FANews
FANews
RELATED CATEGORIES
Category Legal Affairs
SUB CATEGORIES General | 

Beware of Accidental Cyber Coverage

02 February 2023 Keaoleboga Molefe, Norton Rose Fubright

A US appeals court reversed a judgment of the lower court which had declined to read-in cyber coverage in a commercial general liability policy.

The insured operated retail properties and took out a commercial general liability policy (“the CGL Policy”) with the insurer.

During the periods of May 2014 and December 2015 the insured’s credit card system was breached by hackers who obtained unauthorised access to customers’ information from their Visa, MasterCard, and the bank (point-of-sale-system service providers) which issued the customers’ credit cards. This occurred across 14 of Landry’s locations. The credit cards became unusable in the hands of its customers because the information on the cards was compromised. The hackers published the information and used same for illicit activity.

The insured was sued by the point-of-sale-system service providers for $20 million for breach of contract. The insured had failed to follow all programs that protected the service providers from incurring direct liability from any data-breach-related losses.

The insured lodged a claim with its insurer and the claim was rejected by the insurer on the basis that the cyber loss was not covered. The court found that the CGL policy included indemnification for the cyber breach. In interpreting the CGL policy the panel considered the following wording:
“the insurer will pay those sums that the insured becomes legally obligated to pay as damages because of personal and advertising injury” for loss arising from “oral or written publication, in any manner, of material that violates a person’s right of privacy”

The court held that the inclusion of cover for losses resulting from “publication” should be read to include exposing or mere transmission of information even by third-parties (hackers). The court embraced the broadest possible plain meaning of “publication”.

Any ambiguity in the CGL policy was deemed to be resolved in favour of the insured and the claim was payable by the insurer.

The decision is based on an older policy and the latest CGL policies of the insurer have adequate exclusions to prevent cyber liability coverage.

How cyber proof is your policy wording?

Landry’s, Inc. v. The Insurance Company of the State of Pennsylvania, No. 19-20430 (5th Cir. 2021) the U.S. Court of Appeals for the Fifth Circuit

First published by: Financial Institutions Legal Snapshot

Quick Polls

QUESTION

As uncertainty prevails, and post-election business and consumer sentiment begins to ebb, how do you intend investing your clients’ funds through 2025?

ANSWER

Diversify across regions, themes.
Move to defensive assets.
Review clients’ long-term objectives.
Trust your DFM or fund managers.
fanews magazine
FAnews November 2024 Get the latest issue of FAnews

This month's headlines

Understanding treaty reinsurance – and the factors that influence it
Insurance brokers: the PI scapegoat
Medical Schemes' average increases for 2025
AI is revolutionising insurance claims processing and fraud detection
Crypto arbitrage: exploring the opportunities and risks
Subscribe now