Your company receives a demand letter and you realize that the claim stems from a vendor’s product or service. What do you do next? The first step for most companies will be to review the operative contract for any indemnification provisions. Next on the list will be to review any certificates of insurance issued by the vendor. All too often, however, companies at this phase learn that they were never actually added as additional insureds to their vendors’ policies or that their vendor’s coverage is inadequate.
Continue Reading Issues With Vendor Certificates of Insurance

A policyholder is usually thrilled when its insurer agrees to provide a defense of a claim. However, all too often, an insurer’s position on how that defense is to be provided surprises the policyholder. Sometimes, the policyholder learns for the first time that it does not have the right to select defense counsel. Other times, it learns that it is allowed to select defense counsel but must do so from a list of pre-approved panel counsel. In yet other circumstances, the policyholder is permitted to select its own defense counsel but may be limited to the rates approved by the insurance company (which are sometimes far below what the policyholder’s preferred counsel is charging).  
Continue Reading Who Gets to Select Defense Counsel?

The consequences of a data breach can be far-reaching. While the initial issues in the wake of a breach often involve investigation into the cause of the breach and sending notification to those affected (both of which are covered by most cyber insurance policies), coverage for certain types of third-party claims stemming from cyber breaches may be available under Commercial General Liability (“CGL”) insurance policies.

CGL insurance policies provide coverage for claims of “Bodily Injury,” “Property Damage,” and “Personal and Advertising Injury.” Bodily Injury and Property Damage claims are covered under Coverage A of CGL policies, while Personal and Advertising Injury claims are covered under Coverage B. This blog post briefly summarizes the major issues policyholders encounter when seeking coverage for Personal and Advertising Injury (Coverage B) under CGL policies that arise out of a cyber incident. 
Continue Reading Are Cyber Claims Covered Under Coverage B of CGL Policies?

Often called the “wild west,” the cyber insurance marketplace offers a wide variety of policy forms that vary drastically in the scope of coverage provided.  This is further compounded by the relatively small amount of case law analyzing cyber policies and the quickly-evolving cyber risks that companies face.  Insurers are quick to deny coverage based on the many exclusions in cyber policies, often leaving policyholders with the option of either spending money to fight their insurer in court or accepting the carrier’s denial.  If your company is insured by a cyber policy (or, for that matter, any type of an insurance policy), you should carefully review the policy, understand its exclusions, and, where possible, take steps to implement practices and procedures to ensure that your company’s activities do not fall within the enumerated exclusions.  Cyber insurers are often willing to modify exclusions in cyber policies to carve back certain coverages, but only when asked to do so.  Analyzing the policy and negotiating with the carrier on the front end, before a claim occurs, can save your company both time and money on the back end if a claim arises. 
Continue Reading Common Exclusions Invoked by Cyber Carriers to Deny Coverage

The European Union’s Global Data Protection Regulation (GDPR) took effect on May 25, 2018, and drastically expanded the compliance obligations of companies involved in the collection, use, and management of any European Union citizens’ data. The GDPR imposes a strict regulatory scheme with steep penalties for non-compliance, with maximum fines set at the greater of 20 million Euros or 4% of a company’s annual worldwide revenue. GDPR Art. 83, § 5. Please refer to Perkins Coie’s GDPR Resources for a more comprehensive overview.
Continue Reading Will Your Cyber Policy Provide Coverage for GDPR Violations?