Our lives and the products and devices we use become more dependent on data by the day. As a result, cyberattacks and data breaches present everchanging risks to companies and individuals, and the importance of applicable insurance never has been more important. While companies historically sought coverage for losses under traditional CGL, D&O, E&O, commercial crime, and business interruption policies, their mixed results––coupled with new exclusions singling out electronic data––have led to increasing need for cyber-specific coverages. However, as evidenced by Minnesota District Court’s recent decision in Target Corporation v. ACE American Insurance Company, 2022 WL 848095 (D. Minn. Mar. 22, 2022), CGL policies still may be in play where damages result from the inability to use tangible property.
Continue Reading Continuing Use of CGL Policies to Cover Data Breach Losses

A federal district court in Florida has ruled that a claim against a policyholder arising out of a hacker’s theft of confidential credit card information was not covered under a commercial general liability (CGL) policy.  St. Paul Fire & Marine Ins. Co. v. Rosen Millennium, Inc., M.D. Fla. Case No. 17-cv-540 (Sept. 28, 2018).  This is not the first such decision.  Courts have held similarly in Innovak Int’l, Inc. v. Hanover Ins. Co., 280 F.Supp.3d 1340, 1347-1348 (M.D. Fla. 2017) and Zurich American Ins. Co. v. Sony Corp. of America,  2014 WL 3253541, 2014 N.Y. Misc. LEXIS 5141 at *71 (N.Y. Sup. Ct. Feb. 21, 2014).

While we disagree with these courts’ reasoning, policyholders concerned about data breach liability should take note of these decisions and consider buying more reliable insurance protection for this risk.
Continue Reading Florida Court Finds No CGL Coverage for Data Breach Claim

Blog-Image---DataSecurity

Policyholders should always consider the potential for coverage under their CGL policies if they suffer a data security breach. However, as the cases described in my article for Corporate Counsel, coverage is highly fact-dependent and subject to interpretation by the courts even in the absence of a data-related exclusion. The addition of such an