The potential exposures insurers face from “silent cyber,” which is the damages of cybersecurity-related losses under traditional insurance policies not designed to cover cyber losses, has been a major concern. However, a recent ruling in an insurance coverage dispute highlights the potential coverage available for companies experiencing cyber-security losses under their traditional insurance policies. In the ruling, a small business sought insurance coverage for its losses following a ransomware attack, although the traditional policy didn’t originally name cyberattacks as a covered loss. Many insurers are concerned about the buzz surrounding potential “silent cyber” exposures under traditional insurance policies.
A business policy covers direct physical loss of or damage to Covered Property at the premises described in the Declarations caused by or resulting from any Covered Cause of Loss. There have been discrepancies on what is actually considered physical loss.
In a particular case On January 23, 2020, District of Maryland Judge Stephanie Gallagher denied the cross-motion of the insurer. There have been debates amongst insurers and those they cover regarding data and intangible assets. Defining “direct physical loss” as required under the policy wasn’t always clear cut in some claims. Judge Gallagher had found “inherent contradiction” between the policy and the insurer’s interpretation with plain language of the policy’s provisions and definitions, dictating that such property is capable of sustaining a ‘physical’ loss. It is all dependent on policy language and interpretation of the terms when it comes to cyberattacks and ensuing coverage.
In the recent insurance coverage dispute, Judge Gallagher’s ruling found coverage for ransomware virus-related losses under a BOP policy. Since the majority of small businesses carry some form of BOP coverage, the court’s ruling suggests a new potential avenue for small business owners that have suffered these kinds of losses to pursue. The ruling marks the first time that a court has clearly addressed the availability of coverage associated with a ransomware incident and demonstrated that insureds can obtain insurance coverage for cyber-attacks even if they do not have a specific cyber insurance policy. There has now been discussion regarding the possibility that a traditional insurance policy like a BOP policy might pick up coverage for these kinds of losses. An insured’s business does not necessarily need to be completely shut down in order to get insurance coverage, even just a slow-down in functionality may be sufficient to trigger coverage.
Cyber-insurance policies may not be the only source of insurance available in the event of cyberattacks. Business policyholders now carefully consider all their insurance policies to determine where coverage might be available if experiencing a cybersecurity incident as there are many pending cases in which policyholders are seeking coverage for cyber-related losses under traditional insurance policies.
It could become an issue for clients to conclude that they do not need to purchase cyber insurance policies. Cyber policies provide much more comprehensive and specific coverage for cyber exposures in both first-party and third-party policies. Well-advised policyholders know that in order to be best protected against cyber exposures, a purpose-built cyber insurance policy is an invaluable component to their insurance program.
Formed in 2013, AmSuisse, Inc. has quickly distinguished itself as a wholesale operation that specializes in working very closely with our agents and broker partners to develop responsive, individualized service for each client. Our unparalleled writing support, industry-specific expertise, marketing support, responsive proposals and quotes, strong customer service, and strong relationships with our carrier partners have all helped us to provide the best possible coverage for our clients. To learn more about our available coverage, contact us today at (855) 912-8697 to speak with one of our representatives.