It’s official—cybersecurity is now a top-ranked risk at the board level, according to the “Lloyds Risk Index 2013.” This should make digital risk a focus of senior corporate management.
Those managing corporate risk should leverage the emerging cyber insurance market, which is rapidly growing and evolving. But they should do so methodically, after gaining an understanding of the company’s security controls and individual risk profile. In the rush to buy cyber insurance, companies may too often fail to appreciate the strengths and weaknesses in their security controls, their risks and exposures, and the coverage they need.
While a variety of potential approaches exist for assessing cybersecurity requirements, this article discusses one method to help you understand your company’s risks and exposures, and how that knowledge can be used to choose the security and risk transfer strategy that most appropriately fits your needs. Click here to read the full article on the Corporate Counsel website.
By Tyler Gerking, insurance coverage partner in Farella Braun + Martel’s San Francisco office, and Mark Massey, principal in Deloitte Financial Advisory Service’s San Jose office.
By Dennis Cusack and Erica Villanueva
Maintaining appropriate insurance is critical for the entire aviation industry. Many US-based airlines, aircraft owners/financiers, and aircraft lease servicers devote significant resources at the front end setting up their insurance programs, maintaining schedules of insured assets, and making annual trips to London for meetings with the major players in the Lloyd’s aviation market. But it is equally important that companies plan for the possibility of major claims under their policies. Companies do not always anticipate some of the unique challenges that US-based insureds face when making a claim under their aviation policies.
by David Smith
I recently came upon an interesting case from the United States Court of Appeals for the First Circuit that examined the complex and confusing Commercial General Liability (CGL) “business risk” exclusions. Oxford Aviation, Inc. et al. v. Global Aerospace, Inc., 680 F.3d 85 (1st Cir. 2012) These exclusions were written to restrict coverage for claims relating to the repair or replacement of the insured’s faulty work or products, or defects in the insured’s work or products. They are frequently misread or misunderstood, particularly by claims adjusters who tend to see them as absolute bars to coverage for claims involving any damage to an insured’s work.
An aircraft owner (Airlarr) sued an aircraft repairer, Oxford Aviation, Inc., alleging negligent and faulty performance. Airlarr claimed that Oxford’s work on one of its planes left it with uncomfortable seats, leaking fuel injectors and a cracked turbocharger and a window that cracked when the plane was being flown back to Airlarr’s base from Oxford’s premises.
Oxford’s insurer, Global Aerospace, denied Oxford’s claim for a defense to the lawsuit based on the business risks exclusions. Oxford sued Global Aerospace for declaratory relief. Both parties filed for summary judgment on the duty to defend issue. The trial court granted Global Aerospace’s motion, holding that the claims fell within the exclusions. Oxford appealed.
Over the past few days, there has been much hand-wringing over the Second Circuit’s decision in Mehdi Ali v. Federal Insurance Co., __ F.2d __ (2d Cir. 2013) in which the court declined to extend the holding of Zeig v. Massachusetts Bonding & Insurance Co. , 23 F.2d 665 (2d Cir. 1928), to the specific facts of the case before it. Commentators are chalking it up as a major victory for insurers, claiming that policyholders have now lost a key precedent, one which had previously allowed them to argue that an excess insurer can be required “drop down” to cover losses below its attachment point.
Not so fast.
As an initial matter, the Zeig case does not stand for the proposition described above. The Zeig case held that an excess insurer could be required to pay losses above its attachment point, if the insured had actually sustained those losses. In Zeig, an insured suffered a property loss which exceeded the limits of his primary policy, but settled with that insurer for less than the full primary policy limits. The Second Circuit reasoned that, because the insured could demonstrate that it had actually suffered property losses in excess of the primary limits, the excess insurer could be required to pay that portion of the loss which exceeded its attachment point.
by John Green
A new case from Oregon deals with a recurring problem in construction defect litigation—the absence of clear dates in the complaint regarding when damage is alleged to have occurred. Frequently, a plaintiff will allege that defects in a construction project have caused property damage to other elements of the project, but the complaint is often silent as to when the damage allegedly began. We have long argued that, since the duty to defend exists if there is any “potential” of covered liability, there is a potential that damage happened before that project was completed, or at any time after completion, triggering all policies in that time frame. This implicates the policies in effect both during the course of operations and after operations are completed. This point is particularly important if some or all of the policies exclude liability falling within the completed operations hazard. This was the situation in Breese Homes, Inc. v. Farmers Insurance Exchange, 353 Or. 112 (2012). There, the court rejected Farmers argument that a claim was excluded by a “products/completed operations hazard” exclusion unless the insured could produce facts showing that damage in fact occurred prior to the completion of the project. The Oregon Supreme Court ruled that the duty to defend was governed by the complaint, which clearly encompassed the possibility that damage occurred prior to completion, and that the insured had no burden to establish any additional facts to support that potential.
