Federal Court ruling on CGL covering a data breach
On Monday a Federal appeals court in Virginia upheld a lower federal court ruling that held a Commercial General Liability (CGL) may in fact cover a data breach. The legal battle involves the Personal Injury insuring agreement and the coverage under the Personal Injury coverage part is often ambiguous.
In the underlying case, The Travelers Indemnity Company of America was required to provide a defense for its insured, Portal Healthcare Solutions, LLC, for an underlying data breach class action filed against Portal by customers whose private medical information was posted on the intranet.
This ruling may have a dramatic impact on the pricing from CGL carriers who have historically not had to consider and price for potential cyber exposure. Generally speaking, cyber risk is the vulnerability to intrusions, and resulting data loss and systems failures which cause business interruption and reputational damage, legal and regulatory compliance violations and loss of revenue. In the last several years, the insurance marketplace has offered standalone first party and third party liability cyber policies to address different sizes and classes of cyber coverage based on types and levels of complexities. Cyber policies for first party coverage typically include coverage for data breach response costs, cyber extortion, network business interruption and data recovery. Traditionally, most businesses have commercial general liability policies to protect business from claims relating to personal injury or from property damage. Most of the standard policies were not drafted or intended to cover to address cyber risks.
In sum, it is important to note that this is just one ruling, but may very well represent a trend of the courts to look to find increased coverage for policyholders who have suffered harm as a result of a data breach. The interplay between traditional CGL policies and cyber policies is an area to watch in the months to come. In the meantime, please see the latest advisory from our Gallagher colleagues in the Casualty & Cyber practice leaders.
About the Author
Ann Mizner McKay is an Area Senior Vice President at Gallagher and leader of the claims team. Ms. McKay has extensive experience and knowledge in various types of risks including technology, healthcare, business service, environmental, energy, life sciences, financial institutions, and other business risks.