What follows is not a comprehensive list of types of insurance offered. Rather, it is a list of those most commonly encountered in the business context.

§ 24.3.1—First-Party Coverage

Business property insurance protects a business's physical assets. Commercial property insurance plans vary from policy to policy, but are generally categorized by the type of event leading to a loss, and against what risks the policy specifically insures.

Property insurance policies come in two basic forms: (1) all-risk policies covering a wide range of incidents and perils, except those noted in the policy as one the insurer has specifically excluded from coverage; and (2) peril-specific policies that cover losses from only those specific perils listed in the policy.

§ 24.3.2—Third-Party Coverage

Comprehensive General Liability

CGL is an insurance policy issued to business organizations to protect them against liability claims from third parties for bodily injury (BI) and property damage (PD) arising out of the operations of the business, as well as for advertising and personal injury (PI) liability. CGL also can include other coverage for damage to premises the insured has leased, medical expenses, products/completed operations hazards, and professional liability.

Directors and Officers Liability

D&O is liability insurance payable to the directors and officers of a company, or to the organi-zation(s) itself, as indemnification for losses or defense costs in the event an insured suffers a loss as a result of a legal action brought for alleged wrongful acts or omissions made in their capacity as directors and officers.

Most D&O policies have conduct exclusions that bar coverage for fraudulent, criminal, or willful misconduct. The general rule is, however, that mere allegations of those types of excluded conduct are not sufficient to trigger this exclusion. The reasoning is that, if allegations were enough, standing alone, then many claims that would otherwise be covered under the policy would be precluded from coverage. That is because of the simple reality that many D&O claims involve allegations of fraudulent, criminal, or willful misconduct that the claiming party may or may not be able to prove.

In contemporary policies, the conduct exclusions in most D&O policies require a judicial determination in order for the exclusion's preclusive effect to be triggered. Exactly what constitutes a sufficient judicial determination is a matter of policy wording. A recent California intermediate appellate court considered a policy that required a "final adjudication" to trigger the exclusion.2 There, the court determined the exclusion did not apply to preclude coverage while the insured person's appeal remained pending, despite the insured person's criminal securities fraud conviction.

The contrasting policy language to the requirement of a "final adjudication" or "final disposition" (both of which would apply during the pendency of an appeal or petition for certiorari) would be policy language requiring only a "final judgment." This would accommodate the federal and Colorado rule that a pending appeal does not affect the finality of a judgment that a trial court has entered.

Errors & Omission

E&O policies protect the insured against claims that it was negligent in providing professional services such as financial, legal, accounting, medical, etc.

Employment Practices Liability

EPL insurance covers employers against claims employees make alleging discrimination (based on sex, race, age, or disability, for example), wrongful termination, harassment, and other employment-related issues.

Product Liability

Companies that manufacture, wholesale, distribute, or retail a product may be liable for its safety to consumers or bystanders. Product liability insurance protects against financial loss as a result of a defective product that causes injury or bodily harm.

Workers' Compensation

Workers' compensation is a form of insurance providing replacement payments for lost wages and medical benefits to employees injured on the job. In most states it is the only remedy that an injured employee may pursue against an employer, even if there would otherwise be a claim for negligence. Workers' compensation insurance is required by law in most states and each state's requirements can vary significantly.

§ 24.3.3—Hybrid Coverage

Hybrid policies contain both first-party and third-party coverage. An example of a hybrid policy is an environmental impairment policy. These policies can cover both the cost of cleaning up pollution and the defense of and indemnity for claims made against the insured as a result of the pollution.

Cyber and privacy policies are another example of a hybrid policy. Cyber and privacy policies are typically written as hybrid policies insuring both first- and third-party interests and are designed to provide protection for the range of damages that can be inflicted by a data breach. The first-party coverage includes the costs of responding to the breach, costs of notice to affected parties, and resulting business interruption. The third-party coverage includes defense and indemnity of any claims third parties make alleging they have suffered a loss cause by the data breach.

Coverage for Cyber Attacks

If your client has not purchased a cyber and privacy policy, one potential avenue is to read carefully the provisions providing kidnap, ransom, and extortion coverage. In particular, ransom and extortion coverage, if not carefully worded to apply only to an insured person, provides a potential avenue for coverage from ransomware and malware attacks because they are a form of extortion.

For data breaches, there is also the potential for coverage for legal defense costs and indemnity for damages incurred as a result of lawsuits that fall under "personal and advertising injury" coverage, if the injury arises out of the insured's business activities. Some policies define "injury" to include the "oral or written publication, in any manner, of material that violates a person's right of privacy." The resulting claim for coverage would, therefore, be that the challenged data breach violated the privacy of data originators (usually customers or cardholders) with the publication of private customer or credit card information during the data breach, which is an injury the policy would then cover.

The insurance industry has responded to claims insureds have made under their CGL policies for these ransomware and malware attacks by introducing endorsements that eliminate these claims. For example:

Under Coverage A - Bodily Injury And Property Damage Liability, coverage is excluded for damages arising out of any access to or disclosure of confidential or personal information. This is a reinforcement of coverage.

Under Coverage B - Personal And Advertising Injury Liability, coverage is

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT