SEEING AROUND THE CYBER-CORNER : WHAT'S NEXT FOR CYBERLIABILITY POLICIES?

KARIN S. ALDAMA | Partner, Perkins Coie LLP
TRED R. EYERLY | Director, Damon Key Leong Kupchak Hastert
RINA CARMEL | Senior Counsel, Anderson, McPharlin & Conners LLP

Cybersecurity coverage issues began to arise 20-25 years ago, when computers started becoming ubiquitous in the workplace. Initially, insureds sought coverage for cyber incidents under traditional policies, which led to somewhat metaphysical coverage issues like: what is data, exactly? Is it tangible property for purposes of CGL policies? Is data loss a direct physical loss covered under first-party property policies?

The first cyber policy written to provide clarity on these issues and provide coverage specifically for cyber risks was introduced in 1997. But cyber policies, which are not standardized, raise different issues, such as the scope of coverage, which may develop more slowly than the risks of the cyberworld; whether the failure by an insured to implement cybersecurity measures may be grounds to disclaim coverage; and how novel policy language is to be construed. 

This article traces the historical coverage analyses, to set the stage for a discussion of common provisions of cyberliability coverages available today and the related issues that have arisen or may arise. It also discusses the slowly developing case law addressing cyber policies, and assesses what coverage and bad faith arguments and defenses may be raised as such policies continue to be addressed in the courts.