As the fallout from the COVID-19 virus hits the bottom line, businesses will be looking to see what losses may be covered through their insurance policies. In this post, we answer the most common questions our insurance group receives about business insurance and the losses that are typically covered by each type of policy.  Insurance policies we cover are:

• Commercial General Liability (CGL)
• Business Interruption Insurance Coverage
• Supply Chain Insurance and Contingent Business Interruption Coverage
• Directors and Officers Liability (D&O)
• Errors and Omissions Liability (E&O)
• Cyber Liability and Insurance

 

What is covered under a Commercial General Liability (CGL) policy?

A CGL is a broad form policy that provides coverage to a business against claims made against it for bodily injury, personal injury or property damage caused by the business operations, products, or injuries that occur on the business premises.  There are two types of CGL policies.  The first is an occurrence-based policy which covers claims resulting from injury or damage that occurs during the policy term i.e. based on the timing of the event.  The second type of policy is a claims-made policy which only responds to claims made within the policy period. 

The CGL policy will respond when the bodily injury, personal injury or property damage, is caused by an “occurrence” as defined under the policy.  

Actions under a CGL that may trigger coverage include:

• Failing to adhere to health and prevention guidelines i.e. failing to limiting the number of people on the premises, failure to enforce the 6’ distance rule between people, failure to have a proper system in place to sanitize the premises and product, failure to provide employees with washing stations or hand sanitizer etc.  
• Requiring or allowing an employee who is known or suspected to be infected with Covid-19 to continue to work thereby permitting the virus to spread;
• Failing to follow an order by a civil authority to close.

The party advancing the claim for bodily injury would have to prove that injury or damage was caused by an “occurrence” as defined by the policy.  Most CGL policies define an “occurrence” to include an accident, including continuous or repeated exposure to substantially the same general harmful conditions.  Whether a business’s failure to prevent exposure to coronavirus falls within an “occurrence”, will likely turn on whether the business knew or ought to have known of the risk i.e. foresaw the party’s injury or potential injury. 

However, given the long incubation period of the coronavirus (5-14 days) it may be difficult for a claimant to establish that the act or negligence of the business caused the party to contract the infection.  

Many CGL policies contain exclusions related to fungi, bacteria and pollution for bodily injury or damages caused by the inhalation, ingestion, contact or exposure to biological matter, contaminant or irritants. The wording of the exclusions will have to be reviewed in detail to determine if they apply to a viral contamination.

In most cases a CGL will not cover losses from expected or intended acts. For example, if an employee of a grocery store knowing or suspecting that he has Covid-19 purposely coughs on the produce. There may not be coverage under the CGL. 

 

What is Business Interruption Insurance Coverage?

Broadly speaking, there are two types of policies that afford business insurance:

• A named peril policy covers loss or damage caused by specifically defined perils unless they are listed within exclusionary provisions; and
• A comprehensive policy covers loss or damage caused by most perils subject to any exclusions listed within the policy.  This is known as commercial general liability insurance.

Business Interruption insurance provides coverage when there is lost income or when there have been additional incurred expenses connected to direct physical loss of the property. Business interruption insurance is typically not a stand-alone policy, but rather is part of an overall comprehensive property insurance package.  Business Interruption is defined as an insured’s in ability to operate as it had intended owing to a defined peril within the coverage. 

What different kinds of Business Interruption Coverage are available?

1. Gross Earnings Coverage provides coverage for the business’ reduction in gross earnings until the insured property is replaced or repaired.
2. A Profits Form policy provides payment until the business returns to its normal, pre-interruption level. 
3. An Extra Expense policy is designed to keep a business running while they are recovering from damage i.e. it covers re-location expenses or the cost of outsourcing work. 
4. Rent or Rental Value coverage provides a business with lost rent money until the rental property is replaced or repaired.

What losses may be excluded under a policy as a result of COVID-19?

Following the SARS outbreak in 2002/2003 and Ebola outbreak in 2014/2015, the insurance industry revised their business interruption policies to exclude lost income/revenue due to communicable diseases, viruses, and bacteria. Unless the policy contains specific coverage for this type of peril, it is likely excluded.

Further, most Business Interruption claims are triggered by physical damage to the insureds place of business and/or equipment. The direct physical damage must be apparent and quantifiable.  Given the nature of the coronavirus, it may be difficult for a business to establish any direct physical damage caused by COVID-19 which resulted in a loss of revenue. However, if an outbreak forces the business to close so that the premises and equipment can be sanitized, it may be arguable that physical damage did occur which may trigger coverage under the policy.  

A business will have to carefully review the wording of its business policy to determine if there is coverage for business interruption as result of COVID-19. 

 

What is Supply Chain Insurance and Contingent Business Interruption Coverage? 

Supply chain coverage exists to protect from disruptions, not only to physical damage to the insured property, but also for disruptions caused by physical damage to their customer’s property and their supply chain’s property. Supply chain insurance coverage could be limited and defined as disruptions to certain product lines. Supply chain insurance coverage may not require that the loss or damage be physical in nature.

