Having a separate Cyber insurance policy is vital to corporations that store any sort of customer data. Too often businesses mistakenly believe that their Commercial General Liability (CGL) insurance will respond in the event of a data breach. This isn’t so as reflected by the latest case involving a Florida hotel group looking to its CGL policy to reimburse $2.4 million in fines and other related costs as a result of a data breach back in 2016. The carrier, Connecticut-based St. Paul Fire & Marine Insurance Company, a unit of Travelers Cos Inc., denied coverage and has requested a declaratory judgment that it is not liable for the data breach under the insured’s CGL policy. Data breach losses, the carrier stated, are not as a result of “bodily injury, property damage, personal injury, or advertising injury under the policy” – exposures covered under the CGL.
A separate Cyber Liability insurance policy designed for the hospitality industry, including hotels, should be secured to respond in the event of a data or network security breach. This policy can be designed to cover attorney fees, forensics, notification costs, crisis management and public relations expenses, penalties and fines, and third-party liability. Additionally, Cyber insurance policies can be tailored to cover business interruption as a result of the breach and cyber extortion.