Are You Cyber-Insured? for what?

Do you know what is covered, and what the exclusions are?

https://www.secureworldexpo.com/industry-news/insurer-denies-liability-in-hacking-case

One case I heard of, was a claim for coverage ($ to recover and rebuild) was denied, because the company was a service company, and the information stolen belonged to their customers.   No data actually owned by the insured was impacted, and the coverage was for data owned by the insured.  No coverage there!

Lesson?  Read your coverage and exclusions.  Carefully.

===============from the article: ============

Cyber Insurer Denies Liability in Hacking Case

By SecureWorld News Team Read more about the author
Mon | Aug 14, 2017 | 12:49 PM PDT

Cybersecurity executives wonder this out loud all the time: “Will our cyber insurance, or business insurance, cover us if there is some sort of cyber incident? Or will the insurance company declare some reason that we are not covered?”

A judge in Seattle may be the one to answer the question of what is covered (or not) for IT vendor Denali Advanced Integration after its insurer sued to avoid liability in a hacking related lawsuit.

See if you can follow this bouncing ball of liability: Denali was sued by clothing powerhouse Columbia Sportswear in March 2017 over alleged hacks by Denali’s then CTO Michael Leeper. Leeper had come to the IT vendor from Columbia Sportswear and allegedly hacked into Columbia’s systems nearly 700 times after taking a new job with Denali.

That lawsuit is still pending.

Then, on August 8, 2017, Hartford Fire Insurance Company sued Denali in federal court, claiming it is not liable to cover any potential damages from the Columbia lawsuit.

Law360 reviewed and cited the insurance company’s reasoning:

“The policy does not cover the claims raised in the underlying suit for several reasons,” the complaint says. “First, there is no coverage because the allegations were not ’caused by a glitch in [Denali’s or Leeper’s] performance of technology services’ while such services were ‘performed for others.’
Not only that, but there are no fewer than three exclusions barring coverage, Hartford says: “an exclusion for allegations of the ‘misuse, misappropriation or theft of trade secrets’; an exclusion for allegations of the violation of ‘unfair or deceptive business practices’ laws and ‘unfair competition or consumer protection laws’; and an exclusion ‘for any glitch or claim arising out of or in any way related to any … dishonest, fraudulent, criminal or intentional wrongful act or omission.’”
This raises questions that come up in many SecureWorld conversations with our Advisory Council members: Do you need cyber insurance? And if you have it, how much of your risk and which areas of risk are truly covered?
Hopefully, you will have the answer to that question before it has to be determined in a court of law.
%d bloggers like this: