Scarinci Hollenbeck, LLC
The Firm
201-896-4100 info@sh-law.comFirm Insights
Could Your Cyber Insurance Policy Unexpectedly Let You Down?
Author: Scarinci Hollenbeck, LLC
Date: June 30, 2015
Key Contacts
Back
Cyber insurance policies are currently being heavily marketed amid highly publicized data breaches involving millions of records.
But is having a cyber insurance policy a wise choice to protect your company in the wake of a costly data breach? One danger is that the policy tries to limit its exposure by imposing requirements that may be practically impossible to administer.
As an example, in California, Columbia Casualty Co., a member of the CNA Group, is seeking to enforce an exclusion in its policy that requires its insured to meet “minimum required practices.”
The lawsuit stems from a data breach suffered by Cottage Health System, which involved approximately 32,500 confidential medical records. According to court documents, Cottage Health Systems and its third-party vendor failed to implement proper security measures, such as data encryption, to protect patient data that was accessible via the Internet. A resulting class-action lawsuit settled for $4.1 million, which Columbia Casualty agreed to fund subject to a complete reservation of rights.
In Columbia Casualty Company v. Cottage Health Systems, No. 2:15-cv-03432, the insurance company is now seeking reimbursement based on a policy exclusion stating:
“Any failure of an Insured to continuously implement the procedures and risk controls identified in the Insured’s application for this Insurance and all related information submitted to the Insurer in conjunction with such application whether orally or in writing…”
In wake of the lawsuit
Columbia Casualty maintains that because the healthcare company failed to monitor and continuously update its cybersecurity protocols, insurance coverage should be excluded. It points to representations that Cottage Health Systems allegedly made in its application – notably that the company regularly evaluated its exposure to data security and privacy risks.
For businesses that hope to rely on cyber insurance in exactly this type of situation — where the company or another third party’s negligence inadvertently leads to a data breach — the suit is troublesome as it appears to eviscerate the very protection many companies are seeking.
In terms of case law, cyber insurance is still relatively new. As a result, there may be little existing case law interpreting the relevant exclusions. To assess your rights and obligations under a cyber insurance policy, it may be prudent to review the terms and consult with experienced counsel to try to anticipate significant coverage concerns.
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Related Posts
See all
Does Your Homeowners Insurance Provide Adequate Coverage?
Your home is likely your greatest asset, which is why it is so important to adequately protect it. Homeowners insurance protects you from the financial costs of unforeseen losses, such as theft, fire, and natural disasters, by helping you rebuild and replace possessions that were lost While the definition of “adequate” coverage depends upon a […]
Author: Jesse M. Dimitro
Understanding the Importance of a Non-Contingent Offer
Making a non-contingent offer can dramatically increase your chances of securing a real estate transaction, particularly in competitive markets like New York City. However, buyers should understand that waiving contingencies, including those related to financing, or appraisals, also comes with significant risks. Determining your best strategy requires careful analysis of the property, the market, and […]
Author: Jesse M. Dimitro
Fred D. Zemel Appointed Chair of Strategic Planning at Scarinci & Hollenbeck, LLC
Business Transactional Attorney Zemel to Spearhead Strategic Initiatives for Continued Growth and Innovation Little Falls, NJ – February 21, 2025 – Scarinci & Hollenbeck, LLC is pleased to announce that Partner Fred D. Zemel has been named Chair of the firm’s Strategic Planning Committee. In this role, Mr. Zemel will lead the committee in identifying, […]
Author: Scarinci Hollenbeck, LLC
Novation Agreement Process: Step-by-Step Guide for Businesses
Big changes sometimes occur during the life cycle of a contract. Cancelling a contract outright can be bad for your reputation and your bottom line. Businesses need to know how to best address a change in circumstances, while also protecting their legal rights. One option is to transfer the “benefits and the burdens” of a […]
Author: Dan Brecher
What Is a Trade Secret? Key Elements and Legal Protections Explained
What is a trade secret and why you you protect them? Technology has made trade secret theft even easier and more prevalent. In fact, businesses lose billions of dollars every year due to trade secret theft committed by employees, competitors, and even foreign governments. But what is a trade secret? And how do you protect […]
Author: Ronald S. Bienstock
What Is Title Insurance? Safeguarding Against Title Defects
If you are considering the purchase of a property, you may wonder — what is title insurance, do I need it, and why do I need it? Even seasoned property owners may question if the added expense and extra paperwork is really necessary, especially considering that people and entities insured by title insurance make fewer […]
Author: Patrick T. Conlon
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Could Your Cyber Insurance Policy Unexpectedly Let You Down?
Author: Scarinci Hollenbeck, LLC
Cyber insurance policies are currently being heavily marketed amid highly publicized data breaches involving millions of records.
But is having a cyber insurance policy a wise choice to protect your company in the wake of a costly data breach? One danger is that the policy tries to limit its exposure by imposing requirements that may be practically impossible to administer.
As an example, in California, Columbia Casualty Co., a member of the CNA Group, is seeking to enforce an exclusion in its policy that requires its insured to meet “minimum required practices.”
The lawsuit stems from a data breach suffered by Cottage Health System, which involved approximately 32,500 confidential medical records. According to court documents, Cottage Health Systems and its third-party vendor failed to implement proper security measures, such as data encryption, to protect patient data that was accessible via the Internet. A resulting class-action lawsuit settled for $4.1 million, which Columbia Casualty agreed to fund subject to a complete reservation of rights.
In Columbia Casualty Company v. Cottage Health Systems, No. 2:15-cv-03432, the insurance company is now seeking reimbursement based on a policy exclusion stating:
“Any failure of an Insured to continuously implement the procedures and risk controls identified in the Insured’s application for this Insurance and all related information submitted to the Insurer in conjunction with such application whether orally or in writing…”
In wake of the lawsuit
Columbia Casualty maintains that because the healthcare company failed to monitor and continuously update its cybersecurity protocols, insurance coverage should be excluded. It points to representations that Cottage Health Systems allegedly made in its application – notably that the company regularly evaluated its exposure to data security and privacy risks.
For businesses that hope to rely on cyber insurance in exactly this type of situation — where the company or another third party’s negligence inadvertently leads to a data breach — the suit is troublesome as it appears to eviscerate the very protection many companies are seeking.
In terms of case law, cyber insurance is still relatively new. As a result, there may be little existing case law interpreting the relevant exclusions. To assess your rights and obligations under a cyber insurance policy, it may be prudent to review the terms and consult with experienced counsel to try to anticipate significant coverage concerns.