Precise policy language needed to cover affiliated businessesPosted On: Oct. 25, 2015 12:00 AM CST
CHICAGO — Companies should have specific wording in their insurance policies to cover additional insureds and affiliated business units to ensure that coverage will be available for those entities when claims arise.
Companies tend to include broad, “any and all” indemnity provisions in their insurance policies in hopes of covering subcontractors, business holdings and any other entities that could be involved in liability litigation, said Paul Walker-Bright, a partner a law firm Reed Smith L.L.P. in Chicago.
However, he said language that is not specific makes it more likely that insurers could argue and courts could rule that affiliated businesses and contractors are not covered, leaving those units vulnerable to liability exposures, he said.
“The broader and vaguer they are, the less (courts) like them,” Mr. Walker-Bright said. Such provisions are more likely “to be construed narrowly.”
In addition to specifically naming covered business entities, indemnity clauses in insurance policies should explicitly state details such as whether indemnity for third parties extends beyond the policy's expiration date, he said.
Such details can ensure that insurance coverage is available when the insured parties expect it, he said when discussing risk transfer best practices during the Sept. 28-29 Chicagoland Risk Forum, hosted by the Chicago chapter of the Risk & Insurance Management Society Inc.
“Given the variety of additional insured endorsements that are available, it may not be sufficient to ask for additional insured coverage,” he said. “You may not have the coverage you think you have and, on the other side, you may not be providing the coverage that you thought you provided.”
Also during the conference, legal experts said employers should shop for cyber liability insurance that best fits their business since the line is evolving rapidly, and cyber coverage varies widely among insurers.
“I think everyone is struggling right now, whether you're a seller or a buyer of insurance, with the concept of cyber coverage — whether you need it, how much you need, what supplements you should buy (and) what retentions you should purchase,” said John Hackett, a co-managing partner at Cassiday Schade L.L.P. in Chicago.
He noted that cyber liability policy forms differ from insurer to insurer, including the wording of coverage and exclusions.
“My first advice for everybody who's a buyer is you have to shop around,” Mr. Hackett said. “A buyer of insurance has to compare forms carefully, as well as limits and sublimits to meet your anticipated needs.”
James Foster, a Chicago-based partner at Cassiday Schade, said recent high-profile data breaches at Target Corp. and extramarital-affair website Ashley Madison are beginning to shape cyber case law.
He said judges nationwide are allowing cyber attack victims to sue companies that were hacked if victims can show three things — that the data breach was caused by intentional hacking, that the victims' information was disclosed or distributed to outside parties, and that they suffered damages from the disclosure of private information.
“If you do not have those three, the court may not let the plaintiff sue,” Mr. Foster said.
When it comes to quantifying risk Christopher Bohn, a director and actuary at Aon Risk Solutions in Chicago, said companies can use nontraditional sources — such as YouTube — to collect data on how various risks might play out for their companies.
For instance, he said companies can use Google to search how cyber breaches have affected similar firms and devise a plan to deal with similar risks.
While firms may not have enough claims data to build a predictive model for various risks, they often can find information to help them prepare for worst-0case scenarios, Mr. Bohn said.
“You just have to hunt around a little bit more to try and find it,” he said.