If You Still Haven’t Purchased Cyber Insurance…
A recent post by Carlton Fields (https://www.jdsupra.com/legalnews/failure-to-procure-cyber-insurance-30412/) states “… companies of all sizes – any company that uses, collects, stores or handles confidential or personal information such as credit card numbers, social security numbers, etc. – MUST address exposures to hacking and other data breach events before they occur” (emphasis in original). As of 2017, only about 50% of companies had purchased Cyber insurance. Fields cites a recent Florida decision (St. Paul Fire & Marine Insurance Co. v. Rosen Millenium, Inc.) confirming that current Commercial General Liability policies do not cover cyber breaches.
If you have a standard CGL policy, most likely there is an endorsement CG 21 06 “Exclusion – Access or Disclosure of Confidential or Personal Information”. A non-standard policy will probably have a similar exclusion. In plain English, if you don’t have Cyber insurance you’re not covered for a data breach.
Warning – If you’re buying Cyber insurance for the first time, you may not be covered for incidents that occurred prior to the effective date. if possible, any “prior acts” exclusion should be restricted to known acts or circumstances.
At Beacon Insurance, analysis of cyber risk is part of our due diligence. If you’re not fully covered we will do our best to find the best policy for your needs.