In one of the first court decisions to analyze in depth the coverage provided by a cyber policy, a federal judge has found that PF Chang’s policy came up short. Following a 2014 data breach in which hackers accessed and posted online 60,000 credit card numbers belonging to PF Chang’s customers, the company sought coverage under its “CyberSecurity by Chubb” insurance policy. Although PF Chang’s insurer, Federal Insurance Company (“Federal”), agreed to reimburse nearly $1.7 million for customer claims and other breach-related expenses, it refused to reimburse an additional $2 million in fees and assessments levied against P.F. Chang’s by the credit card brands. Last week a federal district judge in Arizona, applying Arizona law, denied PF Chang’s claim for reimbursement and granted summary judgment for Federal. While it held that these fees and assessments fell within the scope of coverage, the court held that the “contractual liability” exclusion barred coverage.
The data breach earlier this month that potentially exposed information about millions of federal government employees is yet another reminder that any organization that maintains data is at risk of being hacked. And rest assured that if you get hacked, you will incur substantial costs as a result, including substantial notice and related costs and potentially massive third-party liability claims.
We have written extensively about so-called “cyber” insurance, including how cyber insurance is neither comprehensive nor standardized. As a result, when you are shopping for your first (or next) cyber policy it is important to understand what types of coverages, exclusions and conditions are in the market. Making a well-informed purchase starts with knowing your options.
There are too many differences between cyber policies to cover in one blog post, and the market, still in its youth, is rapidly evolving. But here is a list of five important things—in no particular order—to consider when you’re in the market for cyber insurance: READ MORE