The recent National Institute of Standards and Technology (NIST) publication of cybersecurity guidance for the Internet of Things (IoT) is a useful reminder that hacking incidents can result not only in privacy breaches, but also in bodily injury or property damage — via critical infrastructure, medical devices and hospital equipment, networked home appliances, or even children’s toys. In addition to enhanced system security engineering and preventive education efforts, insurance is an increasingly essential component in any enterprise risk management approach to cyber vulnerabilities. But purchasers of cyber insurance are finding that nearly all of the available cyber insurance products expressly exclude coverage for physical bodily injury and property damage.

These exclusions are no doubt assumed to “dovetail” with (i.e., to avoid duplicating) the bodily injury and property damage coverage traditionally afforded by general liability and first-party property insurance policies. But it is not always clear whether those more conventional policies cover bodily injury or property damage arising from a cyber-related peril (so-called “cyber-physical” risks). Unless an insurance program specifically addresses these risks, the determination of coverage for physical harm from a cyber-attack may depend on a close reading of policy language and a fact-intensive analysis of how the harm arose.

Policyholders would be well advised to understand the potential cyber-physical risks they face; to analyze all their current lines of coverage to determine whether and how each would respond to those risks; to seek clarifications in their current insurance wordings; to explore new “difference in conditions” insurance products designed to plug any gaps in coverage for such risks; and, ultimately, to expect disputes with their insurers if these novel cyber-physical harms should materialize.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of John Buchanan John Buchanan

John Buchanan, senior counsel in Covington’s Washington office and the firm’s first Insurance Practice Group Coordinator, has represented policyholders in insurance coverage advocacy, dispute resolution and counseling for nearly four decades. His practice has ranged from the early DES and asbestos coverage litigation…

John Buchanan, senior counsel in Covington’s Washington office and the firm’s first Insurance Practice Group Coordinator, has represented policyholders in insurance coverage advocacy, dispute resolution and counseling for nearly four decades. His practice has ranged from the early DES and asbestos coverage litigation to claims for some of the largest cyber losses in history. John has litigated, arbitrated or negotiated a wide variety of complex property and casualty insurance claims, from railroad derailment claims to satellite-in-orbit claims, and from silver-theft claims to cyber claims. The National Law Journal named him an Insurance Trailblazer in 2021, and Best Lawyers has twice named him Washington Insurance Lawyer of the Year. Chambers USA has also consistently recognized him in its national rankings for insurance coverage lawyers (currently as Senior Statesman, previously in Band 1), as have Best of the Best USA, Who’s Who Legal and other peer reviewed lawyer registries.

John became involved with emerging cyber-related coverage issues in the mid-1990s and co-authored one of the earliest treatise chapters on cyber insurance coverage in 2001. Starting with the network intrusion and payment card thefts discovered by TJX in 2006, he has represented policyholders pursuing claims for losses arising from data breaches reported to involve tens of millions of compromised records. John also regularly advises businesses in the management of their cyber and cyber-physical risks, such as those arising from products or services involving the Internet of Things (IoT)-, Artificial Intelligence (AI), Connected and Autonomous Vehicles (CAVs), and the Metaverse or “Web3.”
John speaks and writes frequently on novel or emerging risks, including in recent years the insurance issues arising from the Metaverse, the COVID-19 pandemic, AI and robotics, “InsurTech,” CAVs, the IoT, blockchain, drones, and social engineering fraud. He has taught a graduate-level course on Insurance Litigation at U.Conn. Law School’s Insurance Law Center, and he co-chaired the American College of Coverage Counsel/U.Conn. Virtual Mini-Symposium on pandemic liability coverage in late 2020.

Among other bar activities, John has served as an appointed Adviser to the American Law Institute’s Restatement of the Law of Liability Insurance, as well as on the Members’ Consultative Groups for the ALI’s Compliance, Enforcement, and Risk Management Principles project and the Restatement (Third) of Torts. He currently co-chairs the Cyber Subcommittee of the ABA Litigation Section’s Insurance Coverage Litigation Committee (ICLC), as well as the Cyber, Computer & Emerging Risks Committee of the American College of Coverage Counsel, of which he is an elected Fellow. He has also served on the ABA Dispute Resolution Section’s Task Force on Improving Mediation Quality; as an elected member of the Steering Committee of the Law Practice Management Section of the DC Bar; on the ABA Task Force for a Manual on Complex Insurance Coverage Litigation; on the Nomination Committee of the ACCC; and in various leadership roles for the ICLC, including as past Website Co-Editor-in-Chief and Co-chair of its annual meeting.

John is a graduate of Harvard Law School, Oxford University, and Princeton University. After clerking on the U.S. Court of Appeals for the Third Circuit, he has spent his entire legal career at Covington.

Photo of Dustin Cho Dustin Cho

Dustin Cho is a commercial litigator who focuses on representing corporate policyholders in coverage disputes with their insurers. He is a partner in Covington’s top-ranked Insurance Practice Group, which Chambers USA describes as “the pinnacle of policyholder representation across the USA.”

Dustin has…

Dustin Cho is a commercial litigator who focuses on representing corporate policyholders in coverage disputes with their insurers. He is a partner in Covington’s top-ranked Insurance Practice Group, which Chambers USA describes as “the pinnacle of policyholder representation across the USA.”

Dustin has helped his clients obtain hundreds of millions of dollars in insurance recoveries for a wide range of liabilities, including shareholder claims, mass torts, government investigations, professional liability, environmental remediation, employment claims, product liability, and antitrust claims. He also assists his clients in obtaining coverage for lost earnings, expenses, property damage, and other losses, including under cyber, property, event cancellation, and other insurance policies.

Dustin is an experienced trial and appellate advocate, and has also helped his clients avoid litigation and successfully resolve coverage disputes through settlement negotiations and ADR. He has represented leading industry trade associations and other policyholder coalitions in appeals regarding important insurance issues.

Dustin has been recognized by Law360 as one of the top insurance lawyers under 40 nationwide, and by Business Insurance for his “expertise,” “excellence in providing service,” and “effectiveness in leadership.”