Articles Posted in Uncategorized

Increasingly, businesses buy cyberinsurance to protect valuable electronic assets, including computer systems themselves and the data stored within them. These policies, however, are relatively young.  They frequently utilize terminology taken from traditional property/casualty policies, the meanings of which are informed by decades of case law.  These seemingly familiar words, however, are creating novel cyberinsurance issues that may impact the coverage you have, or think you have.

In Nat’l Ink & Stitch, LLC v. State Auto Prop. & Cas. Ins. Co., CV SAG-18-2138, 2020 WL 374460 (D. Md. Jan. 23, 2020), a court addressed a centuries old concept – physical loss – through the cyberinsurance lens.  After a screen-printing company suffered a ransomware attack, the company had data stolen and computers rendered partially inoperable. The company filed a claim under their cybersecurity policy, which familiarly stated that the carrier “will pay for direct physical loss of or damage to Covered Property…”.

The company obtained cyber coverage through an endorsement.  The Businessowners Special Form Computer Coverage endorsement refined the definition of “Covered Property” to include “Electronic Media and Records (Including Software).” It defined “Electronic Media and Records” to include:

Solvency.  It means you can pay your tab.  Cyber attacks are occurring with greater frequency and effectiveness, resulting in an ever-increasing bill.  The cyberinsurance market is booming, but will policy premiums and carrier reserves keep pace with the cost of claims?

It’s a fair question.

Consider the magnitude of loss problem first.  Once upon a time, to steal from a bank, you had to ride a horse, drive a car, take an Uber – whatever – and enter the bank.  Now, automated cyber attacks can launch innumerable attempts per hour, with likely anonymity and without the constraints of physical travel or the risks that follow telling everyone to get on the ground.  I suppose you could still create a hostage scenario to shut down a casino for a while, but a distributed denial of service attack targeting an online gaming platform is easier, less risky and potentially far more damaging.  In the Dyn, WannaCry and the recent Petya (or not Petya) attacks, we saw how far-reaching a ‘single’ attack can be.  Fact: It’s easier and less risky to do more damage now than ever before.  Insureds are more vulnerable as a result.

Contact Information