Cyber Liability – Failure to Protect Information

By Remmie Butchko, CIC

Georgetown Insurance Service, Inc.

Silver Spring, MD

My last post discussed potential issues with General Liability (GL) insurance as it relates to damaging or destroying electronic media, information, or data that is owned by others.  Because GL policies intend to cover “Property Damage,” and electronic data is no longer considered to be “Tangible Property,” such damages are typically not covered by a standard GL policy.

Another issue (gap) aside from the previously discussed damaging of another party’s data, is the obligation to protect a 3rd party’s data.  Recent policy verbiage now restricts an insurer’s obligation to cover claims (and defense of such claims) regarding “access or disclosure of confidential or personal information, and data-related liability.”

So, what exactly does this mean to the average Business Owner?  I will break it down into smaller pieces:

Personal Information (aka “Personally Identifiable Information”) would include failure to protect facts such as:

  • Social Security Numbers
  • Health Records
  • Credit Card Information
  • Bank Account Information
  • Drivers Licenses/Driving Records
  • Employment Files/Records

This can include information about employees (including their children, beneficiaries, and ex-spouses), prospective employees, customers, past customers, and independent contractors.

Confidential Information (typically corporate information vs. personal information) could include failure to protect:

  • Trade Secrets
  • Customer Lists
  • Financial Information

Lastly, the new policy verbiage excludes claims from access or disclosure of “any other type of non-public information.”  Nobody could possible predict as to where this verbiage will lead.  Is a secret by the water cooler considered “non-public information?”   We’ll see as time evolves.

It is clear that the GL policy has no intention of covering claims involving the Failure to Protect Information, and the solution is to procure insurance specifically intended to cover these exposures.

Because the world is rapidly changing with technology, litigation, and legislation, there currently is no standard “off the shelf” Cyber Liability Policy that will address these issues.  It is important to choose the policy(s) that is best suits your needs.

These policies vary widely, so it is a conversation worth having with your agent.


Disclaimer: All data, information, and opinions provided on this article, newsletter, or blog is for informational and educational purposes only. While every caution has been taken to provide readers with the most accurate information and honest analysis, please use individual discretion before making any decisions based on the information in this article, newsletter, or blog. Georgetown Insurance Service, Inc. is not responsible if its readers happen to experience loss, injury, or damage resulting from its display or use. All information is provided on an as-is basis. This article, newsletter, or blog does not represent the thoughts, intentions, plans, or strategies of any specific Insurance Carrier, Georgetown Insurance Service, Inc. partner or affiliate.

Leave a Reply

Your email address will not be published. Required fields are marked *