverage
The only way to protect the assets of your business is to carry adequate Commercial General Liability (CGL) Insurance. A CGL policy protects your business from damages caused by bodily injury or property damage for which your business is found to be legally liable. CGL is usually triggered first in the event of a loss, so many business owners don’t feel an additional endorsement or stand-alone policy is necessary.
A typical CGL policy contains three coverages:
- Bodily Injury and Property Damage Liability (BI/PD) – the duty to indemnify and defend the insured for claims made due to bodily injury or property damage.
- Personal and Advertising Liability (AI/PI) – same framework as Coverage A, except it insures claims for personal injury and advertising injury.
- Medical Payments – insurer promises to pay emergency medical expenses for bodily injury for the uninsured or its employees as a result of an accident on the insured’s premises. It pays regardless of who is at fault.
Coverage B for Intangible Assets
If the threat exists that your company could be sued by a competitor for infringement or intellectual property theft, or you do not have the funds to cover legal fees associated with defending your patent or trademark, this coverage is vital. Defending infringement litigation can cost hundreds of thousands of dollars, not including the cost of damages and prejudgment interest. In patent infringement cases, attorney’s fees can easily top $1 million. Budgeting and planning for the protection of intellectual property rights may not only save your company a significant amount of capital, it may also help keep your business viable when legal bills accumulate rapidly.
Any act by the insured that somehow violates or infringes on the rights of others (referred to in the policy as an offense) is the subject of personal and advertising injury liability coverage, although only those acts that are specifically listed in the policy are covered. The coverage under the “advertising injury” provision is limited to those injuries that are directly related to the advertisement. Therefore, the policy covers debts owed by the insured party due to claims filed against it.
Coverage B policyholders are sometimes covered in cases relating to trademark infringement; however, copyright claims are only successful when directly related to advertising, and patent claims are rarely covered under the “advertising injury” provision. The cases that allow for coverage in a patent infringement suit are generally limited to instances in which a court finds contributory infringement or inducement to infringe through an advertising medium. Since the advertising injury provision in a standard CGL is limited, many businesses consider additional coverage to protect their intangible assets.
There are three important exclusions in the AI/PI coverage that outline the need for additional intangible asset coverage:
- Excludes AI/PI arising out of the infringement of copyright, patent, trademark, trade secret or other intellectual property rights.
- Excludes AI/PI committed by an insured whose business is:
- Advertising, broadcasting, publishing or telecasting
- Designing or determining content of websites for others
- An Internet search, access, content or service provider (ISP)
- Excludes AI/PI arising out of an electronic chat room or bulletin board the insured hosts, owns or exercises control.
There will be a large coverage gap in a traditional CGL policy if you are a media company, technology company or any other company that does business predominantly on the Internet.
Specialized Cyber Liability Coverages
Because of the increase in the number of intangible assets companies possess, and the number of companies doing business on the Internet, new types of liability coverages have emerged to meet specific needs.
Errors & Omissions (E&O)
E&O insurance, also known as professional liability insurance (PLI), helps fill gaps in traditional CGL policies by protecting professional advice- and service-providing companies from having to bear the full cost of defending against a negligence claim that a service the company provided did not have the expected or promised results.
An E&O policy can cover intellectual property losses due to copyright infringement and plagiarism while also protecting a business against a data breach or identity theft. For example, if an IT specialist at a company makes a mistake with the company firewall and allows malware to spread through the company’s network, an E&O policy would help cover the losses from the exposure.
An E&O policy can be customized with several other coverages, such as:
- Electronic Data Loss – A fire or virus could lead to a business losing all of its data. An Electronic Data Loss policy covers against this data loss and helps replace lost income due to the incident.
- Data Breach – This coverage is becoming more popular as the number of expensive data breaches increases around the globe. Data Breach coverage can help a business cover the costs of customer notifications and any associated defense costs.
- Media Liability – This coverage protects media-related firms from claims arising from defamation, invasion of privacy, plagiarism, copyright infringement, etc.
Directors’ & Officers’ (D&O)
A D&O policy insures upper management against claims of securities fraud, breach of fiduciary and other types of liability. For example, shareholders of a company could sue a company’s directors and officers for not putting the proper measures in place to stop a data breach.
Claims Made vs. Occurrence Policies
When purchasing CGL and cyber liability coverage, businesses have two primary policy types to choose from—claims made and occurrence. A claims made policy covers claims while the policy is in force, while an occurrence policy provides coverage for when the act occurred. Both types offer distinct advantages and disadvantages, so it is wise to do research to determine the best type of policy for your business.
- Cost – Claims made policies are generally cheaper than occurrence policies. Premiums for claims made policies start low but increase each year to reflect the increased likelihood for claims in the future. While occurrence policies are generally more expensive, there is only a one-time cost with no additional fees.
- Selecting coverage – With a claims made policy, coverage limits are easier to choose because they can be increased annually. You run the risk of being underinsured with an occurrence policy because the coverage you selected 10 years ago might not be able to cover expenses from a claim made today.
- Pre- and post-coverage options – You will need to purchase “nose” and “tail” coverage with a claims made policy because if you are sued in 2006 for services provided in 2004, you will only be covered if your policy has an Extended Reporting Period (ERP), or “tail” coverage. Tail coverage can be expensive, but it is often included for free if you have been insured with the same company for a certain amount of time or it can also be offered as an incentive for switching to another company. Similarly, a “prior acts” endorsement, or “nose” coverage is needed when switching insurers to cover claims that occurred before the new policy was purchased. With an occurrence policy, no nose or tail is needed. It is easier to change insurance companies with an occurrence policy because no pre- or post-coverage endorsements are necessary.
- Long-term protection – An occurrence policy will give you better long-term protection because you are insured from a claim no matter how long after the event the claim was made. For example, if a software company was sued for a security problem in one of its programs that led to a customer suffering a data breach 5 years after the product was released, the software company would be covered by the occurrence policy in place at the time of the breach.
Trust Us to Help Protect Your Intangibles
At Southwest Risk Management, we know insuring against risk can be complicated. We can help you navigate the complex cyber liability insurance world and discuss the coverages you need to protect your business from cyber risks.
For more information visit CYBER SECURITY LIABILITY or call a SW Risk Specialist at 1-866-924-7976 (SWRM).