One day this winter, upon arriving home from the airport, Ifound my 100-pound American Bulldog, Carlos, on top of a table inthe backyard staring at the ground. Carlos had never jumped ontothe top of the table before, but she was having difficultynavigating around the yard because of the 22 inches of snow thatMother Nature had dumped in my area last week. I guess it changedher perception of her world, so that she felt like the groundwasn't as far away from the tabletop when it was covered insnow.

Just as the snow was an unknown for Carlos, many unknowns existand continue to develop in the insurance world. Years ago, a “tech”was someone who worked in an operating room and cyber riskinsurance was something only the very geekiest of geeks imagined.But now, here we are, in the second decade of the new millennium,facing new and different risks, and many ways in which insurancepolicies can apply to those “tech” and “cyber” risks.

In the past, an entity, depending on what line of business theywere in, would typically purchase four basic types of insurancepolicies: general liability, professional liability, auto policy,and workers'compensation. The policies rarely, if ever, interacted witheach other because each covered a relatively distinct and separaterisk.

In today's world, however, hybrid situations commonly developand can carry implications for both general and professionalliability. For example, consider an insured software companythat designs and installs a suite of products for a retailestablishment. After installation, a dispute arises as to theoperation of the software, wherein the retailer alleges that theinsured did not perform its technical duties properly and/oradequately. Upon hearing these allegations, the insured softwarecompany's employees begin to publicly make disparaging commentsabout the retail establishment.

As a result, the retail establishment files suit. Not only doesit allege that the software company failed to properly install theproduct, but it also asserts a defamation claim for the disparagingpublic remarks made by the software company's employees. Whichpolicy would come into play here—the general liability,professional liability, neither, or both?

Another scenario raises the same issue. Inthis example, a software company designs and installs a programthat controls a fire suppression system. There is a fire in abuilding where the program is installed. The fire suppressionsystem fails, and the building suffers fire damage. The buildingowner's allegations could pertain to both the professional designof the system as well as the negligent installation. Again, thesituation begs the question of which coverage applies—general,professional, neither, or both?

The scope of a typical professional liability policy coversdamages that result from “a negligent act, error, or omission inthe performance of professional services for others by you or anyentity for whom you are legally liable.” A professional liabilitypolicy is typically a “claims made” policy, and defense costs areusually within policy limits.

A general liability policy, on the other hand, provides coveragefor damages resulting from bodily injury and property damage causedby an “occurrence” during the policy period. A general liabilitypolicy may also provide coverage (based upon policy language) forvarious offenses arising out of advertising or personal injury typeoffenses. It is an occurrence-based coverage, and the defense costsare outside of policy limits. The general liability policy will maycontain a clause that excludes from coverage damages that arise outof the rendering or failure to render a “professional service.”Thus, with the mixed claim hypotheticals detailed above, a realquestion arises as to which policy would apply. The situationsallege conduct that could be construed as either professional orgeneral negligence.

To answer such policy coverage questions, first you must becognizant of the jurisdiction the claim is in, and/or whatsubstantive law might apply if not that of the local jurisdiction,as some states very narrowly construe the professional liabilityexclusion on a general liability policy and could find concurrentcoverage.

Second, the potential motivations of the insured must beconsidered. Depending upon the complexity of the litigation and thesophistication of the insured, the fact that the defense costs aretypically within limits on a professional liability policy may notbe lost on them, and could be a key consideration in how they viewyour coverage positions. The more money expended defending a claim,the less available to fund a settlement if and when that timecomes.

The ultimate answer to the question of whenwould either or both professional liability and general liabilityrespond is that there is no hard and fast rule as to theapplicability of both policies, and application would likely becontingent upon the loss, the governing law, and the allegations inthe complaint.

In the event that we do see a mixed claim, the law of therelative jurisdiction must be reviewed as well as the otherinsurance clauses. If the appropriate conditions are met, then bothpolicies could be triggered. Therefore, both policies could respondon a pro-rata or concurrent basis.

Now, take our first scenario where the retailer had issues withthe software. Add in that the retailer lost personal electronicrecords of all of its past and current employees due (they claim)to even more problems with the software. The retailer incurssignificant costs complying with various state and federalregulatory laws regarding lost data. It may be sued by an angryex-employee. What policy responds now? Or should that retailer have“cyber” or “network security” coverage? Between policy exclusionsand common law, it is clear that cyber coverage has evolved intothe fifth necessary leg of coverage for most businesses. Itresponds when intangible, but nevertheless real, data iscompromised and often substantial costs ensue.

When we last left Carlos, she was still on top ofthe table, surrounded by snow. Ultimately, she worked up enoughcourage to jump off the table, and landed softly and safely. Shefigured out that sometimes things just change, and when they do,one must keep up or miss out. The same can be said of the insuranceworld. Things are changing just about every day, and the failure tobe cognizant of new (in this case, cyber) risks can lead to lossesthat could have been avoided and gaps in the coverage that couldadversely impact your insured.