Recent developments in two closely watched cases suggest that companies that experience data breaches may not be able to get insurance coverage under standard commercial general liability (CGL) policies. CGLs typically provide defense and indemnity coverage for the insured against third-party claims for personal injury, bodily injury or property damage. In the emerging area of insurance coverage for data breaches, court decisions about whether insureds can force their insurance companies to cover costs for data breaches under the broad language of CGLs have been mixed, and little appellate-level authority exists. On May 18, 2015, the Connecticut Supreme Court unanimously affirmed a state appellate court decision that an IBM contractor was not insured under its CGL for the $6 million in losses it suffered as the result of a data breach of personal identifying information (PII) for over 500,000 IBM employees. The contractor lost computer backup tapes containing...