When it comes to cyber-attacks, does blame always equal a claim?
With a spate of high-profile cyber-attacks continuing to be reported and the arrival of new transparency rules such as GDPR, companies have been rushing to take out insurance against a breach.
The US market for cyber policies grew by more than a third in 2016, according to Fitch Ratings, hitting $1.35 billion, and looks set to continue expanding at a furious rate.
However, not all of these insurance customers are happy, and over the last year or two there have been a number of high-stakes disputes about whether or not the insurer is liable to pay out.
Earlier this summer, the National Bank of Blacksburg in Virginia, US, sued Everest National Insurance Company stating it should have paid out when the bank was hacked in 2016.
The claim was denied on the basis of two riders in the insurance contract. The first was a C&E rider covering losses which ‘result directly from an intrusion’, with a single loss limit liability of $8 million.
The second was a debit card rider covering losses resulting directly from the use of lost, stolen, counterfeit or altered cards, with a single loss…