Lack of Attribution Could Hurt Your Cyber Insurance Coverage

Lack of Attribution Could Hurt Your Cyber Insurance Coverage

When was the last time you reviewed your business’ professional liability insurance policy? Insurance policies are complex contracts that are similar to puzzle pieces in that they cover specific aspects of a business’ risks, with no one policy acting as a “one size fits all” solution. In many cases, business are required to purchase several policies in order to cover all of their unique risks. For this reason, it is vital that business owners review the terms of their policy all the way down to the definitions of the words used to clarify exactly what is and what isn’t covered.

An example of this ambiguity in wording would be our recent review of a client’s renewal of a professional liability insurance policy with coverage for both direct costs and third party liability. The policy was identical to the previous year’s version except for one added endorsement. The endorsement was a terrorism exclusion which states that the policy would not apply for claims, expenses, or damages directly or indirectly resulting from terrorism. The fine print of the endorsement proceeded to define acts of terrorism in the following manner:

  1. The commission or threat of an act that interferes with or disrupts an electronic, communication, information, or mechanical system, and
  2. To further political, ideological, religious, social or economic objectives or to express or oppose a philosophy or ideology.

This wording essentially established all cyber-attacks as acts of terrorism, as the main goals of most cybercriminals are to steal money or damage a third party for political or philosophical reasons, or simply due to boredom. Since cybercriminals can perform attacks from virtually anywhere in the world and for a wide range of reasons, this lack of attribution can make it difficult to determine the sophistication or motivation of the threat and, correspondingly, whether or not it would constitute as an event that would trigger a person’s cyber insurance policy. In effect, this rendered the cyber coverage aspect of the insurance policy useless.

Upon confronting the insurance company about this endorsement, the company conceded and removed it from our client’s policy. This begs the much larger question, however, of how many people are affected by similar endorsements and are actually covered by their policy in the event of a claim? This lack of attribution makes it imperative for businesses to review their policies with a skilled insurance expert to ensure their needs are covered.

Are you unsure if your business is fully protected? We invite you to contact our Valencia business insurance agents today and review your policy in further detail. For more information on this topic, check out our very own Vice President Howard Miller’s original blog on LinkedIn.

Categories