- Cyber Insurance, Cyber Exclusions and Breach of Cyber Insurance Contract
- An Ironshore Cyber Policy–Part X: Insuring Agreement I.E.:
- An Ironshore Cyber Policy–Part II
- An Ironshore Cyber Policy–Part V: Privacy Breach Expenses Coverage
- An Ironshore Cyber Policy–Part III
- An Ironshore Cyberpolicy–Part VI: Insuring Agreement I.E.
- An Ironshore CyberPolicy–Part VII: Insuring Agreement I.F.
- An Ironshore Cyber Policy–Part IX: I.H: Business Interruption Income Loss–Part IX
- Ironshore Blanket Cyber Policy–Part XI: Insuring Agreement I.J
- Ironshore Cyber Insurance Policy
Tech E&O, Network Security, Internet Media, and MPL Insurance Policy
First Insuring Agreement: #I.A
Individual Officer or Director Insurance
- thefts, corruption, or deletion of Electronic Data from the Company’s Computer System, unless it comes from the outside and that is not the company’s fault [e.g., hacking?];
- Unauthorized Accessed or Unauthorized Use of the Company’s Computer System;
- denial of Authorized Use, unless unintended breakdown;
- Company’s Computer System in some sort of attack on another system;
- transmission of Malicious Code to another system. Further insured injuries may result [There has been some controversy about whether CGL policies cover injuries to the software since it, is in part a physical object, i.e., something tangible that may suffer physical loss and loss of use.
Exclusions exceed 50 in number, counting the sub-parts, and 25 if the sub-parts are not counted. Most of them are, to some degree or other, analogous to exclusions found in so-called “real world” policies.
Significantly there may or may not be a duty to defend, provide a defense, pay for a defense, pay on behalf of defense for an Insured. Although the language is not completely clear, it seems likely that the duty to defend hinges, more or less, on the so-called “Eight Corners” Rule. Then there is a duty to defend, the insurer “runs” the defense show and pays for it along the way. That is not always true in D & 0 policies, and it does not appear to be true in this policy on all occasions. In any case, for this and other reasons, the reader of this policy must be careful about several distinguishable phrases, “will pay,” “will indemnity,” and “will pay in behalf of.” The last one is particularly tricky when it actually says “will pay on behalf of Insured all Loss . . . that the Insured is legally obligated to pay.” This language may not provide the same coverage across the board. Why else would there be different phrases?
With regard to the duty to defend, there is a particularly puzzling phraseology. Here it is: more or less: “The Insurer will pay on behalf of. . . all Loss. . . which the. . .becomes legally obligated as damages.” (The omissions are to leave room for different conceptions of who or what is an insured. And the word Loss includes Damages.) One problem in this coverage is that many insureds are not legally obligated to defend themselves; and, of two defendants, one may not only be not legally required to defend itself but it may not be legally required to defend its codefendant(s).
This problem is one of appearance only. There is a separate section in which the duty to defend liability cases is set forth. This fact may be confusing even to the more experienced reader. The reason is that the duty to defend it is usually set forth in the insuring agreement section of a policy. Here the opposite is true. That duty gets its own section, The insurer’s duty to defend in this policy may be weaker than in many so-called real “world policies.” Most policies of the so-called “real world” require a liability insurer to defend its insured if the plaintiff’s pleading states–or, probably in many jurisdictions, sketches a covered claim; it does not require that the claim actually be covered. The plaintiff (and possible victim) can be wrong about what is asserted in the pleading or even lying, and they’re still a duty to defend. The liability sections of this policy don’t appear to say that. It at least appears that the claim must actually be covered. I don’t see how that can be true, but if I have understood the language, that is what is says.
Of course, with so many newly defined words, there will be controversy over what is meant. However, there is at least one that is often in dispute here in the real world. The policy often says that it covers “direct” losses, meaning that the loss must be “directly” covered by a covered cause. The meaning of “directly” is subject to controversy.
What is direct as opposed to indirect?
Originally posted on 09/06/2013 @ 9:23 pm