While Breese involves a simple and straightforward application of established duty to defend law, the case provides helpful authority in countering the specious positions taken by many carriers on this issue.
California Supreme Court to Decide Scope of Implied Disparagement; Implications for Coverage in IP and False Advertising Cases
The California Supreme Court has granted review of the Court of Appeal’s decision in Hartford Casualty Insurance Company v. Swift Distribution, Inc., 210 Cal. App. 4th 915 (2d Dist. Ct. App. Oct. 29, 2012), review granted 152 Cal. Rptr. 3d 420 (Feb. 13, 2013). Swift will resolve a hot debate about the scope of implied disparagement liability under California law. The result likely will determine whether insurers must defend a variety of lawsuits involving allegations of intellectual property infringement, unfair competition and false advertising.
The Court of Appeal in Swift held that an insurer did not have a duty to defend its insured against allegations that it had infringed a competitor’s trademark and patents by producing and selling a similar looking music equipment cart with a very similar name (“Multi-Cart” vs. “Ulti-Cart”). 210 Cal. App. 4th at 923-929. The appeals court rejected the insured’s argument that the allegations triggered a duty to defend under its general liability policy’s “personal and advertising injury” coverage for liability arising from “disparage[ment] [of] a person’s or organization’s goods, products or services . . . .” Id. The court found no potential for liability based on disparagement, either express or implied, reasoning that the insured was not alleged to have identified the competitor or its product, or to have suggested that the insured’s product was superior to that of the competitor. Id.
Policyholders should continue to assert that limits can be stacked in situations where there is continuing damage, despite the California Court of Appeals’ latest decision in Kaiser Cement & Gypsum Corp. v. Insurance Company of the State of Pennsylvania, 2013 Cal. App. LEXIS 29 (2nd Dist. April 8, 2013). In its most recent encounter with asbestos bodily injury claims, and following its earlier decision in London Market Insurers v. Superior Court, 146 Cal. App. 648 (2007), the Court of Appeals in Kaiser Cement considered whether horizontal or vertical exhaustion of insurance coverage is required when determining how to allocate for continuing damage cases. Unfortunately, the opinion makes little practical sense, and is unlikely the last word on this subject.
From 1944 to the 1970s, Kaiser Cement (“Kaiser”) manufactured products containing asbestos. By 2004, more than 24,000 claimants had filed products liability suits against Kaiser alleging that they had suffered bodily injury, including asbestosis and various cancers, as a result of their exposure to Kaiser's asbestos products. Four insurers, including Truck Insurance (“Truck”), provided primary insurance to Kaiser from 1947 to 1987.
Farella Partners Mary McCutcheon and Erica Villanueva will be joined by Sachin Adarkar, General Counsel Prosper Market Place to discuss, “General Counsel As Risk Manager: For This I Went to Law School?” at the 2nd Annual Institute for Advanced Corporate Counsel (IACC 2.0).
Many insurers are now offering “cyber liability” or “cyber risk” policies designed to protect policyholders against electronic injuries that policyholders may either suffer themselves or cause to others. Most of these policies focus on protecting policyholders in the event of a data breach. According to a recent report, the finance and insurance industries experienced the largest percentage of data breaches followed closely by information technology, retail trade, manufacturing, public administration, transportation and warehousing as well as education, government, and healthcare. Virtually no company is immune from this type of risk.
It is worth looking at purchasing cyber liability coverage because insurers have argued that “traditional policies” do not protect against this type of harm. For example, insurers have argued that there is no advertising injury coverage where there is no “publication” of the data. Today, many policies also have language excluding from the definition of “property damage” loss of or damage to electronic information and/or data. Finally, policyholders should keep in mind that CGL policies do not cover the insured’s own first-party losses, while a cyber liability policy typically does provide this type of coverage.
by John Green
In a prior post, we explained how a general liability policy may cover antitrust, patent, trade secret and other business litigation claims, if there are allegations that insured made negative comments about the other party’s product or business conduct. Claims that the insured engaged in improper use of the litigation process may also lead to coverage in such cases.
The standard general liability policy covers “malicious prosecution.” The term “malicious prosecution” has been construed broadly to include other similar torts, including abuse of process. See, e.g., Lunsford v. Am. Guarantee & Liab. Ins. Co., 18 F.3d 653, 654-56 (9th Cir. 1994). Thus, coverage is not limited to claims involving the strict elements of malicious prosecution, such as “favorable termination.” This opens the door to coverage for counter-claims by a defendant that allege that plaintiff’s lawsuit is being brought for improper purposes.