Insurance groups chime in on Sony Playstation breach case

By Erin Ayers on January 29, 2015

Finding coverage for cyber losses under a traditional commercial general liability policy would undo decades of established case law and undermine “important insurance principles,” according to the American Insurance Association (AIA) and the Complex Insurance Claims Litigation Association (CICLA) in a joint amicus brief filed in Sony Playstation’s appeal.

The 2014 ruling on Sony Playstation’s 2011 data breach that the CGLs issued by Zurich American Insurance Company and Mitsui Sumitomo Insurance would not provide coverage for the online gaming giant should be allowed to stand, according to the groups.

“The underlying claims do not fall within the ‘personal and advertising injury’ coverage of the CGL policies,” argued the two industry associations. “First, Coverage B, the personal and advertising injury coverage, encompasses only specific, enumerated offenses, all of which require affirmative, intentional conduct by the policyholder. This has been settled law in New York for at least two decades.”

They added, “Here, Sony in no way had any intentional or affirmative involvement with the alleged malicious theft of data by hackers. The underlying suits do not seek damages because of injury by the policyholder consisting of the ‘offense’ of ‘oral or written publication, in any manner, of material that violates a person’s right of privacy.’”

Sony did not intentionally publish the breached information and instead its “offense” was to have failed to maintain adequate security against hackers.”

“It would be unprecedented to equate publication of material with the theft of information by a third party with no relationship to the policyholder,” AIA and CICLA asserted. “Even the most expansive judicial interpretations of the term ‘publication’ encompasses only the circumstances where a policyholder distributes information to a third-party, not where a third-party breaks in to steal information.”

AIA and CICLA pointed to Sony’s purchase of cyber insurance coverage expressly to guard against that sort of liability and has called upon to respond to the 2011 cyber attack. The groups cited the importance of recognizing the limitations of the CGL in order to maintain a functioning insurance marketplace.

“Insurers agree to bear certain risks for consumers and businesses in return for the consideration of correspondingly priced premiums,” concluded AIA and CICLA. “This delicate balance is sustainable only when courts enforce the bargain struck under the insurance contract’s clear terms.”

erin.ayers@zywave.com'

Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].