Here is an interesting story about a court tackling the scope of cyber liability insurance policy and determined the insurer had no duty to defend its insureds against claims such as tortuous interference, conversion, and breach of contract:
While in this case the court found that there was no coverage, it serves as an important reminder to policyholders that cyber policies, which have become increasingly popular in the wake of high-profile data breaches, may also be a source of coverage for other types of liabilities. In the case discussed above, the only “cyber” element seems to have been that the dispute between Global and FRA concerned electronic data; it was not alleged that the insured, or anyone else, wrongfully accessed or publicized that data. Indeed, the errors and omissions module in the policy at issue does not appear to have required a cyber “hook” for coverage. Yet, even though the court denied coverage, it did not base its denial on the absence of a data breach.
A further point for policyholders to keep in mind is that, to date, there is little if any judicial guidance on the interpretation of insurance policies of any type in the context of data breaches and other cyber attacks. For example, with respect to coverage triggered by negligent acts and omissions, no court has addressed the level of negligence that must be alleged with respect to an insured whose computer network was infiltrated by cyber criminals resulting in the leak of private information. Given the recent proliferation of exclusions in general liability and first-party property policies that purport to bar coverage for cyber liabilities, and the increasing sophistication of cyber criminals, it may be only a matter of time before courts have many more occasions to interpret cyber policies. However, the availability coverage for cyber events under “traditional” policies is still a relatively untested question.
Cyber liability insurance is the next snake oil.