An Ironshore Cyber Policy–Part III

Tech E&O, Network Security, Internet Media, and MPL Insurance Policy
Insuring Agreement: I.B Network Security Liability Coverage

This part will focus on the Insurance Agreement to be found in I.B.  It is entitled Network Security Liability Coverage.  The phrase Network Security and Network Security Wrongful Act have already been sketched in Part II.

The difference between I A and I.B is that the word Insured plays a key role in the insurance agreement.  What is crucial in I.A is that it covers only Individual Director[s] or Officer[s] and not the Company.  I.B covers both the individuals and the Company and other Individual Insureds. The third category of insured includes:

• certain past, present, or future employees acting within their scopes of employment and/or their “functional equivalents,” [The idea of future employees having liability is entreating.]
• an independent contractor working for the Company (on its behalf and for its “benefit”) and committing a Wrongful Action while within the scope of his retention, which must be in writing.
  

Thus, this is not a “Side Excess” policy, and so individuals who are directors or officers (or both) do not have as much coverage.

As yourself, whether the responsibilities of an Insurer to provide a defense for its Insured is the same as in I.A.

Keep in mind, there is a duty to defend. There is a separate section in which the duty to defend liability cases is set forth.  This fact may be confusing even to the more experienced reader.  The reason is that the duty to defend it is usually set forth in the insuring agreement section of a policy. Here the opposite is true.  That duty  gets its own section,  The insurer’s duty to defend in this policy may be weaker than in many so-called real “world policies.”  Most policies of the so-called “real world” require a liability insurer to defend its insured if the plaintiff’s pleading states–or, probably in many jurisdictions, sketches a covered claim; it does not require that the claim actually be covered.  The plaintiff (and possible victim) can be wrong about what is asserted in the pleading or even lying, and they’re still a duty to defend. The liability sections of this policy don’t appear to say that.  It at least appears that the claim must actually be covered.  I don’t see how that can be true, but if I have understood the language, that is what it says.

Almost certainly I.B can be removed by endorsement.

I should have mentioned this point before, but the policy is not typical of at least some other important cyber policies, or–more accurately–other groups of cyber policies. (There is just too much in this one to be typical of the simpler or narrower ones.  Several simple ones have been blogged earlier in this blog string.)

—MSQ

Remember: This post is organized around insuring agreements, definitions, and exclusions. Conditions, etc., may be remarked upon briefly, but they often resemble not only each other but those found in currently existing policies.

—MSQ