A recent ruling by a federal court may have some big consequences for the future of technology insurance and how businesses are protected.
You can read the full overview of the case in Insurance Journal. But to put it (somewhat) briefly, the Fourth Circuit ruled this spring that the insurance company Travelers has to cover a lawsuit filed against its client, Portal Healthcare.
The juicy part? The lawsuit is over a data breach. This normally wouldn’t be such a big deal, except for the fact that Portal Healthcare turned to its General Liability Insurance policy to help with the legal costs. And this is the kicker: General Liability Insurance usually never covers data breaches.
A business carries a Commercial General Liability (or CGL) policy to address third-party bodily injury, property damage, and defamation lawsuits. Most CGL policies offer no coverage for lawsuits over data breaches.
So what happened?
How a Few Words in the General Liability Policy Made all the Difference
Here’s the backstory. Apparently, Portal Healthcare accidentally published confidential health information online and was sued. Portal relied on its General Liability policy to cover the legal costs, but its insurer said data breaches were not covered by the company’s CGL policy.
The argument went all the way to the Fourth Circuit Court, which took a close look at the wording of the policy.
“The CGL policy at issue provided coverage for electronic ‘publication’ of information about a person’s private life,” says attorney
Lisa Bentley, a
founding partner at
Aguilar Bentley LLC.
Personal information had somehow found its way online, but the question was whether that counted as “publication.”
“The underlying lawsuit alleged that Portal had failed to adequately safeguard confidential healthcare information,” says Bentley. “The court agreed that this constituted a covered ‘publication,’ despite Travelers’ contention that publication required actual dissemination of information, not just a lack of adequate protections.”
In other words, because the information could be found through a simple Google search, the data breach counted as a publication of that information. And because of the wording in the General Liability policy, Travelers was obligated to pay for the lawsuit defense costs.
That's good news for Portal, but the fallout from this decision could have implications for insurers and technology businesses as a whole.
Technology General Liability Insurance More Likely to Exclude Cyber Claims
Some people wonder what this recent ruling means for data breach coverage going forward. Any technology business that deals with sensitive or personal information might want to listen up, too.
“The Portal Healthcare decision could have a significant impact on the scope of coverage available under existing CGL policies,” says Bentley. “Future CGL policies will almost certainly contain a broad ‘cyber exclusion’ that will be written to make clear that losses stemming from data breaches are not covered, requiring companies to purchase separate cyber insurance policies.”
Basically, insurance providers will make sure their General Liability policies won't cover data breaches. This means a few things for you as a business owner:
- You should pay extra attention to the language in your technology insurance policies. Know what’s covered and what’s not.
- If you want coverage for lawsuits stemming from data breaches, you’ll have to look to Cyber Liability Insurance.
As data breaches and cyber claims become increasingly common, Cyber Liability Insurance will be the risk management answer for a lot of small businesses. Learn more about it here: “How Much Cyber Liability Insurance Is Enough?”