One day this winter, upon arriving home from the airport, I found my 100-pound American Bulldog, Carlos, on top of a table in the backyard staring at the ground. Carlos had never jumped onto the top of the table before, but she was having difficulty navigating around the yard because of the 22 inches of snow that Mother Nature had dumped in my area last week. I guess it changed her perception of her world, so that she felt like the ground wasn't as far away from the tabletop when it was covered in snow.

Just as the snow was an unknown for Carlos, many unknowns exist and continue to develop in the insurance world. Years ago, a “tech” was someone who worked in an operating room and cyber risk insurance was something only the very geekiest of geeks imagined. But now, here we are, in the second decade of the new millennium, facing new and different risks, and many ways in which insurance policies can apply to those “tech” and “cyber” risks.

In the past, an entity, depending on what line of business they were in, would typically purchase four basic types of insurance policies: general liability, professional liability, auto policy, and workers' compensation. The policies rarely, if ever, interacted with each other because each covered a relatively distinct and separate risk.

In today's world, however, hybrid situations commonly develop and can carry implications for both general and professional liability. For example, consider an insured software company that designs and installs a suite of products for a retail establishment. After installation, a dispute arises as to the operation of the software, wherein the retailer alleges that the insured did not perform its technical duties properly and/or adequately. Upon hearing these allegations, the insured software company's employees begin to publicly make disparaging comments about the retail establishment.

As a result, the retail establishment files suit. Not only does it allege that the software company failed to properly install the product, but it also asserts a defamation claim for the disparaging public remarks made by the software company's employees. Which policy would come into play here—the general liability, professional liability, neither, or both?

Another scenario raises the same issue. In this example, a software company designs and installs a program that controls a fire suppression system. There is a fire in a building where the program is installed. The fire suppression system fails, and the building suffers fire damage. The building owner's allegations could pertain to both the professional design of the system as well as the negligent installation. Again, the situation begs the question of which coverage applies—general, professional, neither, or both?

The scope of a typical professional liability policy covers damages that result from “a negligent act, error, or omission in the performance of professional services for others by you or any entity for whom you are legally liable.” A professional liability policy is typically a “claims made” policy, and defense costs are usually within policy limits.

A general liability policy, on the other hand, provides coverage for damages resulting from bodily injury and property damage caused by an “occurrence” during the policy period. A general liability policy may also provide coverage (based upon policy language) for various offenses arising out of advertising or personal injury type offenses. It is an occurrence-based coverage, and the defense costs are outside of policy limits. The general liability policy will may contain a clause that excludes from coverage damages that arise out of the rendering or failure to render a “professional service.” Thus, with the mixed claim hypotheticals detailed above, a real question arises as to which policy would apply. The situations allege conduct that could be construed as either professional or general negligence.

To answer such policy coverage questions, first you must be cognizant of the jurisdiction the claim is in, and/or what substantive law might apply if not that of the local jurisdiction, as some states very narrowly construe the professional liability exclusion on a general liability policy and could find concurrent coverage.

Second, the potential motivations of the insured must be considered. Depending upon the complexity of the litigation and the sophistication of the insured, the fact that the defense costs are typically within limits on a professional liability policy may not be lost on them, and could be a key consideration in how they view your coverage positions. The more money expended defending a claim, the less available to fund a settlement if and when that time comes.

The ultimate answer to the question of when would either or both professional liability and general liability respond is that there is no hard and fast rule as to the applicability of both policies, and application would likely be contingent upon the loss, the governing law, and the allegations in the complaint.

In the event that we do see a mixed claim, the law of the relative jurisdiction must be reviewed as well as the other insurance clauses. If the appropriate conditions are met, then both policies could be triggered. Therefore, both policies could respond on a pro-rata or concurrent basis.

Now, take our first scenario where the retailer had issues with the software. Add in that the retailer lost personal electronic records of all of its past and current employees due (they claim) to even more problems with the software. The retailer incurs significant costs complying with various state and federal regulatory laws regarding lost data. It may be sued by an angry ex-employee. What policy responds now? Or should that retailer have “cyber” or “network security” coverage? Between policy exclusions and common law, it is clear that cyber coverage has evolved into the fifth necessary leg of coverage for most businesses. It responds when intangible, but nevertheless real, data is compromised and often substantial costs ensue.

When we last left Carlos, she was still on top of the table, surrounded by snow. Ultimately, she worked up enough courage to jump off the table, and landed softly and safely. She figured out that sometimes things just change, and when they do, one must keep up or miss out. The same can be said of the insurance world. Things are changing just about every day, and the failure to be cognizant of new (in this case, cyber) risks can lead to losses that could have been avoided and gaps in the coverage that could adversely impact your insured.

Special Reports /

Determining Coverage For &ldquo;Cyber&rdquo; Risks

Related Stories

Recommended For You

Determining Coverage For “Cyber” Risks