Protective safeguard endorsements are typically found on property insurance policies and will require the insured to properly maintain protective safeguards such as fire alarms, sprinklers, burglar alarms and the like, to ensure they are in working order. A lack of maintenance or oversight could lead to the loss of coverage should an event occur that could have been prevented, or its impact minimized, by the protective safeguard. Thus, if sprinklers were not maintained and failed to work when a fire occurs, a carrier may be able to deny coverage as a result.
While reviewing a sample cyber policy form yesterday, I came across a “protective safeguards exclusion,” which excluded coverage for a cyber incident that could have reasonably been avoided had the insured not failed to maintain specified cyber security safeguards or remediate known cyber vulnerabilities that the insurer specifically communicated to the insured prior to the effective date of the policy. This is the first protective safeguard clause I have seen on cyber policy forms that I can recall and it may be specific to this particular carrier, but certainly something to be aware of and to be on the lookout for on cyber policy forms going forward.