Last week Sony Corp. and Zurich America Insurance agreed to an undisclosed settlement connected to the 2011 hack of Sony’s PlayStation Network.
The dispute has been closely watched by the insurance industry, especially after a ruling last year from a New York Supreme Court judge took Zurich off of the hook for having to “cover Sony for litigation in connection with the hacking.” Zurich argued that terms of the commercial general liability and excess insurance policies provided to Sony did not cover “defend[ing] and potentially indemnify[ing] Sony from class action lawsuits, possible government investigations and other miscellaneous claims.”
This case should help dispel the idea that a commercial general liability policy covers a cyber-attack, a falsity that 39% of private companies believe is true according to a Marsh study. According to Christine Marciano, president of Cyber Data-Risk Managers in New York, the idea that CGL policies covers cyber risks “is certainly not the case, as a CGL policy has many gaps as it relates to cyber risk and was not written to cover cyber events.”