Tech E&O, Network Security, Internet Media, and MPL Insurance Policy

Part One (i):  Introduction

In the previous parsing of cyber policies, I have tried to do whole policies all at once. That approach won’t work for this policy; it may have been a bad idea at all times and across the board. With regard to this policy, I am going to divide it up, so that the individual posts are much, much shorter. The attempt will be to do, where possible, one insuring agreement per part. In addition, there will be no attempt to spell out in detail each relevant provision: insuring agreement, definition, condition, and/or what have you. This may lead to subtleties being left out and/or other errors, but I will probably come pretty close
 
I will include one small substantive thing in this introductory section.  It is a concept taken over from standard, tangible Director & Officer policies, and since the D&O insuring agreement in this policy comes first in the discussions–it is, after all, the A insuring agreement–that order makes sense, at least for now.
 
This Ironshore contract of insurance is a complex–very complicated–blanket cyber policy concentrating mainly on liability insurance. It contains 11 different insuring agreements (A-K), 60 “primary” definitions, and a great many “included” definitions” (A-LLL).  All the insuring agreements contained at least one primary definition, and many of the primary definitions are to be found in more than one.  Many of the definition parts, at least, are really exclusions in disguise, though courts do not pay attention to that obvious truth.
 
In addition, there are 22 exclusions, some containing subparts, some of which take more than half a page, and–of course–almost all of them use at least one of the definitions.
 
Taken as a whole, the policy is 34 pages long. The application takes up 13 pages, and it becomes part of the policy.


Part One (ii): Close to an Introduction

Preliminary Observation Regarding Insuring Agreement I.A
 
Insuring Agreement: “SIDE A” D&O LIABILITY COVERAGE


“Side A” is the first phrase in the first insurance agreement.  Many readers will not recognize it, so let’s start there.  The locution “Side A” is not the same as the designation of Insuring Agreement I.A.
 
So, what is “Side A”?  The directors of corporations won’t serve without some sort of protection from liability.  The same thing is true for “senior” officers, e.g., CEO, COO, some VIPs–roughly, whoever is named in the bylaws of the company as an officer: “Big Deal Administrators Capable of Large Decisions.”
 
Such protection–indemnify protection–can be provided by the entities themselves. Then again, consider Enron. Nobody wants that.
 
Or consider what might happen if the company went bankrupt.  The directors and perhaps the officers might get dragged into the pit. Consider the failure of Dewey LaBoeuf.
 
Now consider a financial liability policy on the corporation, as well as the directors and officers. In this situation, the company might take care of itself and throw the directors and officers “under the bus,” as they say.
 
It’s better for the directors and officers to have their own policy, and it’s better for there to be separate policy limits for each of them built into the same policy. These policies are called “Side A” policies. They are called excess policies because they quite often stand above other policies and funds. If the company can pay on behalf of a director, the Side A policy is never triggered. If the insurance on both the company the individual directors and officers pays, then the directors and officers are protected. Only when neither the company itself nor the insurance policy covering the company, the directors, and the officers can pay allowed is the insurance that directly covers only the directors and officers, i.e., the Side A policy, ever triggered. Only if the underlying policies cannot pay will the Side Excess policy step up to the plate.
 
Of course, there is always the possibility–even if–it is extremely unlikely and not the sort of thing normal business persons and insurance underwriters would ever think will occur.  This would happen when neither the company nor the “together-we-stand D&O policy” actually has coverage. Maybe the individualized Side A policy would provide coverage.  If so, then the Side A policy wouldn’t be just an excess policy but an umbrella policy as well. Make sure you have read the immediately preceding blog in “Wrongful Acts, Claims, and Responses.” 
Now for some cyber insurance policy discussion focusing on one very complex policy.  It will involve at least 12 parts, all keyed to different insuring agreements.