Scarinci Hollenbeck, LLC, LLCScarinci Hollenbeck, LLC, LLC
Contact us

Firm Insights

Could Your Cyber Insurance Policy Unexpectedly Let You Down?

Author: Scarinci Hollenbeck, LLC

Date: June 30, 2015

Key Contacts

Back

Cyber insurance policies are currently being heavily marketed amid highly publicized data breaches involving millions of records.

But is having a cyber insurance policy a wise choice to protect your company in the wake of a costly data breach? One danger is that the policy tries to limit its exposure by imposing requirements that may be practically impossible to administer.

As an example, in California, Columbia Casualty Co., a member of the CNA Group, is seeking to enforce an exclusion in its policy that requires its insured to meet “minimum required practices.”

The lawsuit stems from a data breach suffered by Cottage Health System, which involved approximately 32,500 confidential medical records. According to court documents, Cottage Health Systems and its third-party vendor failed to implement proper security measures, such as data encryption, to protect patient data that was accessible via the Internet. A resulting class-action lawsuit settled for $4.1 million, which Columbia Casualty agreed to fund subject to a complete reservation of rights.

In Columbia Casualty Company v. Cottage Health Systems, No. 2:15-cv-03432, the insurance company is now seeking reimbursement based on a policy exclusion stating:

“Any failure of an Insured to continuously implement the procedures and risk controls identified in the Insured’s application for this Insurance and all related information submitted to the Insurer in conjunction with such application whether orally or in writing…”

In wake of the lawsuit

Columbia Casualty maintains that because the healthcare company failed to monitor and continuously update its cybersecurity protocols, insurance coverage should be excluded. It points to representations that Cottage Health Systems allegedly made in its application – notably that the company regularly evaluated its exposure to data security and privacy risks.

For businesses that hope to rely on cyber insurance in exactly this type of situation — where the company or another third party’s negligence inadvertently leads to a data breach — the suit is troublesome as it appears to eviscerate the very protection many companies are seeking.

In terms of case law, cyber insurance is still relatively new. As a result, there may be little existing case law interpreting the relevant exclusions. To assess your rights and obligations under a cyber insurance policy, it may be prudent to review the terms and consult with experienced counsel to try to anticipate significant coverage concerns.

No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.

Scarinci Hollenbeck, LLC, LLC

Related Posts

See all
When Are New Jersey Business Owners Personally Liable for Corporate Debt? post image

When Are New Jersey Business Owners Personally Liable for Corporate Debt?

New Jersey personal guaranty liability is a critical issue for business owners who regularly sign contracts on behalf of their companies. A recent New Jersey Supreme Court decision provides valuable guidance on when a business owner can be held personally responsible for a company’s debt. Under the Court’s decision in Extech Building Materials, Inc. v. […]

Author: Charles H. Friedrich

Link to post with title - "When Are New Jersey Business Owners Personally Liable for Corporate Debt?"
Commercial Real Estate Trends to Watch in 2026 post image

Commercial Real Estate Trends to Watch in 2026

Commercial real estate trends in 2026 are being shaped by shifting economic conditions, technological innovation, and evolving tenant demands. As the market adjusts to changing interest rates, capital flows, and workplace models, investors, owners, tenants, and developers must understand how these trends are influencing opportunities and risk in the year ahead. Overall Outlook for Commercial […]

Author: Michael J. Willner

Link to post with title - "Commercial Real Estate Trends to Watch in 2026"
One Big Beautiful Bill: New Tip Income Tax Rules Employers & Workers Need to Know post image

One Big Beautiful Bill: New Tip Income Tax Rules Employers & Workers Need to Know

Part 2 – Tips Excluded from Income Certain employees and independent contractors may be eligible to deduct tips from their income for tax years 2025 through 2028 under provisions included in the One Big Beautiful Bill. The deduction is capped at $25,000 per year and begins to phase out at $150,000 of modified adjusted gross […]

Author: Scott H. Novak

Link to post with title - "One Big Beautiful Bill: New Tip Income Tax Rules Employers & Workers Need to Know"
One Big Beautiful Bill: New Overtime Tax Rules Employers and Employees Need to Know post image

One Big Beautiful Bill: New Overtime Tax Rules Employers and Employees Need to Know

Part 1 – Overtime Pay and Income Tax Treatment Overview This Firm Insights post summarizes one provision of the “One Big Beautiful Bill” related to the tax treatment of overtime compensation and related employer wage reporting obligations. Overtime Pay and Employee Tax Treatment The Fair Labor Standards Act (FLSA) generally requires that overtime be paid […]

Author: Scott H. Novak

Link to post with title - "One Big Beautiful Bill: New Overtime Tax Rules Employers and Employees Need to Know"
New York’s FAIR Business Practices Act: What the New Consumer Protection Measure Means for Your Business post image

New York’s FAIR Business Practices Act: What the New Consumer Protection Measure Means for Your Business

In 2025, New York enacted one of the most consequential updates to its consumer protection framework in decades. The Fostering Affordability and Integrity through Reasonable Business Practices Act (FAIR Act) significantly expands the scope and strength of New York’s long-standing consumer protection statute, General Business Law § 349, and alters the compliance landscape for New York […]

Author: Dan Brecher

Link to post with title - "New York’s FAIR Business Practices Act: What the New Consumer Protection Measure Means for Your Business"
How to Reduce Legal Risk as Your New Jersey Business Grows in 2026 post image

How to Reduce Legal Risk as Your New Jersey Business Grows in 2026

For many New Jersey businesses, growth is a primary objective for the New Year. However, it is important to recognize that growth involves both opportunity and risk. For example, business expansion often results in complex contracts, an increased workforce, new regulatory requirements, and heightened exposure to disputes. Without proactive planning, even routine growth can lead […]

Author: Ken Hollenbeck

Link to post with title - "How to Reduce Legal Risk as Your New Jersey Business Grows in 2026"

No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.

Sign up to get the latest from our attorneys!

Explore What Matters Most to You.

Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.

Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.

Let`s get in touch!

* The use of the Internet or this form for communication with the firm or any individual member of the firm does not establish an attorney-client relationship. Confidential or time-sensitive information should not be sent through this form. By providing a telephone number and submitting this form you are consenting to be contacted by SMS text message. Message & data rates may apply. Message frequency may vary. You can reply STOP to opt-out of further messaging.

Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!