Contingent business interruption coverage provides protection from economic losses to the insured that are due to damage to property of an entity that the insured has an economic reliance on.  This coverage may be subject to geographic restrictions, such as limiting coverage to physical damage to customers or suppliers in a specific country. 

What Endorsements are available to protect a business in the circumstances of pandemic?

Business Interruption Coverage Extension – Civil Authority

A policy may afford coverage for losses and expenses accrued by way of a restriction on access to the insured business property at the direction of a civil authority.  Coverage may be provided when a nearby property has been damaged and access to the insured’s property is restricted.  Key to this coverage is that the government must issue an “order” that causes the loss. As such, government action, such as an advisory to stay indoors (i.e. following a riot or epidemic), may not trigger coverage under this extension.  If the loss stems from a government order, an insured peril, this may circumvent the requirement that COVID-19 be an insured peril in order to trigger coverage under the policy. This may be subject to provisions related to concurrent and conflicting policy provisions. 

Business Interruption Coverage Extension – Ingress and Egress

An Ingress and Egress policy covers losses sustained during the period of time when access to and from the business premises is denied i.e. road access to the business is blocked by a fallen tree. This extension form may also cover an employee, contractor, or supplier, who is unable to leave their location due to an outbreak or quarantine. 

Other Coverages

What is covered under a Directors and Officers Liability (D&O) policy?

A D&O policy provides coverage to directors and officers for claims or investigations related to actions they took or decisions they made on behalf of the company.  This could relate to a company’s failure to comply with regulations, failure to provide a safe and secure workplace, or to operational failures and mismanagement.  

Actions under a D&O that may trigger coverage include:

• Errors, misrepresentations, and breaches of duty that result in coronavirus-based financial losses i.e. failure to develop supply chain alternatives or failure to properly disclose the financial risks of coronavirus to the shareholders;
• Failing to adhere to health and prevention guidelines i.e. failing to limiting the number of people on the premises, failure to enforce the 6’ distance rule between people, failure to have a proper system in place to sanitize the premises and product, failure to provide employees with washing stations or hand sanitizer etc.;
• Failing to institute or follow corporate policies related to employment practices and Human Rights in response to coronavirus i.e. requiring an employee who is known or suspected to be infected with Covid-19 to continue to work which results in the closure of the business and financial losses;
• Failing to follow an order by a civil authority to close.

What is covered under an Errors and Omissions Liability (E&O) policy?

E&O policies provide coverage for financial loss for alleged negligent acts, errors and omissions arising out of the insured’s professional services.  Actions under this may related to care that patients are receiving by hospitals or medical providers.

 

Cyber Liability and Insurance

As a result of the spread of the coronavirus (COVID-19), there has been a dramatic effect on business activity with most employees now working from home, remotely, leaving companies’ computer systems susceptible to cyber-attacks and cyber losses as employees access secured company networks from home. 

What risks are associated with more employees working remotely?

The possibility of loss of corporate data and privacy breaches from the leaking of private information belonging to employees and customers is increased by employees using laptops and/or other company devices away from an office setting. In an office a company computer is protected by a company’s cyber security measures, including the use of firewalls, virus protection and login access controls. Further risk in working remotely is a an employee’s laptop can be lost or stolen and if an employee is using a laptop and/or device in a public space the employee will be relying on an unsecured Wi-Fi connection, which leaves one more susceptible to a cyber-attack. 

Why the increased risk of cyber-attack with the coronavirus?

Cyber-attacks are more likely to occur at this time as cyber criminals do target those using devices away from the protections afforded for cyber security in an office. Furthermore, cyber attackers see this as an opportunity to attack individuals who are more susceptible to open emails or provide information to hackers or cyber criminals that are seeking  COVID-19 information given the ongoing circumstances, which in turns allow these hackers and criminals to obtain personal information about the targeted users. For example, these attacks may occur by the use of phishing emails sent to the targeted users by unidentified or fraudulent health or medical organizations seeking information regarding COVID-19. 

What coverage is available to protect a company and its employees from a cyber-attack?

Cyber insurance generally covers your business liability for a data breach involving sensitive customer information.

Cyber insurance provides first party insurance, third party liability and expense recovery from a breach. 

First party insurance provides coverage for costs to respond and recover from an attack. First party coverage typically provides coverage for expenses incurred by a company as a direct result of the breach, including remediation, notification and crisis management expenses. In addition, first party coverage is also provided for resulting costs such as business interruption and loss of goodwill. 

Third party coverage covers costs associated with legal claims commenced against the company and to help protect other business impacted by the breach. 

What may be done to prevent a cyber-attack?

Employers must let employees be are aware of their responsibilities when working remotely to ensure a cyber-attack does not occur. Employees should be reminded to be attentive and to not respond to any phishing emails. They should be reminded to review the identity of the sender of the emails closely and not open any emails that may be disguised with an enticing link which, if clicked on, can download malware onto the employee’s laptop and the company’s system. Employees should also be reminded to ensure, while working remotely, that their laptops are up-to-date on their anti-virus protection, ensure that they are working on a secure, password protected internet connection, and avoid using public wi-fi connections.