If you have anything to do with cybersecurity, privacy, or insurance, you undoubtedly have heard that the U.S. Court of Appeals for the Fourth Circuit ruled in April that a Commercial General Liability (CGL) insurance policy provides coverage for a data breach, in the case Travelers Indemnity v. Portal Healthcare Solutions. In the last few years, insurance companies have been marketing cyber insurance policies as the product designed for cybersecurity and privacy risks. So how could it be that a CGL insurance policy – which insurance company lawyers proclaim were not “meant” to cover data breaches – provides coverage for data breaches? We discuss the well-reasoned Portal Healthcare decision, which bolsters policyholders’ rights to collect under CGL policies, below. The first question when reviewing a CGL policy to determine if it provides coverage for cybersecurity breaches is was there bodily injury, property damage, or personal and advertising injury? Most standard form CGL policies contain “personal and advertising injury” that pay and defend against damages because of publication of material that violates a person's right to privacy. In the context of cybersecurity and data privacy incidents, courts have considered whether there was “publication” within the meaning of the insurance policy language. Read the full article here, which was published on Advisen Cyber Front News.