In an April 11, 2016 unpub­lished opin­ion, the U.S. Fourth Cir­cuit Court of Appeals ruled that Trav­el­ers must defend Por­tal Health­care in a class action data breach case. As the indus­try con­tin­ues to develop cyber lia­bil­ity poli­cies and pric­ing, many car­ri­ers have issued data loss/breach exclu­sions to cur­rent com­mer­cial gen­eral lia­bil­ity poli­cies.  Given the lan­guage in the two poli­cies issued by Trav­el­ers, this should put every car­rier on high alert to improve its cov­er­age review and exclu­sion processes in order to price gen­eral lia­bil­ity and cyber risks appro­pri­ately.  What is the process for ongo­ing cov­er­age review and exclu­sion devel­op­ment?  Is there a con­sis­tent excep­tion report­ing process?  If so, how are these excep­tions han­dled?  Is there an after-action plan to help ensure the process is updated for improved effec­tive­ness and effi­ciency?  These and related ques­tions are ones claims pro­fes­sion­als should be ask­ing.   Oth­er­wise, data breach and cyber risk pric­ing will be dis­torted and insur­ers will be defend­ing claims that were never intended to be cov­ered by com­mer­cial policies.

Fourth Cir­cuit Holds that Data Breach is Cov­ered by Com­mer­cial Gen­eral Lia­bil­ity Policy