As it stands today securing a cyber liability policy is almost mandatory for organizations who store any client/customer related data or connect to the internet… which is almost everyone at this point. However, when a cyber breach or related claim occurs, looking to your traditional policies to provide coverage may be worthwhile.
The Fourth Circuit’s ruling in favor of Portal Healthcare Solutions, LLC in the case of “Traveler’s Indemnity Co. vs. Portal Healthcare Solutions LLC.” proved that traditional policies (CGL, K&R, Property, etc.) may provide coverage in the event of a cyber related loss.
When a privacy breach occurred after Portal left an unsecured server online displaying private medical records, Portal looked to their CGL policy and carrier (Travelers) for coverage. Travelers pushed back on their duty to defend stating “publication” required intentional and not inadvertent publication and that there was no “publication” since there was no proof that anyone other than the plaintiff actually viewed the publicly displayed medical records. The court decided in Portal’s favor and noted that displaying the private medical records online was “publication” and that Travelers did, indeed, have a duty to defend.
This is not to say that organizations should forego purchasing Cyber Liability coverage but as exposures are being identified, companies should understand where cyber related coverage may already exist in their program.
Keep in mind that many traditional policies could include exclusion language which limits Cyber coverage, so they should be reviewed carefully and by someone who understands both the risks and the coverage. That being said, Cyber Liability policies also include many exclusions, so understanding your organization’s unique risks and how your policies will respond is critical – especially when developing incident response and disaster recovery plans.
The ALS Group’s Risk Management Assessment (RMA) is designed to surface the risks our clients face and provide feedback on the gaps in coverage as well as suggestions for mitigating these risks.
Click here to request more information about our services or need help in putting together a risk management plan for your organization.
