Zurich reaches settlement with Sony over PlayStation hack

The coverage dispute over the 2011 hacking of Sony’s PlayStation Network has been settled.

According to Thursday reports, Sony Corp. and Zurich America Insurance agreed to settle for an undisclosed amount about two weeks ago. Paperwork in connection with the settlement was submitted this week.

The dispute has been closely watched by the insurance community, particularly after a 2014 ruling from a New York Supreme Court judge that cleared Zurich America of the obligation to cover Sony for litigation in connection with the hacking.

Both Zurich America and Zurich Insurance Co. filed suit against Sony in 2011, saying terms of the commercial general liability and excess insurance policies issued to Sony did not extend to “defend[ing] and potentially indemnify[ing] Sony from class action lawsuits, possible government investigations and other miscellaneous claims.”

Although the terms of the settlement were not disclosed, the lengthy and expensive court case should go a long way to dispel the myth that cyber risk is covered under a commercial general liability policy – a believe some 39% of private companies believe, according to a Marsh survey.

Christine Marciano, president of Cyber Data-Risk Managers in New York, attributes this low coverage rate to overlap between cyber liability policies and CGL, professional, property and media liability insurance. For example, advertising injury liability covered under cyber liability policies is also present under the CGL.

That leads misconceptions that CGL, professional and media liability already cover cyber attacks, Marciano said.

“This is certainly not the case, as a CGL policy has many gaps as it relates to cyber risk and was not written to cover cyber events,” Marciano told Insurance Business in an earlier interview.

The 2011 hacking was the result of an “external intrusion” on Sony’s PlayStation Network on Qriocity services, and compromised the personal information of 77 million accounts. At the time, it was one of the largest data security breaches in history, and the fallout cost PlayStation $178 million in lost profits.