Cybersecurity threats continue to grow in magnitude and number. While courts have yet to see a flood of coverage litigation over the terms of cyber insurance policies, the past year has presented coverage disputes in two areas involving traditional lines of insurance: (i) coverage for social engineering email scams under business and crime policies, and (ii) coverage for data breaches under the standard commercial general liability (CGL) policy provision for “personal and advertising” injuries.

Social Engineering Email Scams

Social engineering scams involve the manipulation of employees into taking actions that compromise corporate security or finances. These scams are becoming more prevalent with the increased reliance on electronic forms of communication. A common scam is the “Fake President” scheme, which involves fraudsters impersonating corporate executives or other individuals in order to trick employees into transferring funds or disclosing sensitive information. The FBI recently announced that these and other forms of business email compromise have resulted in the theft or attempted theft of more than $12 billion since 2013. Courts are divided on whether such losses fall within the scope of computer fraud coverage under business and crime policies.