KCIC was proud to sponsor and attend the 2015 Annual Meeting of the American College of Coverage and Extracontractual Counsel (ACCEC) last month.
The members of this prestigious organization are a veritable who’s who of insurance coverage on both sides of the bar. The day-and-a-half-long meeting included substantive panels on a variety of topics in the insurance coverage litigation space. There was also ample opportunity to network and exchange ideas. Per its mission statement, the College is “focused on the creative, ethical and efficient adjudication of insurance coverage and extracontractual disputes, peer-provided scholarship, professional coordination and the improvement of the relationship between and among our diverse members”. I believe this meeting definitively moved them forward in that mission.
A panel of particular interest to me was “Digital Invaders – Data Breaches: Risk and Insurance Coverage”. Lon Berk of Hunton & Williams and Laura Foggan of Wiley Rein presented a variety of scenarios and potential coverage issues in this new(ish) area of “cyber”.
Some highlights include:
Defining “Cyber” Claim
Is a hard drive falling out of a truck really a “cyber” claim? Is electronic data (basically zeros and ones) really “property” covered by a typical first party property policy? Or is just the box, circuit and wires that temporarily hold the zeros and ones property? Is a data breach an “injury”? Lon and Laura gave great examples of real-life “cyber” situations and possible ways for coverage to be granted or denied with policy language that companies often already have. They also presented a summary of the few coverage disputes around the issues litigated to date.
New “Cyber” Policy Language
In addition to reviewing in the context of general liability and first party property language, Lon and Laura provided some examples of new “cyber” policy language and what they might provide.
The timing of cyber breaches can span multiple policy periods and cause reporting issues. For example, the average malware is introduced eight months before it makes known that it’s there; what if my insurance renews during that eight months? If a hacker re-routes my web site by hacking the DNS server, and I lose business, have I really been hacked?
Does everyone need to run out and buy a “cyber” insurance policy … NOW??? It seems that cyber risk and related insurance coverage will continue to be a hot and very relevant topic for nearly all policyholders. Both the available coverage products and the law are still very much evolving. What’s clear is that policyholders need to be vigilant about continually evaluating their risk, reading all of their existing policies carefully, paying particular attention to exclusions, and consulting regularly with their broker, risk manager and insurance coverage counsel.
Watch for a future post we have planned with Lon Berk and Laura Foggan. We’ll talk with them in depth about cyber risk and insurance coverage, to get more of their unique perspectives on this hot topic!