It’s (approximately) the ides of National Cybersecurity Awareness Month. Yes, it’s a thing. A 15-year old thing. Appropriately, I spent last night at a cybersecurity seminar hosted by Citrin Cooperman (thanks, by the way). It sparked this first of a two-part blog post about the “voluntary parting” exclusion. Get your popcorn ready.
First, the scene. We’re at the Union League in Philadelphia. It’s kind of dark, because it’s always kind of dark in there. Everyone is wearing coats, because everyone has to wear coats there. Despite the lighting and formality (to which I should really be more accustomed in my 11th year as a lawyer), the panel is exceptional. An ethical hacker demonstrates the ease with which he can figure out all of our passwords using software that makes billions of guesses per second. A valuation expert explains the process of quantifying cyber incident losses. Of most interest to me, the general counsel of a sophisticated insurance brokerage offers specific claims insights (no names, of course).
Consistent with the narrative that many of us are hearing, she emphasizes that carriers are by and large responding quickly to, and paying, the majority of cyber claims. So, I ask: “Are there any exclusions that you are seeing create some deviation from that narrative, maybe exclusions that could be addressed during the front-end application process given the tailored nature of cyber policies?”