Overview of New Appleman Insurance Law Practice Guide, Chapter 45: Understanding Cyber Insurance Liability Coverage

Overview of New Appleman Insurance Law Practice Guide, Chapter 45: Understanding Cyber Insurance Liability Coverage

45.01 Scope. The computer and the internet have reshaped how we communicate, live and work. The internet’s ability to collapse time and distance at minimal costs has made it the preferred method of communication. New words, such as blog, Skype, IM, Facebook, and twitter, continually emerge to describe the new ways the internet enables communication cheaper, faster and to a wider audience than previous technology allowed. This eliminates significant transaction costs and has intractably entwined business with the internet.

The computer and the internet have created new business opportunities and new risks. In the frenzy to secure a web presence, many businesses neglect to fully explore and evaluate the risks they face and those risks are potentially significant. Indeed, a plaintiff’s lawyer might call the internet a “virtual heaven.”

The internet acts as a force multiplier allowing employees to expose companies to significant liability with disturbing ease. Material that is defamatory, offensive, obscene, or personally invasive can — all too easily and quickly — be transmitted over the internet. Such on-line transmissions can injure reputations, inflict distress, and violate personal privacy rights.

Conducting business on-line also risks exposure to intellectual property liability on multiple fronts including: trademark, trade dress, copyright, slogan, title, Lanham Act, and unfair competition. Even the most elementary components of the website, such as the Uniform Resource Locator (“URL”), better known as the web address (e.g., www.yahoo.com) can create liability if perceived to be too similar to an existing mark. Moreover, the internet’s invaluable ability to duplicate and distribute innumerable copies of content at minimal cost can also create a perfect storm of copyright liability. In short, the opportunities to commit torts electronically are as boundless as cyberspace.

Moreover, in a digital economy where information is the new currency, the possibility of huge economic losses caused by the deletion, corruption or theft of valuable business data is very real. Businesses are increasingly dependent on their ability to quickly and easily access, store and transmit computerized data. Any interference with that ability can, and does, translate into titanic financial losses.

Additionally, with companies routinely holding personal information (including credit card numbers) of millions of customers the theft of that data poses even larger potential liability than the destruction of such data. New methods of looting a company’s digital treasury continue to emerge.

With the promise of more viruses, bugs, hackers, and the opportunity to incur liability to come, and the prediction by Lloyds of London that “e-commerce will emerge as the single biggest insurance risk of the 21st century,” businesses are understandably focused on evaluating their exposure to such risks and gauging whether they are adequately protected. The insurance industry has responded to these new risks with products tailored to insure losses and liability flowing from the transaction of business on the internet.

What follows is a guide to understanding this new cyber insurance liability coverage, as well as potential coverage available based on existing traditional policy coverage forms.

This chapter begins with a discussion of what wrongful conduct might be insured. It next discusses plaintiff and defense counsel strategy, timing issues, and the identification of potentially applicable liability policies. Finally, this chapter evaluates the impact of miscellaneous policy forms, litigation costs, and settlement and indemnity issues.

45.02 Key Practice Insights. Insuring cyberspace involves a trilogy of real world concerns. As a threshold issue, it requires a detailed risk analysis. The days of evaluating risk by obtaining a list of assets are gone. In order to ensure a business is appropriately insured, it is critical to undertake a detailed evaluation of all aspects of the business. Those involved in the process are well advised to conduct the risk analysis in a detailed manner, which is akin to the due diligence undertaken when evaluating a business for purchase. Questions regarding license rights, how electronic records are secured or maintained, the business on-line presence and marketing program, as well as evaluating the businesses current intellectual property rights are central to an appropriate risk evaluation.

In addition to evaluating the risk, a detailed analysis of how the company will appropriately manage the risk is necessary. Insurance, which is the focus of our discussion, is only one aspect of the process. Evaluation of self-insurance, indemnity agreements, licensing agreements, and business practices are only a few of the techniques that can be employed to manage risk. To the extent insurance is utilized to manage risk, it is critical that the coverage be selected carefully, and that the policy forms are carefully reviewed. Insurance in cyberspace is not a commodity product — each policy is unique.

Finally, litigation arising out of cyber torts involves substantial risk. Indeed, the cost to defend against a lawsuit is often staggering because of the complexity, novelty, and sheer volume of the issues presented. Even more breathtaking are some of the verdicts rendered in cases involving the internet because of the size of the numbers reported. The impact of even being forced to defend against a lawsuit may result in shuttering the doors, and an adverse ruling often has dire consequences. As a result, careful attention must be paid to ensuring appropriate risk transfer techniques are in place to hedge against future litigation and ensure business continuity.

45.03 Master Checklist. When visiting with a client seeking advice regarding insurance to cover risks while operating in cyberspace, consider the following issues:

45.02 Understanding Cyber Insurance Liability Coverage

• What is the nature of your client’s business?

Discussion: § 45.01

• Is the client in the business of advertising?

Discussion: §§ 45.04, 45.14 –45.16

• Does the client solicit business by sending mass e-mail, facsimiles, or telephone?

Discussion: § 45.04[8]

• Does the client have a website?

Discussion: §§ 45.04[8], 45.04[9][a] In order to determine whether there is coverage for a given loss, the first step is to consider the following issues:

• What is the nature of the claim or claims at issue, and what are the potential torts or offenses alleged?

Discussion: § 45.04

• What insurance policy or policies may respond to the loss?

Discussion: §§ 45.12 –45.16

• Are there any contracts, such as license agreements, involved?

Discussion: § 45.02

• Is there a claim for “property damage”?

Discussion: § 45.12

• Is there a claim for “advertising or personal injury”?

Discussion: §§ 45.14 –45.15 Do any exclusions apply to bar coverage for the loss?

Discussion: §§ 45.12[2], 45.15[2], 45.16[2]

• Are there any other insurers or parties that may be responsible for the loss?

Discussion: § 45.06 An insurance coverage evaluation should include the following:

• Review the lawsuit complaint and all amended complaints (if any).

Discussion: § 45.05

• Identify all possibly covered wrongful conduct, and or offenses, such as disparagement, trademark infringement, copyright infringement, slogan infringement, and other allegedly wrongful conduct involving advertising or publication. Draft a list.

Discussion: § 45.04

• Identify all possibly covered property damage alleged in the complaint.

Discussion: §§ 45.01, 45.02

• Make an initial determination of the relevant time period. Depending on the type of liability coverage involved, the following dates may be relevant: advertising dates, publication dates, the date of injury, the date of notice of claim or suit to the insured, and date of notice to any insurer. Add these dates to your list.

Discussion: §§ 45.08 –45.11

• Make initial determination of possibly triggered liability policies. Ask your insured for their liability policies in effect during the relevant time periods, such as: Commercial General Liability (“CGL”) policies, advertiser’s liability policies, Multimedia liability policies, employment practices liability policies, directors’ and officers’ policies, excess and umbrella policies, and other liability policies which may be specific to your client’s industry.

Discussion: § 1.09, Chs. 30, 37, 39, 41, 43, 44 and §§ 45.08[1], 45.09[1]

Access New Appleman Insurance Law Practice Guide Chapter 45 on lexis.com.

Access The Store to learn more about the New Appleman on Insurance Law Practice Guide

For more information about LexisNexis products and solutions connect with us through our corporate site.