- Cyber Insurance, Cyber Exclusions and Breach of Cyber Insurance Contract
- An Ironshore Cyber Policy–Part X: Insuring Agreement I.E.:
- An Ironshore Cyber Policy–Part II
- An Ironshore Cyber Policy–Part V: Privacy Breach Expenses Coverage
- An Ironshore Cyber Policy–Part III
- An Ironshore Cyberpolicy–Part VI: Insuring Agreement I.E.
- An Ironshore CyberPolicy–Part VII: Insuring Agreement I.F.
- An Ironshore Cyber Policy–Part IX: I.H: Business Interruption Income Loss–Part IX
- Ironshore Blanket Cyber Policy–Part XI: Insuring Agreement I.J
- Ironshore Cyber Insurance Policy
Tech E&O, Network Security, Internet Media, and MPL Insurance Policy
The starting definition with which this coverage analysis starts is a buried definition, namely, Technological Services. Obviously, the nature of (or the character of) a “wrongful act” depends on that activity with respect to which there has been a wrongful act. This definition is complex; it takes up nearly half a page.
One thing about the idea of Technological Services is that it includes many services that are regarded as “professional services” on some policies in the so-called “real world.” These are policies that are not ordinary policies, e.g., for life, home and similar buildings, individual vehicle (including boats and the like), etc. They are not ordinary business policies that cover a slew of ordinary activities. Instead, they are policies that cover specialized and “high class” activities, usually by persons and their companies. Only their professional activities are covered, and in many cases the “wrongful act” is negligence. Here are some examples: physicians, lawyers, accountants, psychologists, brokers, some financiers, and so forth. The Technological Services definition covers some professional services, in this sense, but others as well. (Then again, perhaps in cyber lingo and its system of concepts lots of activities are called professional the analogs of which in the so-called “real world” would not be counted as such. This may be quite reasonable since it is a very complex “world.”)
Here are some of them:
(1) analysis, design, [and much else] of Computer Systems
(2) “database design,” (including the warehousing, storage, or recording or analysis of data, etc.) [MSQ: surely including “cloud” activities],”
(3) other related services:
(a) consulting, etc. of “technological information,” plus manufacture, repair, etc.,
(b) licensing computer software,
(c) website design, and the provision of various sorts of services, etc.,
(d) design, etc., of chat rooms, etc.,
(e) “e-commerce transaction services,” etc., &
(f) “electronic data destruction services.”
The meaning of the phrase Technological Wrongful Act is much simpler; it “means any or alleged actual act, unintentional error alleged act, omission neglect or breach of duty by an Insured or Service Provider to others for a fee, including the Insured’s intentional breach of contract to render services to others, or the failure of the Insured’s Technological Products to perform the function intended.”
The idea behind Technological Products is easy to grasp. So is the idea of Service Provider, except that it is a hireling of the Insured and does its work. (Of course, both of these summaries of definitions are just that, rough summaries.)
A too limited (and somewhat speculative) summary is this: The kind of wrongful act covered has to do with fouling up work in connection with an insured’s technological work (or those of its service provider) they directly harm some computer stuff belonging to someone else and found in the so-called “cyber world” damages to the company to which the cyber material. However, I.J.provide coverage to that portion of this policy “covered under insuring agreements I.B and I.C.” [The emphasis is mine]
The “and” in this exclusion or limit built into the insuring agreement requires that an event and consequence of that event be covered under both I.B and I.C in order to be outside J-coverage.
The coverage provided in I.B is injuries and then losses inflicted upon the network security of another by means of a covered wrongful act. (See Part See III.) Being covered by I.B but not I.C doesn’t entail any coverage under I.J. Insuring agreement I.C covers injuries and losses caused to the privacy (or privacies) of others. (See Part IV) .C alone does not take an injury and its losses out of I.J. It must be conjoined to I.B.
My guess is that actionable invasions of privacy on the net can occur without the destruction of or injury to network security. I.J is really about fouling up the rendition of cyber services. Obviously, inflicting damages upon a network is the same as a failure to render satisfactory services. Not will the latter be likely to invade someone’s privacy. So why separate them off so sharply? Simplifying adjustment? Unlikely: the adjustment process with remain the same. Premium allocation? A little more likely, perhaps, since reinsurance would be priced differently without this “exclusion.” Neither of these seems likely, however, so I am mystified.
Originally posted on 10/10/2013 @ 10:03 pm