Over the past few years, data breaches have become more frequent and have impacted an increasing number of people. As computer hacking and data breaches become more common, an issue that is often raised is whether, and to what extent, damages resulting from these incidents fall within the coverage of the policies held by the corporate victims of the attacks. This article explores courts’ differing conclusions when faced with claims for cyber risks under different types of insurance policies, looks at some of the recent cyber-crimes and the direct financial and legal impact on businesses, and posits solutions to address insurance coverage for cyber-related risks.
A cyber-hacking or data breach event, such as the ones suffered recently by Equifax, Target, Yahoo, and Sonic, typically involves a third-party gaining unauthorized access to a company’s computer system, stealing customer information and then using that stolen information to apply for mortgages, credit cards and student loans, and tapping into bank debit accounts, filing insurance claims and tax refunds, and racking up substantial debts. The theft of the personal financial information of their customers causes direct loss to the company itself, through lost records, reputational damage, business interruption, and costs to correct and repair the damage done by intruders, and may also subject the company to lawsuits from their customers.
