An insurance carrier has declined to defend a claim asserted against its insured, arguably without meeting its obligation to investigate the claim. For whatever reason— a change in personnel, loss of a file, or some other motivation—the carrier has done little, if anything, to investigate the claim tendered to it: no Google search, no phone calls, and very little factual investigation other than the information tendered by the insured. The carrier has, however, relied on the plain language of the policy, and the few facts of which it was aware supported its denial.

But when a court later finds that the carrier’s coverage position was wrong— the facts in existence created a potential for coverage and hence triggered the carri­er’s duty to defend—the insured may argue that its carrier’s failure to investigate sup­ports a finding that it breached the implied warranty of good faith and fair dealing; that is, the insurer acted in bad faith. Continue Reading The Ramifications of a Less-Than-Thorough Investigation

cyber attack magnifying glassWhile I wrote this article for a wine industry audience, the information in it is relevant to every company that is in any way connected to the internet. You should consider whether your insurance coverage adequately addresses your actual cyber risks today.

Cyber insurance can cover some of the more well-known risks, such as the costs to investigate and respond to the loss or theft of personally identifiable information. But cyber insurance won’t cover everything. It often will not cover bodily injury and property damage due to a cyber attack, which now is a real risk for certain companies whose critical infrastructure or products are internet-connected. Cyber insurance can provide business interruption coverage due to a cyber attack, but this coverage is often quite limited, though broader and better coverage is now starting to emerge in the market.

As a result, my article suggests that companies take a close look at what their real cyber risks are and then holistically review their insurance programs (not just the cyber policy, but also “traditional” policies such as property insurance) to ensure they are adequately protected.

Read the full article on fbm.com: Winery, Vineyard Cyber Attack Risk Grows With Web-Connected Systems

Blog-Image---Are-You-CoveredA recent case in the Northern District of California offers two cautionary tales to policyholders. First, when buying insurance, companies should understand their risks and ensure that the policies they’re buying match those risks as closely as possible. Second, when a claim arises, policyholders must carefully consider all the allegations, not just the formal causes of action, in the complaint to determine whether they might trigger an insurer’s defense obligation. Continue Reading CGL Coverage for False Advertising and Intellectual Property Claims: Sometimes It’s There, but You Need to Know Where to Look for it

Blog-Image---DataSecurity

Policyholders should always consider the potential for coverage under their CGL policies if they suffer a data security breach. However, as the cases described in my article for Corporate Counsel, coverage is highly fact-dependent and subject to interpretation by the courts even in the absence of a data-related exclusion. The addition of such an exclusion narrows the policyholder’s options.

As a result, policyholders should carefully consider their insurance programs and the unique risks that their businesses face in light of their own computer systems, third-party computer systems on which they rely and the data they collect and/or hold. They should consider whether technology errors and omissions liability or cyberinsurance would more effectively address their risks. With the help of their insurance brokers and counsel, companies can negotiate and tailor those policies to their risks and exposures relating to computer systems, personally identifiable information and confidential third-party business information. Some businesses may choose to rely exclusively on their CGL policies for protection against data breach lawsuits. But that decision should be made deliberately after understanding all the risks and options.

Read the full article: Data Security Breach Liability: Is Your Business Covered?

shutterstock_226730068_Insurance ChecklistErica Villanueva and Tyler Gerking will be presenting to the Association of Corporate Counsel (ACC) on September 14 (in San Francisco) and 15 (in Palo Alto) about private company D&O liability insurance, also known as management liability insurance. Below is a description of the program, which will touch on hot issues that many companies are dealing with right now. Use the links to view the event details and register online.

Private D&O Insurance:  Things You Should Know

September 14 – San Francisco

September 15 – Palo Alto

Companies are staying private longer and purchasing private company directors’ and officers’ liability (D&O) insurance, sometimes known as “Management Liability” insurance. When it comes to D&O coverage, most private companies focus on two things: obtaining it, and keeping the premium low. When a company faces a claim, however, it discovers there is much more complexity to private D&O insurance, and often broader coverage than a public company D&O policy. Accessing and maximizing the available coverage may require a concerted, strategic effort on the part of  the company,  its insurance broker, and  insurance coverage counsel. This program will cover:

  • Key features of management liability policies
  • Common exclusions and limitations
  • The practical impact of certain clauses – and widely-available coverage enhancements that can mitigate these impacts
  • Implications of common pitfalls and mistakes in reporting and managing claims’”

Law firms are important gatekeepers between cybercriminals and clients’ sensitive data. The release of the Panama Papers and several other recent high-profile breaches have brought to light vulnerabilities in law firm cyber security.

I recently participated in a podcast with journalist Ben Hammersley and eSentire’s VP and industry security strategist Mark Sangster. Our discussion focused on cyber risks that law firms face and risk mitigation strategies to protect themselves and the data they hold, including cyber insurance.

Listen to the podcast here

On July 21, U.S. District Court Judge Claudia Wilken handed insureds a significant victory in a coverage case for Seagate, a computer hard drive manufacturer.  Download 2010-07-21 Order re defts MTC and plffs MSJ (2) Farella represents Seagate in that action.  Judge Wilken granted Seagate partial summary judgment on its claim that the Insurance Company of the State of Pennsylvania ("ISOP") breached its duty to defend by delaying in paying and failing to pay defense costs after it had agreed to defend three sets of underlying actions.  Judge Wilken also denied a motion filed by ISOP and National Union Fire Insurance Company of Pittsburgh, PA ("National Union") seeking to compel arbitration under California Civil Code section 2860.  Section 2860 allows insurers to limit fees paid to independent counsel to the attorneys fee rate charged by panel defense counsel in the defense of similar matters.  Judge Wilken found that ISOP's breach of its duty to defend and undisputed evidence showing that National Union also had failed to sufficiently fund Seagate's defense precluded the insurers from taking advantage of section 2860.

This ruling is significant because it gives insureds more ammunition in arguing that an insurer's short and/or slow payment of defense costs, which can often arise over disputes about billing rates or allocation of fees between covered and non-covered claims, constitutes a breach of the duty to defend.  We have argued this position on many occasions, but the directness with which Judge Wilken addressed and resolved this issue will be helpful in future disputes over insurers' non-payment or delayed payment of defense costs.