Firm News

Could Your Cyber Insurance Policy Unexpectedly Let You Down?

Author: Scarinci Hollenbeck, LLC

Date: June 30, 2015

Key Contacts

Scarinci Hollenbeck, LLC

The Firm

201-896-4100 info@sh-law.com

Back

Cyber insurance policies are currently being heavily marketed amid highly publicized data breaches involving millions of records.

But is having a cyber insurance policy a wise choice to protect your company in the wake of a costly data breach? One danger is that the policy tries to limit its exposure by imposing requirements that may be practically impossible to administer.

As an example, in California, Columbia Casualty Co., a member of the CNA Group, is seeking to enforce an exclusion in its policy that requires its insured to meet “minimum required practices.”

The lawsuit stems from a data breach suffered by Cottage Health System, which involved approximately 32,500 confidential medical records. According to court documents, Cottage Health Systems and its third-party vendor failed to implement proper security measures, such as data encryption, to protect patient data that was accessible via the Internet. A resulting class-action lawsuit settled for $4.1 million, which Columbia Casualty agreed to fund subject to a complete reservation of rights.

In Columbia Casualty Company v. Cottage Health Systems, No. 2:15-cv-03432, the insurance company is now seeking reimbursement based on a policy exclusion stating:

“Any failure of an Insured to continuously implement the procedures and risk controls identified in the Insured’s application for this Insurance and all related information submitted to the Insurer in conjunction with such application whether orally or in writing…”

In wake of the lawsuit

Columbia Casualty maintains that because the healthcare company failed to monitor and continuously update its cybersecurity protocols, insurance coverage should be excluded. It points to representations that Cottage Health Systems allegedly made in its application – notably that the company regularly evaluated its exposure to data security and privacy risks.

For businesses that hope to rely on cyber insurance in exactly this type of situation — where the company or another third party’s negligence inadvertently leads to a data breach — the suit is troublesome as it appears to eviscerate the very protection many companies are seeking.

In terms of case law, cyber insurance is still relatively new. As a result, there may be little existing case law interpreting the relevant exclusions. To assess your rights and obligations under a cyber insurance policy, it may be prudent to review the terms and consult with experienced counsel to try to anticipate significant coverage concerns.

Practices: Corporate Transactions & Business
Locations: Red Bank, NJ, New York City, Little Falls, NJ

No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.

See all

Feedspot Names Government & Law Blog One of the Top Public Law Blogs

FeedSpot Recognizes Donald Scarinci’s Government & Law Blog One of the Top 20 Public Law Blogs Little Falls, NJ – May 22, 2025 – Scarinci Hollenbeck, LLC is honored to share that Managing Partner Donald Scarinci’s Government & Law blog has been listed by FeedSpot.com as one of the “20 Best Public Law Blogs and […]

Author: Scarinci Hollenbeck, LLC

June 4, 2025

Scarinci Hollenbeck's Ron Bienstock Speaks at 100th Bomb Group's 2025 Reunion

SH Partner and 100th Bomb Group Foundation Legal Counsel Discussed The Nuremberg Trials and the Law May 21, 2025 – Little Falls, NJ – Scarinci & Hollenbeck, LLC is proud to share that partner Ronald S. “Ron” Bienstock recently spoke at the 100th Bomb Group Biennial Reunion, held May 15-18, 2025, in New Orleans. The […]

Author: Ronald S. Bienstock

May 23, 2025

FeedSpot Names Donald Scarinci’s Constitutional Law Reporter One of the Top 100 Legal Blogs

Little Falls, NJ – May 1, 2025 – Scarinci Hollenbeck, LLC is proud to share that Managing Partner Donald Scarinci’s Constitutional Law Reporter blog has been listed by FeedSpot.com as one of the “Top 100 Legal Blogs.” No Aspect of the advertisement has been approved by the Supreme Court. Feedspot, a content reader that curates websites of […]

Author: Donald Scarinci

May 19, 2025

FeedSpot Names Donald Scarinci’s Government & Law Blog One of the Top 80 New Jersey Blogs

Little Falls, NJ – May 1, 2025 – Scarinci Hollenbeck, LLC is proud to share that Managing Partner Donald Scarinci’s Government & Law blog has been listed by FeedSpot.com as one of the “80 Best New Jersey Blogs and Websites in 2025.” *No Aspect of the advertisement has been approved by the Supreme Court of New […]

Author: Donald Scarinci

May 16, 2025

Nathanya G. Simon Named to ROI-NJ Influencers "Women in Business" 2025 List

Scarinci Hollenbeck Partner Nathanya G. Simon named by ROI-NJ to the “ROI Influencers: Women in Business” list for fourth consecutive year Scarinci Hollenbeck Partner Nathanya G. Simon has been named by ROI-NJ to the “ROI Influencers: Women in Business” list for 2025. After four decades of practice, Nathanya’s pioneering influence in the field of special […]

Author: Nathanya G. Simon

April 24, 2025

SH Partner Angela Turiano Named Director of Legislative Affairs for SHRM Princeton

Congratulations Angela Turiano on appointment as Director of Legislative Affairs for SHRM Princeton April 17, 2025 – Little Falls, NJ – Scarinci & Hollenbeck, LLC congratulates Partner Angela Turiano on her appointment as Director of Legislative Affairs for SHRM Princeton. Along with serving as a member of SHRM Princeton’s leadership team, Angela will monitor pending legislative, regulatory, […]

Author: Angela A. Turiano

April 17, 2025