Insureon Blog

Once More, with Feeling: Commercial General Liability Insurance Won't Cover Data Breach Liability

21. May 2015 09:20

audience members waiting for a play to begin

If you reach way back into your memory, you may recall skimming a few headlines about the 2011 Sony PlayStation Network hack (not to be confused with the more recent Sony Pictures hack) that compromised 77 million user accounts. Even if you have heard of this breach, chances are you didn't catch much word about the ongoing lawsuit between the Sony Corporation and its insurer Zurich American Insurance.

According to Insurance Business America, Zurich sued Sony when the entertainment company filed a claim on its General Liability Insurance policy to defend and indemnify Sony from class-action lawsuits over the breach. That was back in 2011, and the two companies only just now reached a settlement – four whole whopping years (and probably millions in legal fees) later.

Why pay attention to this years-in-the-making settlement? It offers a notable lesson for small-business owners – one that we've taught before but will happily repeat: General Liability Insurance doesn't cover data breaches.

Enter Stage Right: Cyber Liability Insurance

If it's so obvious that General Liability Insurance doesn't cover data breaches, why would a mega corporation draw on the wrong policy? Good question, dear reader. The answer is three-pronged:

  1. Cyber Liability Insurance is a relatively new product. This is the policy that is designed expressly to cover data breach recovery costs (e.g., notifying affected parties, repairing security, and good-faith advertising). It's so new, in fact, that even in the age of data breaches, many small-business owners don't know the coverage exists. Back in 2011, Sony may not have been aware that the policy was available.
  2. There is some overlap between Cyber Liability and Commercial General Liability policies. This doesn't help dispel the myth that General Liability covers cyber risk – a myth that 39 percent of private companies still believe, according to a Marsh survey. The fact that both Cyber Liability Insurance and General Liability Insurance can offer advertising injury liability coverage doesn't help matters.
  3. Some people think third-party data is the same as third-party property. General Liability can cover damage to third-party property. However, this coverage only applies to tangible property (e.g., laptops), not intangible property (e.g., electronic data such as usernames and passwords). So if you make a mistake that dings up someone's car, turn to General Liability Insurance. If you make a mistake that exposes your customers' data, you need Cyber Liability Insurance.

Regardless of where the confusion stems from, there's simply one takeaway: only Cyber Liability Insurance can cover cyber risks. While there may be a couple avenues to get this coverage (you can purchase it as a standalone policy or add it to your Business Owner's Policy), there's no getting around the fact that if you want data breach coverage, this policy is the way to go.

Curtain Call: Getting Your Policies Straight

Ask yourself the following questions to determine which policies you may want:

That's a wrap, folks. For more resources to help you understand the ins and outs of Cyber Liability Insurance, check out the articles "What Is Cyber Risk Insurance?" and "Why Cyber Liability Claims Cost More Than People Think."

Tags:

Business Owner's Policy | Cyber Risk Insurance | Data Breach | General Liability Insurance | Insurance News | Insurance Terms Explained | Tips for All Small Businesses

Permalink | Comments (0)