One of the most important coverage decisions of 2014 remains in the court system, as arguments in the Zurich-Sony case were made in New York appellate court this week concerning the scope of coverage for data breaches and other cyber risks under commercial general liability policies.
Sources said the weight of the decision to reverse or affirm the state Supreme Court’s ruling could come within the next six months.
About a year ago New York Supreme Court Judge Jeffrey Oing said Zurich American Insurance Co. and Mitsui Sumitomo Insurance Co. had no duty to provide defense coverage to Sony Corp. of America for litigation filed after a cyber attack of Sony’s PlayStation gaming system in 2011.
Sony sought coverage under policies underwritten by the insurers after its network platform for Sony PlayStation was hacked, exposing the personal identification information such as names, addresses, birth dates as well as credit card and bank information of users. According to court records, Sony faced 65 class-actions after the data breach.
Zurich sued Sony and other insurance companies, including also National Union, to determine which insurer, if any, would be straddled with coverage obligations under the CGL.
CGL policies provide coverage for oral or written publication of materials that violate a person’s right to privacy but the judge’s interpretation of policy language led him to declare coverage could not be triggered by a third-party, or anyone other than Sony. Oing ruled that publication must be from the policyholder.
But Zurich American Insurance Company v. Sony Corporation of America rages on in appellate court. Attorneys for the insurers point to the fact last year’s decision by Oing has been recognized in several other courts. They have said a CGL was never meant to cover, and has never been priced to cover, a data breach.
Sony alleges the publication issue is “a requirement not found in the language of the insurance policies” and that Oing came to his conclusion “based on a misreading” of the policies.
The ruling has also been held up as part of a rallying cry for standalone cyber insurance. In other words, there is no better way to guarantee coverage than to buy it.
Additionally, the case prompted insurers to tighten CGL policy language and inject new electronic data exclusions.
READ ALSO: Policy language interpretation favors insurers in Sony case | Sony appeals ruling in CGL case with Zurich, Mitsui