The increased prevalence, and awareness, about cyberattacks should surprise no one. Cybersecurity breaches against businesses and political entities within the last several years has brought the issue from a niche focus into the broader strategic focus of most organizations. Certainly, cyberinsurance policies present one potential avenue for addressing, defending against, and mitigating cyber-related security events. Recent decisions, including in particular, InComm Holdings v. Great American Insurance, 2017 U.S. Dist. LEXIS 38132 (N.D. Ga. March 16), however present certain potential limitations to cybercoverage.
One of the more common forms of a cyberattack is a phishing attack or other type of attack aimed at getting users to voluntarily release sensitive information, monetary funds, among others. It was a phishing attack that led to the now-notorious DNC email leak scandal in the last presidential election cycle. This type of attack can raise unique issues under a cyberinsurance policy. For instance, some insurers may decline coverage for this type of attack depending on the content and language of the specific cyberpolicy. Although cyberinsurance policies are not as standardized as many of the traditional commercial line policies, some commonalties do emerge. The InComm decision highlights several of these commonalities and raises important considerations for policyholders.
