Our lives and the products and devices we use become more dependent on data by the day. As a result, cyberattacks and data breaches present everchanging risks to companies and individuals, and the importance of applicable insurance never has been more important. While companies historically sought coverage for losses under traditional CGL, D&O, E&O, commercial crime, and business interruption policies, their mixed results––coupled with new exclusions singling out electronic data––have led to increasing need for cyber-specific coverages. However, as evidenced by Minnesota District Court’s recent decision in Target Corporation v. ACE American Insurance Company, 2022 WL 848095 (D. Minn. Mar. 22, 2022), CGL policies still may be in play where damages result from the inability to use tangible property. Continue Reading Continuing Use of CGL Policies to Cover Data Breach Losses
Are Communications With Your Insurance Broker Privileged Under New York Law?
Discussions with an insured’s insurance broker are often an important part of the negotiation process for insurance claims. Brokers can provide valuable insights on the drafting and underwriting of the insurance policy as well as the attitudes of insurers on particular issues. But are communications between a client, coverage counsel, and the client’s insurance broker privileged? A previous post addressed California decisions finding that disclosure of privileged information to an insurance broker did not waive privilege because those disclosures were reasonably necessary to provide information to the insurers. In New York, whether such disclosure constitutes a waiver is a fact-specific inquiry. Continue Reading Are Communications With Your Insurance Broker Privileged Under New York Law?
Illinois Courts Largely Favor Coverage for BIPA Cases Under CGL Policies
Since Illinois passed its Biometric Information Privacy Act (BIPA) in 2008, there has been a proliferation of class action lawsuits filed pursuant to the statute. BIPA generally bars private entities from collecting, capturing, purchasing, receiving, or otherwise obtaining a person’s biometric information without obtaining that person’s advance, informed consent (see 740 ILCS 14/15(b)), and grants a private right of action to individuals who are “aggrieved” by a violation of the statute, entitling them to recover liquidated or actual damages as well as attorneys’ fees and costs (see 740 ILCS 14/20).
The Illinois courts are sorting out the question of the availability of insurance coverage for such BIPA suits under Commercial General Liability (CGL) policies. Of course, the standard CGL definition of covered “personal and advertising injury” includes “oral or written publication of material that violates a person’s right of privacy.” In May of 2021, an Illinois Supreme Court case, West Bend Mutual Insurance Co. v. Krishna Schaumburg Tan, Inc., 183 N.E.3d 47 (2021), addressed the threshold question of whether BIPA claims fall within this basic definition. The court agreed that the gravamen of such claims is invasion of privacy, and that the purpose of the statute is to prevent such invasions. Krishna also rejected the insurer’s argument that the policyholder’s alleged conduct did not constitute an “oral or written publication” because biometric data was merely collected and given to a single third party (a service provider for the policyholder). The court ruled that even providing the information to one other party is a “publication”; the dissemination need not be widespread. Continue Reading Illinois Courts Largely Favor Coverage for BIPA Cases Under CGL Policies
The War Exclusion in a Time of War
The “war” exclusion has gotten more attention over the past couple of weeks in light of Russia’s invasion of Ukraine. For good reason. This exclusion, common in property and liability policies alike, typically eliminates coverage for losses caused by “hostile or warlike action” from a nation-state or its agencies, or by military forces. Insurers have recently invoked this exclusion in an attempt to avoid providing coverage for losses arising from Russia’s 2017 “NotPetya” cyberattack against Ukraine, which spread beyond Ukraine’s borders and caused widespread damage to computer systems, including hardware, at a number of companies around the world.
