My laptop was grabbed from a coffee shop table. It was encrypted… I think. But it contained the uncompiled source code for a client’s proprietary AI algorithm. They are terrified the thief will sell the code to a competitor or leak it. They are suing for “Intellectual Property Exposure” and demanding a forensic audit of my security practices.
Key Takeaways
- Encryption is the Safe Harbor: If the drive was encrypted (BitLocker/FileVault), this is often not considered a “Breach” under many laws. If it wasn’t… you are in deep trouble.
- “Care, Custody, and Control”: You held their property (IP). You lost it.
- IP Exclusion in GL: General Liability won’t cover this. You need E&O or Cyber.
- Notification Costs: If the code contained user data (hardcoded API keys or DB dumps), you have to pay to notify victims.
The “Why”: The Physical Asset vs. Data
The Trap: Your “Business Personal Property” insurance covers the $2,000 laptop.
It does not cover the $5M value of the code inside it.
You need “Third Party Cyber Liability” which covers the loss of client data in your custody.
The Investigation: I Quoted 3 Major Carriers
1. Boxx Insurance
- My Analysis: Great for remote workers. They cover the fallout of lost hardware, provided you had basic security (password/encryption) enabled.
2. Chubb
- My Analysis: Their policy is very specific about “Tangible Property” vs “Intangible Property.” The laptop is tangible; the code is intangible. Their Cyber policy covers the intangible loss.
3. State Farm
- My Analysis: Good for the laptop replacement, bad for the code liability. Don’t rely on a standard BOP here.
[IMAGE: Graphic showing “BitLocker Encrypted” screen vs “Unprotected” drive]
Comparison Table: Stolen Device Liability
| Carrier | Hardware Replacement | Client IP Liability | Condition | Best For… |
| Boxx | Yes | Yes (Cyber) | Encryption | Digital Nomads |
| Chubb | Yes | Yes (Cyber) | Encryption | Enterprise |
| State Farm | Yes | No | N/A | Local Biz |
Step-by-Step Action Plan
- Remote Wipe: Use Find My Mac / Windows Find My Device to nuke the laptop immediately.
- File Police Report: You need this for the insurance claim.
- Check Encryption Status: Did you have FileVault on? Be honest.
- Notify Carrier: Report “Potential Data Breach.”
FAQ
I had a password. Is that enough?
No. A thief can mount the drive and bypass a user password. Encryption is the standard.
What if the code is leaked?
Your E&O/Cyber pays the client’s damages (loss of competitive advantage).
Is source code “Personal Data”?
No, it’s “Trade Secrets.” Different laws, but still a liability.