Fluke DSW Win Shouldnt Erase Breach Insurance Needs

Retailer wins in its fight to claim $6.8 million breach costs on a traditional crime policy, but others might not be as lucky

A recent $6.8 million lawsuit win by DSW Shoe Warehouse against its insurance company for 2005 data breach losses claimed against its blanket crime policy may have some enterprise risk managers wondering about the necessity of a data-breach liability policy. But legal and insurance experts warn enterprises not to be so hasty in drawing conclusions from the case.
[Using SQL injection to attack PDFs. See
Serving Up Malicious PDFs Through SQL Injection
.]
They say the way insurance companies have changed language in general policies to exclude breaches over the last few years, combined with the individualistic nature of insurance coverage, will likely contribute to this case being more of a fluke than a precedence-setter.
I wouldnt bet on it happening again if it was my data, says Josh Glazov, principal in the litigation and dispute resolution practice group at Chicago law firm Much Shelist. If youre expecting your traditional insurance to cover the security of your data, youre exposing yourself to a dramatic risk.
Adjudicated in the 6th U.S. Circuit Court of Appeals, the case dealt with a breach that exposed 1.4 million credit cards DSW Shoe Warehouse was entrusted to protect. A three-judge panel upheld a previous ruling supporting DSW in its claim to make National Union, a division of Chartis, pay expenses related to the event. Glazov says that DSW likely won based on archaic language in the sections of the crime policy having to do with employee involvement in computer theft. Regardless, the whole case should be seen as the exception rather than the rule.
It may be a great case for you if youre in federal court, if youre in Ohio and i f you have a policy that was identical to DSW, he says. The odds of that? Theyre really, really slim.
According to Glazov, if they havent already closely scrutinized their general liability and crime policies with regard to breaches, they likely will in light of this judgment. But chances are that theyve probably closed all the loopholes already, says Albert E. Lietzau V, cyberliability insurance specialist for Cyber Risk Solutions.
Often, general liability policies will have a flat-out exclusion that says We will not cover any sort of cyber-liability information loss, he says. So if a customer or client wants to make sure theyre fully protected, they shouldnt rely on just a general liability or crime policy
He believes that companies whod take this ruling as a green-light to save on specific cyber risk and breach insurance would be pushing their luck, because even if their policies still offered some gray area around breach events, the likelihood is extremely high that the insurance company would fight the claim.
Courtroom duels are risky propositions. And with it being a near lock that the insurer would send the battle through the courts in the event that the insured try to make a breach claim on a general policy, that kind of defeats the purpose of insurance, says Christine Marciano, president of Cyber Data Risk Managers, an insurance agency specializing in cyber liability risk.
While in DSWs case they were able to get their claim paid, insurance claims cannot be left up to the courts if its the insureds true intention to have coverage for a cyber attack or a data breach, she says.
As more enterprises contemplate how to manage the risk of database and data security, particularly given the gap left by exclusions in their general liability policies, Glazov says they should at least consider shopping for data security insurance and compare the premiums and coverage against the substantial potential costs should the worst occur.
While breach coverage has occupied the wild west fringes of technology insurance in the past with regard to widely varying coverage limits and exclusions, Glazov believes that these cyber policies have matured considerably over the past few years. And he says that enterprises may stumble into upsides beyond monetary payouts when databases are breached. One example: the notification services insurers frequently offer as a value-add for these policies. Its akin to car insurers covering the cost of rental cars when their insureds wreck their cars, he says.
So youre not scrambling around finding the right service providers to help you send out those notices, he says. There is less crises management to be done and you can focus on your principal business.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Fluke DSW Win Shouldnt Erase Breach Insurance Needs