Data Breach Liability: Court Expands Insurance Coverage in Email Mishap

by
Statue of Lady Justice holding scales and sword, silhouetted against the London skyline at sunset, used to symbolize courts ruling in data breach liability and legal accountability case involving insurance policies like cyber insurance.
Court Decision Highlights Overlapping Coverage

An English court clarified how multiple insurance policies, not just cyber insurance, can apply to a single data breach incident, offering lessons for companies and brokers about data breach liability. As outlined in a recent A&O Shearman blog, the case revolved around a housing association’s misdirected email in 2020 that exposed personal data from 3,500 people. Roughly 1,000 individuals made complaints. Settlements are expected to exceed £6 million.

Three Policies, One Incident

The housing group had three relevant insurance policies:

  • A Cyber Policy with a £1 million cap
  • A Combined Policy with a £5 million cap
  • A Professional Indemnity (PI) Policy with a £5 million cap

They notified the cyber insurer right away but failed to notify the other two policies until it was too late.

Missed Notification Leads to Lost Insurance Access

The insurers for the Combined and PI Policies initially denied coverage due to late notification. The Combined insurer later reversed course. The PI insurer did not.

The client sued its broker, claiming poor advice led to lost coverage. The broker argued that total coverage was always capped at £5 million due to “other insurance” clauses. These clauses outline how overlapping insurance responds to the same incident.

Get The Cyber Insurance News Weekly Upload – Delivered Every Sunday.
Subscribe! AND Thank you!

Court Says ‘Other Insurance’ Clauses Cancel Each Other Out

The court disagreed. It ruled the clauses canceled each other out, which meant the claimant could have received up to £11 million if all notifications were timely.

See also  Cyber Insurance & Lawsuits: It's a "Race" to the Courthouse for Cyber Litigation
Broader Implications for Cyber and PI Insurance

“Different types of insurance can cover data breach liabilities,” the blog notes, showing cyber coverage is only part of the puzzle.

Timely Notification Matters

Key takeaway: Notify all relevant insurers immediately; waiting could cost millions.

Other Cyber Insurance News For You: Confused About Cyber War Clauses? Jenner & Block Provides Some Clarity in Update to Clients(Opens in a new browser tab)

Martin Hinton

Martin Hinton is the Executive Editor and Publisher of Cyber Insurance News and Information. With over three decades of journalism experience across six continents, his work encompasses investigative reporting, documentaries, and coverage of cultural, political, and business news. To learn more about his career, click on his name to visit his LinkedIn page.

×