As previously discussed, the question of whether Commercial General Liability (“CGL”) coverage applies to cyber-attacks or data breaches is a hot point of contention between policyholders and insurers. One of our cases to watch in 2015—Zurich American Insurance Company v. Sony Corporation of America—may resolve this question in New York shortly.
On February 25, 2015, a hearing was held in a closely-watched New York appeal involving coverage under CGL policies for privacy claims filed in the wake of a data breach.Zurich American Insurance Company v. Sony Corporation of America is pending in the New York Supreme Court Appellate Division. The Sony parties are represented by Richard DeNatale and Steve Foresta of Orrick’s Insurance group. They are seeking coverage under a clause that appears in all standard CGL policies and covers claims for “publication, in any manner, of material that violates a person’s right of privacy.” The lower court ruled that there was no duty to defend because the alleged publication of information was perpetrated by the hackers rather than by the policyholder. In their appeal, the Sony parties argue that this ruling is contrary to the plain language of the insurance policies. The hearing on February 25 lasted about 30 minutes, with active questioning from the panel of five justices. A decision from the Appellate Division is pending.