News and Views
Media Coverage

Blank Rome Alerts to Smart Grid Cyber-Insurance Risks

Third-party losses are traditionally covered by a firm's commercial general liability (CGL) insurance policy and qualify for coverage under that policy, Blank Rome Attorney Amy Spencer said yesterday in a blog post about smart grid liability published by the law firm. The post offered perspectives on insurance coverage to manage potential legal implications from a cybersecurity attack via a smart grid deployment.

Policyholders typically have to be confronted with a claim for bodily injury to another person or physical injury to tangible property, collectively known as "Coverage A," or a claim for "personal and advertising injury," such as malicious prosecution or invasion of privacy – called "Coverage B," the post said. Various disputes have arisen as to whether cyber-related losses fit within these coverages.

For example, some courts found cyber-related losses constituted loss of use of tangible property under Coverage A. In a case called Eyeblaster, Inc v Federal Ins Co, a general liability insurance policy gave coverage to an insured internet advertising firm for a lawsuit brought by a third-party computer user alleging his computer became inoperable after visiting the insured's website.

Coverage may also exist for personal-injury damages under Coverage B because a release of personal information constitutes an "invasion of privacy," the post said.

But the standard CGL policy form has been revised several times in response to the evolving case law, it added. Initially, in 2001, the definition of covered "property damage" was revised to say "electronic data is not tangible property," but in 2004, an "Electronic Data" exclusion was added to exclude "[d]amages arising out of the loss of, loss of use of, damage to, corruption of, inability to access or inability to manipulate electronic data."

Thus, even though policyholders typically would look to their CGL polies for coverage for bodily injury or property damage from a cyber-breach, it is possible insurers will assert policies expressly exclude cyber-related losses, the post warned.

The standard CGL policy was again amended in 2013 to preserve coverage for "bodily injury" notwithstanding the Electronic Data exclusion. The amended exclusion expressly said "this exclusion does not apply to liability for damages because of 'bodily injury.'"

But then in 2014, two standard endorsements were issued, one with a "limited bodily injury exception" and one with that exception "not included," thus letting insurers again choose to delete coverage for bodily injury. The new endorsements also let insurers exclude from coverage damages arising out of "any access to or disclosure of any person's or organization's confidential personal information," it added.

The variation among CGL policies requires close examination as to whether the policy preserves coverage for damages from cyber events.

If the insurance policies of a utility or smart grid firm lack the necessary coverage, it can look to purchase cyber liability insurance, it added. On its face, cyber insurance is intended to dovetail with and fill gaps in coverage for loss of electronic data left by CGL and first-party property policies but unlike standard CGL, cyber insurance policies are not uniformly worded and a number of insurers in the marketplace use their own forms, the post said (link loads page with second half of two-part article).

© 2017 Modern Markets Intelligence Inc. IMPORTANT: This article was reproduced from the September 15, 2017, issue of Smart Grid Today with the limited permission of the owner. To view the full story on Smart Grid Today’s website, please visit