Insurance Broker’s Can Bridge The Gap Between Policyholders And Insurers During The Cyber Insurance Application Process (And Beyond)

By Todd M. Rowe, Esq. of Tressler LLP While many in the insurance industry are just beginning to grasp the basic concepts related to cyber insurance, it is clear that policyholders may still be confused with the requirements and concepts in cyber policies. This gap between policyholders and insurers has caused confusion in the marketplace and caused policyholders to question the value of cyber insurance. However, insurance brokers can bridge the gap between policyholders and cyber insurers. One example of the need for brokers is seen in Columbia Casualty Co. v. Cottage Health System, 2:15-cv-3432 (C.D. Cal.. 2015), where Columbia Casualty sought a declaration that coverage was barred by the insuredaEUR(TM)s alleged failure to follow aEURoeminimum required practices exclusionaEUR? in a cyber insurance policy. This exclusion required the insured to aEURoecontinuously implementaEUR? its cyber security controls identified in the insurance application submitted prior to the inception of the policy. To obtain this coverage, Cottage Health System completed the aEURoeRisk Control Self AssessmentaEUR? section of the application, which asked many technical questions including the following:
  • Do you check for security patches to your system at least weekly and implement them within 30 days?
  • Do you replace factory default settings to ensure your information security systems are securely configured?
  • Do you have a way to detect unauthorized access or attempts to access sensitive information?
  • Do you control and track all changes to your network to
ensure it remains secure? In its complaint for declaratory judgment, Columbia asserted coverage was barred for the insuredaEUR(TM)s data breach because Cottage Health System failed to continuously check the safeguards identified in its insurance application. Specifically, Columbia claimed its investigation of Cottage HealthaEUR(TM)s breach found that internet servers allowed anonymous users access to personal information. Since the Cottage Health case was filed, the district court has granted Cottage HealthaEUR(TM)s motion to dismiss and left the parties to mediate the coverage dispute based on a provision requiring mediation in the cyber policy. While there may never be a decision on the merits, this litigation underscores the need for brokers to make sure their clients have an understanding of their data storage structures, equipment, and policiesaEUR" from the application process through the entire policy period. Although some confusion in the marketplace is to be expected as cyber threats develop, insurers and brokers, policyholders and insurers must cooperate to limit the amount of confusion. Policyholders need to understand what specific threats they face and take steps to implement safeguards that coordinate with cyber insurance coverage. Brokers can help policyholders with this. On the other hand, insurers can minimize confusion by understanding policyholdersaEUR(TM) particular needs and providing customized cyber coverage. Brokers can help insurers with this. In the end, coordination between policyholders and insurers through insurance brokers may be the best defense against the hackers and other cyber threats. For additional information, please contact Todd at or (312)627-4180

Meet The Experts

    Enter name of Insurance Company and press GO button.