CYBER LIABILITY – THE BODILY INJURY GAP

In a previous post on cyber liability, we addressed the importance of the coverage and how it can be tailored to an individual insured. Nevertheless, there appears to be a gap in cyber coverage that has not been adequately addressed by most insurance carriers.

As with most insurance policies, save for a select few (i.e. general liability, automobile liability, workers’ compensation, etc.) almost all cyber insurance policies contain an exclusion for claims brought for bodily injury (many contain an exception for claims of mental anguish). Generally speaking, when a non-employee suffers an injury due to a company’s negligence, the general liability policy of the negligent party, will respond to defend and cover the bodily injury claim. The issue, however, is that most general liability policies contain a data-related liability exclusion – an exclusion for bodily injury claims arising from the access or disclosure of personal information. Some policies may contain a limited exception for bodily injury (see ISO endorsement CG 21 06 05 14); however, that exception, as its name connotes, is limited in scope and will only apply in certain limited scenarios.

The issue of coverage thus arises in a scenario where a bodily injury occurs as a result of a cyber security event. Given that practically every company operates with technology, an infiltration of technology by a bad actor, can potentially cause an eruption or fire that ultimately leads to bodily injuries. Such a scenario is certainly not inconceivable and the insurance industry has not adequately addressed it as of yet, but given the forward-thinking mentality of the industry, I expect it to be addressed in the very near future.

Coincidentally, I came across a cyber liability policy just last week, from a Lloyd’s syndicate, that provided a $250,000 sublimit for bodily injury claims. It was a policy dedicated to a particular industry, but nevertheless, is a start in the right direction and I expect more carriers to start adding similar enhancements to their policies. As stated in the prior post on cyber liability, given the competitiveness in the cyber insurance market, any edge a carrier can obtain with coverage, provides them an advantage in gaining more business.

As an insurance consumer, you should be inquiring of your broker and/or cyber insurance carrier about bodily injury coverage as some may be willing to accommodate and endorse their policies with such enhancements in order to keep their customers and clients happy. As I consistently advise my colleagues, it can’t hurt to ask for things. The worst thing they will say is no and you will not be any worse for it. Nevertheless, as in most industries, some resources are better than others. If your broker is not up-to-date on cyber insurance, it would be wise to find an alternative broker. Here at Lamb, we strive to be at the cutting edge of the marketplace in every aspect of insurance and cyber insurance is certainly at the top of our radar. It can’t hurt to contact us and discuss your exposure and how we can accommodate you; both from a coverage side as well as on premium savings.