The recently filed case of First Bank v. Federal Insurance Company reflects yet another financial services provider that was the subject of a data breach incident, and was forced into litigation with its insurers as a result. As detailed in our recent article, First Bank is not alone in having their insurance company deny the claim for coverage arising from the data breach. In this area of privacy and data security, anecdotally at least, it appears that many insurers are "underwriting at the point of claim" — that is, denying coverage in the hope that the policyholder will abandon pursuit of the coverage.
However, you may be covered, even if you do not have a "cyber" or "data security" policy. In fact, the label or title on the policy matters little, as Federal had issued a policy impressively titled, “Cybersecurity by Chubb for Financial Institutions,” yet disclaimed coverage. That old standby — Comprehensive General Liability (better known as "CGL") policies — may well provide you with the coverage you need to defend litigation arising from a data breach.