Addressing Cyber Liability Through General Liability Policies

Cyber Insurance_blog

A nightmare scenario for many executives is being the victim of a cyber crime. Once hackers have infiltrated your networks, they may have access to your trade secrets, customer data, and other proprietary information.

According to predictive data compiled by CSO, the future implications of cyber security are staggering:1

CSO Cyber Stats

Despite the significant growth in frequency of Cyber attacks and availability of cyber-specific coverage, companies continue to seek coverage for Cyber Liability under their General Liability policies.  Not all courts have found coverage under the CGL policy.  Older CGL forms contribute to the confusions due to the lack of coverage limiting language.

Let’s compare the basic coverage intent of each policy (CGL and Cyber) to discern the differences in coverage.

General Liability is intended to provide coverage against loss resulting from Bodily Injury, Property Damage and Personal and Advertising Injury.

  • Bodily Injury: protects against third party actions seeking payment for loss resulting from accidents such as slips and falls, that result in bodily injury.
  • Property Damage: protects against third party actions seeking payment for loss resulting from damage to or loss of use of tangible property.
  • Personal & Advertising Injury: protects against third party actions seeking payment for loss resulting from statements or misrepresentations that are made.

Cyber Liability is intended to address First Party Response and Third Party Defense.

  • First Party Response: covers the additional expenses involved in responding to a breach with such services such as notifying customers, providing ongoing credit monitoring, as well as public relations crisis assistance.
  • Third Party Defense: protects against third party actions seeking payment for loss resulting from a data breach.

Cyber losses are typically excluded from current commercial general liability policies or at least are not specifically defined in traditional insurance products.  Maintaining older coverage forms or removing Cyber exclusions from GL policies can create uncertainty.

As businesses evolve in the electronic age, Cyber Liability coverage is a less ambiguous method for protecting a business’ assets, functions as a better means for minimizing the financial burden a company may face post-attack, and provides a clearer definition surrounding losses to be covered than the traditional General Liability coverage.


1Morgan, Steve. “Top 5 cybersecurity facts, figures and statistics for 2018.” January 23, 2018. 

General Liability vs. Cyber Liability Insurance.” Risk Based Security. Accessed June 6, 2018. 

CGL Does Not Stand for ‘Cyber General Liability.’” Arthur J. Gallagher. Accessed June 7, 2018. 

Neil Chambers, Vice President, Account Executive, co-wrote this article.

Wendy Marx, Assistant Vice President, Account Executive

Wendy Marx is an Assistant Vice President, Account Executive with Old Republic Risk Management. She is responsible for leading the relationship with clients and brokers by marketing and underwriting casualty insurance programs for large corporations and group captives in the risk management marketplace. Wendy assists ORRM's efforts in the Southeast.