In an April 11, 2016 unpublished opinion, the U.S. Fourth Circuit Court of Appeals ruled that Travelers must defend Portal Healthcare in a class action data breach case. As the industry continues to develop cyber liability policies and pricing, many carriers have issued data loss/breach exclusions to current commercial general liability policies. Given the language in the two policies issued by Travelers, this should put every carrier on high alert to improve its coverage review and exclusion processes in order to price general liability and cyber risks appropriately. What is the process for ongoing coverage review and exclusion development? Is there a consistent exception reporting process? If so, how are these exceptions handled? Is there an after-action plan to help ensure the process is updated for improved effectiveness and efficiency? These and related questions are ones claims professionals should be asking. Otherwise, data breach and cyber risk pricing will be distorted and insurers will be defending claims that were never intended to be covered by commercial policies.
Fourth Circuit Holds that Data Breach is Covered by Commercial General Liability Policy