Cyber gap in general liability policies


Cyber risk may be a new gap in general liability policies, according to a new briefing from Lockton.

It says that cyber exposure heated up in 2013 when the Insurance Services Office, an insurance forms standard setting body, excluded general liability (GL) coverage for claims related to electronic media.

“As a result, first party and third party losses as well as the costs associated with managing those claims may no longer be covered by typical GL policies,” said author Matthew Hanis, a recent addition to Lockton’s healthcare practice.

He added that emerging domestic and London insurance markets had developed to fill these gaps even before the recent change. The markets have made cyber liability coverage available for about ten years. The nature of the coverage varies radically especially in the area of triggering events.

“With the incidence of cyber-related claims increasing and coverage forms changing, this area of risk is important to monitor closely,” said Hanis. “Regulation of certain data types (PHI, PII) as well the transfer of cyber risk in contractual obligations with customers and vendors make the actual exposure murky.”

To evaluate your cyber liability exposure and current protections, Hanis advises quantifying exposure by documenting quantities of records, potential business interruption and notification costs, as well as the costs of legal defense.

He also recommends assessing coverage in current general liability and cyber policies, especially exclusions and triggering events. It is advisable to ensure vendor and customer contracts transfer, limit or exclude liability as intended, and to review current data protection and disaster recovery plans for preparedness.

Lockton, US, Matthew Hanis