Most companies typically have traditional insurance policies that may cover cyber risks, including commercial general liability (CGL) coverage. CGL policies generally cover the company against liability for claims alleging “bodily injury” and/or “property damage” and also against liability for claims alleging “personal injury” and/or “advertising liability.” Insurers typically argue that “cyber” risks are not intended to be covered under CGL policies, but insureds have had some success in pursuing coverage for cyber risks. Insurers have begun to constrict CGL policy language in an effort to preclude coverage for losses arising from data breaches. In order to specifically cover the risks associated with cyber breaches, and to protect the company’s balance sheet, companies are looking toward cybersecurity insurance.Smolen et al. go on to describe the types of coverage that cybersecurity policies typically provide. Policies may cover first party costs of investigating breaches and repairing systems, and there are also third-party policies that can protect companies from the costs of lawsuits due to any breaches that intrude on the private information of third-parties who deal with the insured.
Smolen et al. conclude by urging companies to purchase cyber insurance policies in light of insurance companies' narrowing of their commercial general liability policies. In light of today's increasing number and severity of cyber attacks, and the increasing amount of corporate and customer information that is stored in clouds and computers, companies would do well to heed this advice.