While cyber insurance can help organizations mitigate cyber risk and recover from a data breach or cyber-attack, industry experts caution clients to evaluate and understand policy language carefully to avoid coverage disputes or worse, a complete loss of coverage. It is often in the interest of the insurer to deny coverage, making it imperative that the insured be familiar and cautious when purchasing cyber insurance.
One such example of this denial of coverage due to policy language ambiguity was in the case of a company called Aqua Star which suffered a data breach as a result of wiring money to the wrong account after their supplier was hacked. However, in the course of the law suit, it was discovered that an Aqua Star employee saved information from the malicious email onto a spread sheet. Because of this, there was no coverage because Aqua Star’s policies excluded authorized entry of data into the company’s computer systems.
Another such example was in the case of the restaurant PF Chang’s. After a credit card data breach caused $1.7 million in losses, their insurer refused to pay the claim citing that there was no privacy injury.
It is important for your company to buy comprehensive cyber policies and it is equally important for the language to be crystal clear within those policies. In the event of a cyber breach, your company can get the coverage that it needs.