The recent, well-publicized retail store data breach controversies have spawned a number of lawsuits and insurance claims. Not surprisingly, insurers have responded with attempts to fight claims for coverage for such losses. Insurance underwriters are carefully monitoring decisions being handed down by courts in these lawsuits. All of this activity has led to a new emphasis on cyber and technology risk and assessments, as well as on insurance-program strategies.
These developments have ramifications for the construction industry that include, and go well beyond, the data-breach context. Contractors, design professionals and owners may find that in addition to losses caused by data breaches, other types of losses occasioned by technology-related incidents may not be covered by their existing insurance programs.
Specifically, insureds may find themselves with substantial coverage gaps because:
data and technology exclusions have been added to general liability policies.
such losses typically involve economic losses (as opposed to property damages or personal-injury losses) that insurers argue are not covered by general liability policies.
data and technology losses may be the result of manufacturing glitches rather than professional negligence covered by professional liability policies.
Coverage for claims involving glitches, manufacturing errors and data breaches in technology-driven applications — such as Building Information Modeling (BIM), estimating and scheduling programs, and 3D printing — may be uncertain. A number of endorsements are currently available for data breach coverage, but insurers don’t necessarily have the construction industry in mind as they provide these initial products.
In addition, there is no such thing as a “standard” cyber liability policy, endorsement or exclusion. Insurers have their own forms with their own wording, and as seemingly minor differences in language may have a significant impact in coverage, such matters should be run past counsel.
Construction insurance brokers are telling us that insurers are in the process of determining how to respond to cyber and technology risk claims, what products to offer going forward, and how to underwrite and price these products. Keith W. Jurss, a senior vice president in Willis’s National Construction Practice warns:
“As the construction industry continues to identify the unique “cyber” risks that it faces we are identifying gaps in the current suite of “cyber” insurance coverages that are available. In addition, new exclusionary language related to cyber risk under CGL and other policies adds to the gap. The insurance industry is slowly beginning to respond with endorsements that give back coverage or new policies designed to address the specific risks of the construction industry.
“As we identify cyber insurance underwriters willing to evaluate the risks specific to the construction industry, we are seeing the development of unique solutions in the market. There is, however, more work required and as construction clients continue to demand solutions the industry will be forced to respond.”
Consequently, this is a time to stay in close touch with qualified construction insurance brokers who understand the sector and have their hands on the pulse of the latest available cyber and technology risk products. As these products become available, clients may also want to consider what cyber and technology risk coverage to require on projects and whether to include these requirements in downstream contracts.