A new court case between the Zurich American insurance company and Sony – its client – may set a precedent for future decisions made regarding an organization’s liability and coverage at the time of a data breach.
The insurer has stated that it will not cover Sony’s costs for the many class-action lawsuits that have occurred following the massive database breaches it experienced earlier in 2011, and is seeking the support of the courts for its decision.
Sony has already reported that it anticipates that the direct financial cost of the data breach – which doesn’t take into account the harm to its reputation – will likely total more than $178 million. There are currently 55 class action lawsuits being fought by Sony which are related to the event.
A Reuters report explained that Zurich American stated in the court papers that it filed that it has received sizable claims from Sony under its general liability insurance, to help to cover the costs it is facing from the lawsuits. The insurance company stated that the policy covers only “bodily injury, property damage, or personal and advertising injury,” and that as a result, it should not have to pay for the lawsuit expenses, since they do not fall within any of those categories.
Insurance consultant Ty Sagalow, the founder of Innovation Insurance Group, has noted that many companies are mistakenly assuming that the costs associated with a data breach are covered by their general liability insurance. However, he cautions that this form of cyber attack is not covered in the typical form of this insurance product. Many cyberinsurance products are being developed and sold in order to help fill this gap.