There are only two kinds of companies –those who have been hacked and those who will be. According to Robert Mueller, former Director of the FBI, these companies are converging into one category – companies who have been hacked and those who will be hacked again.
When many of us think data breach, we think Target. According to its quarterly earnings reports, Target has spent nearly $88 million in breach-related expenses alone. Companies are buying more cyber insurance than ever before – and with higher limits. According to a recent New York Times article, Target had $100 million in cyber coverage in place from multiple carriers. Unbelievably, $100 million may not be enough coverage. Analysts project last December's breach could cost Target a total of $420 million.
Companies are buying specialized cyber insurance in record numbers and with record limits. Even so, given the astronomical costs of a data breach claim, it is no surprise that companies are seeking coverage under every possible type of policy. Earlier this year, in Zurich Am. Ins. Co. v. Sony Corp. of Am., 651982/2011 (N.Y. Sup. Ct., N.Y. Cnty. Feb. 21, 2014), a New York judge refused to find coverage for Sony's data breach under its general liability policy. The damages in that case could reach $2 billion. Sony has appealed this ruling, so this case will definitely be one to watch.
Have other courts found coverage for data breaches under CGL policies? How might the ISO's new endorsements impact data breach claims made against a traditional CGL policy? In our latest white paper, Is GL insurance coverage tonic for the data breach blues? Swiss Re's Senior Legal Counsel Anthony Mormino and I seek answers to these questions as we explore data breach claims made against a CGL policy.