As the world becomes more interconnected, cyber attacks unfortunately are becoming more frequent, more sophisticated and more dangerous. So-called “cyber-physical attacks,” for instance, pose a unique threat—specifically, the risk of bodily injury (including, but not limited, to death) to third parties. While these attacks and this risk are not new, the insurance industry as a whole has seemingly been slow to respond to them.

“Traditional” cyber insurance policies often exclude coverage for “bodily injury,” whereas marine and hull cargo insurance policies often exclude coverage, for example, for “loss, damage, liability, or expense directly or indirectly caused by or contributed to by or arising from the use or operations, as a means for inflicting harm, of any computer.” And, while policyholders may have good arguments that commercial general liability (CGL) insurance policies should cover third-party liability claims arising out of cyber-physical attacks, the relevant policy language may not be sufficiently explicit to preclude protracted and costly coverage litigation.