Cyberattacks and electronic data breaches are on the rise, and the costs associated with those breaches can be astronomical. In response, the insurance industry has created a specialty market for cyber coverage. However, despite the number of cyber insurance policies currently offered on the market, insurers frequently deny claims for cyber coverage under both these specialty and traditional policies. Examining the evolution of cyberattacks, data breaches, and the massive harm they can cause to businesses, this Article explores the legal and market obstacles to obtaining adequate cyber insurance coverage and offers potential solutions to policyholders and insurers to satisfy this growing market need. It provides textual analyses to review the language of various traditional and cyber-specific policies and coverage forms, and the insurance industry's response to cyber losses based on the policy language. These analyses illustrate why vague/imprecise language and the lack of standardized policy terminology has left policyholders without coverage for many of their cyber claims. The Article also examines the role insurers and policyholders can play, and some of the actions they can take, to address this problem. These actions, including drafting more explicit and precise language, and standardizing policy terms, can help to resolve the cyber coverage conundrum and better ensure that businesses that purchase cyber insurance policies actually have the protection they need after a cyber loss, while also protecting insurers from potentially having to pay for losses the policy language does not require them to pay.
Cardozo Law Review
Suggested Bluebook Citation
Deborah L. Johnson, Demystifying the Elusive Quest for Cyber Insurance Protection: The Need for New Contract Language, 44 CARDOZO L. REV. 2361 (2023).