Chances are no, a General Liability policy is unlikely to respond to the full scope of network risk exposures. Network risk is liability arising from a breach of network security, including unauthorized access, transmission of a virus, and identity theft.
General Liability policies cover bodily injury and property damage to tangible property. They do not address the liabilities arising out of computer attacks, such as transmission of a virus and theft of customer information, including that which results in identity theft.
As an illustrative example: laptops containing confidential customer information of a client were stolen from a company. The client is demanding that the company pay for the costs of complying with the California Database Protection Act, as well as costs to provide credit monitoring and id theft coverage for their customers.
The best avenue for building coverage to respond to that claims scenario would be a custom tailored network risk program designed around your needs. If a comprehensive program was designed, it could provide coverage for some of these events.
It is important to note that this is simply a representative scenario and are by no means an exhaustive list of exposures or coverage solutions.
A TechAssure member can help you design coverage options that are tailored to your unique needs.
Privacy violations are defined many ways by different insurance carriers. It can be summed up as a loss arising from a breach of privacy under defined privacy regulations, including GLB, HIPAA, and state privacy protection laws.
Most traditional network risk policies do not address the scope of coverage needed for privacy and security risks following the regulatory requirements and typically exclude coverage for regulatory complaints.
Proving an illustrative story: firm was charged with violating the Gramm-Leach-Bliley Safeguards Rule regarding reasonable protections for customers’ sensitive personal and financial information.
It is possible that a properly designed, comprehensive, network risk program could provide coverage for third party claim, regulatory fines and penalties.
This is an illustrative example only. Each claim would be subject to the full terms and conditions of the actual policies in place.
Contact a TechAssure professional to discuss your exposures and potential coverage options.
It is important to note any insurance policies that have professional liability exclusion. This is liability arising out of the provisioning of professional services that result in or from, a computer attack.
Most professional liability forms have exclusions for loss arising from an unauthorized access and security breaches. In that case, coverage must be carved back in via endorsement. In some instances, the policy is silent on the subject, but history has shown that the intent is not to cover these exposures.
Reviewing a fictitious case: an entity provides computer services to a 3rd party and negligence in providing those services allows for a hacker to gain access to the 3rd party’s confidential information. The 3rd party sues for negligence.
Coverage options for such an event could be through an enhanced professional liability policy that is designed for your organization. In order for a professional liability policy to respond, the policy would need to be endorsed to clarify coverage responds to liability arising out of professional services.
This sample loss scenario is meant to be illustrative and is by no means an exhaustive or indicative list of exposures and coverage solutions.
Contact a TechAssure member to review your organizational exposures and coverage solutions.