A New Jersey court recently rejected an insurer’s reliance on a “war” exclusion in a property insurance policy, under which the insured had sought coverage for losses caused by the NotPetya cyberattack. See Merck Co. Inc. et al. v. ACE American Insurance Co. et al., Case number UNN L 002682-18, in the Union County Superior Court of New Jersey. Continue Reading The War Exclusion in a Time of War
Crime Insurance for Social Engineering Thefts: The Ninth Circuit Finally Joins the Party
Corporate policyholders often assume their computer fraud crime insurance will cover so-called social engineering thefts. Reasonably so. Fraudsters commit these crimes by using computers to trick innocent employees into transferring corporate funds to what they believe are legitimate bank accounts, only to discover later that the accounts are controlled by criminals who have stolen the money. Although most people would consider this to be computer fraud, crime insurers have resisted covering such thefts. And some courts have sided with the insurers. Until recently, insurers could point to the Ninth Circuit Court of Appeals as being one of those courts. On January 26, the Ninth Circuit finally set the record straight in Ernst and Haas Management Company, Inc. v. Hiscox, Inc., 23 F.4th 1195 (9th Cir. 2022), by repudiating a prior unpublished ruling and finding coverage for a social engineering theft under California law. This ruling gives policyholders a boost in their crime coverage claims for social engineering theft losses and removes a cudgel from the insurers’ hands. Continue Reading Crime Insurance for Social Engineering Thefts: The Ninth Circuit Finally Joins the Party
In Verizon Decision Careful Review of Insurance Policies Expands Coverage
In Verizon Communications Inc. v. National Union Fire Insurance Co. of Pittsburgh, Pa.[1] the Delaware Superior Court ruled that Verizon was entitled to a defense under its D&O policy for fraudulent transfer claims. Although the decision relies on unique facts and specific policy language, it provides guidance on how to exploit minor but critical differences in policy language to expand the company’s coverage beyond claims involving securities fraud.
The opinion also rejected the insurers’ efforts to limit coverage under a separate policy, based on their contention that the subsidiary out of which the liabilities arose was not a subsidiary when the policy was purchased. And finally, it handed policyholders a practical and valuable gift of universal application, holding that an insurer who wrongfully refuses to defend a claim cannot contest the reasonableness of the fees incurred by the policyholder to defend the case.
Whether or not it is successfully challenged on appeal, the Verizon decision is an important reminder not to make assumptions as to what is or isn’t covered under any type of insurance policy. Coverage depends on the particular language of the policy under review and the particular facts for which claims are sought. Continue Reading In Verizon Decision Careful Review of Insurance Policies Expands Coverage
“Unfair Trade Practices” Exclusion Does Not Extend to Consumer Protection Claims
Two phrases combined in a single exclusion—“alleging, arising out of, based upon or attributable to any violation of any law…” and “as respects… unfair trade practices” could inspire carriers to make trouble for policyholders seeking coverage for consumer protection claims. Fortunately, a recent federal decision recognizes that California rules of policy construction limit the scope of this exclusion, in line with a policyholder’s reasonable expectations of coverage. Continue Reading “Unfair Trade Practices” Exclusion Does Not Extend to Consumer Protection Claims
Maximizing Business Insurance Coverage Benefits After a Fire
Unfortunately, we again write while wildfire is devouring homes and businesses in Napa and Sonoma, and threatening many more. We’ve previously posted tips about first steps that you should take in the event your business has suffered a fire loss. We want to provide this refresher, as prompt action is important to preserve your business’ rights under its insurance policies and to maximize its ultimate insurance recovery. If your business has sustained a fire loss, below are steps for you to take in working with your insurers to ensure that you receive the maximum benefits under any applicable insurance policies. Continue Reading Maximizing Business Insurance Coverage Benefits After a Fire
COVID-19 Exposure and GL Coverage: Issues for Personal Injury Claims
Though much of the conversation regarding insurance coverage for COVID-19-related losses has focused on the potential for business interruption-type coverage (see prior discussion here), insureds should not overlook the potential that COVID risks trigger other types of coverage. For example, as previously discussed here, some insureds may seek coverage under D&O policies should they face securities and derivative-type claims.
In addition to the forms of coverage we’ve previously blogged about, businesses who have continued operations during the pandemic as well as those considering whether, when, and how to reopen their businesses in the coming weeks and months should consider whether they will be able to access coverage under their GL policies for some COVID-related claims. For example, companies that continue or restart operations in some form during the pandemic may anticipate claims from individuals who allegedly contracted the virus while interacting with that company’s employees or independent contractors. While those claims will likely face significant causation issues (will plaintiffs be able to substantiate transmission from a particular source though some combination of location tracking data and genetic testing of the virus?), these kinds of claims can be costly to defend and may create significant risks for certain businesses. Continue Reading COVID-19 Exposure and GL Coverage: Issues for Personal Injury Claims
Directors & Officers Liability Issues and the Coronavirus: Is That a “Thing”?
Over the last few weeks we have seen a number of informative articles discussing the crucial issue of coverage for business interruption claims arising out of government shutdowns of businesses to inhibit the spread of COVID-19, here. As the economic disruption from these efforts continues, however, we are likely to see impacts in the Directors & Officers Liability market – not only from claims that trigger D&O policies, but also additional challenges in placements and renewals of D&O programs. Continue Reading Directors & Officers Liability Issues and the Coronavirus: Is That a “Thing”?