Cyber Insurance Coverage for Breach of Privacy Claims: The Law Is Evolving

Organizations in various industries have faced a spate of third-party demands and claims after computer network data has been exposed, whether inadvertently or deliberately, via data theft. In the wake of compromised health information, payment card information, or other sensitive data, organizations often hear from regulators and sometimes law enforcement. Civil litigation represents a definite possibility, too. Many companies will face a barrage of lawsuits and even class action litigation where sensitive data has been stolen or disclosed improperly. Those class actions have had more teeth and more staying power in recent years. Recently, Zoom reportedly agreed to pay $85 million and bolster its security to resolve class action privacy litigation pending in California.

Many policyholders facing this kind of litigation exposure rightly look to their liability insurance for protection, including not only dedicated cyber policies, but also their D&O insurance, E&O insurance, and general liability insurance (aka CGL insurance). The resulting insurance coverage battles have been hard fought in numerous jurisdictions—especially under the personal injury insuring promises of CGL insurance coverage.