The recovery of attorneys’ fees is an important issue in almost every lawsuit, and especially for policyholders in litigation against their insurer. In almost every case, the policyholder and its insurer will dispute whether the policyholder’s attorneys’ fees are reasonable and necessary, with insurer arguing that they are not. On Tuesday, February 7, 2016, the Texas Supreme Court heard oral argument in In re National Lloyds Insurance Company, Wardlaw Claims Service, Inc., and Ideal Adjusting, Inc., Case No. 15-0591, regarding whether a policyholder seeking recovery of its attorneys’ fees should be permitted to discover its insurance company’s attorneys’ fee information—such as hourly rates and time spent on the matter.
As posted earlier today on the Hunton Retail Law Resource blog, Hunton insurance lawyer Michael S. Levine, along with Hunton colleagues Randy S. Parks and Keith Voorheis, discuss five tips to consider when thinking about what cybersecurity insurance requirements you need in your technology transactions.
On February 22nd, Hunton insurance team partner Syed Ahmad and Mary Borja of Wiley Rein LLP will be speaking at the DC Bar’s CLE program “What Every Litigator Should Know About Insurance and How It May Impact Your Case Strategy.” The two hour class will discuss what steps an insured should take to protect claims, the role of insurance in defending and settling claims, and how to preserve attorney-client privileges. To learn more about the event, please visit: http://bit.ly/2k8SCQT.
Date and Time:
Wednesday, February 22, 2017 from 6 pm to 8:15 pm
D.C. Bar Conference Center
1101 K Street NW
(Nearest Metro Stop: Metro Center 12th Street)
Washington DC 20005
Reports of recent cyberattacks continue the discussion we started with yesterday’s blog post about common hurdles to coverage. The hurdle for today’s discussion? Ransomware.
Ransomware attacks are on the rise. Security services company SonicWall reported that ransomware attacks increased by a factor of 167, from 3.8 million in 2015 to 638 million in 2016. Similarly, insurer Beazley reported that ransomware claims quadrupled in 2016, and are expected to double again in 2017.
Despite these trends, many standard cyber forms do not cover ransoms to restore system access or to recover stolen data. Instead, the forms focus on ransoms paid to avoid a breach or the release of personal information. This gap in coverage is easily addressed by endorsement but, surprisingly, many businesses do not have such endorsements.
The risk of this often-unaddressed gap is real. In January, cyber criminals accessed an Austrian hotel’s network and remotely locked the hotel doors, preventing guests from entering their rooms. Efforts to issue new cards were unsuccessful, and breaking down doors would be too costly. In the end, the hotel paid 2 bitcoins (about $1,800) to restore access.
The prisoner’s dilemma caused by ransomware attacks may have more than just monetary consequences. The Cockrell Hill, Texas Police Department lost video evidence and digital documents after hackers took over its computer system. Messages demanded approximately $4,000 of bitcoin for return of the files, which the department refused to pay after consulting with the FBI. In an effort to end the attack, the department wiped its servers clean, but could not restore any files; it turned out that the department’s system backup had captured only the already-infected files. The department claims that none of the lost information was “critical,” but many criminal defense attorneys are already questioning whether that is the case, especially for charges that relied on video evidence.
The amounts at stake may seem small, but successful ransoms promise to encourage larger demands and unsuccessful ransoms may still cause significant expense to manually restore lost data — that is, when that data can even be recovered. And, the consequential interruption to policyholder’s normal business operations may have a substantial financial impact that far exceeds the ransom payment. The solution to these problems should not be to simply stockpile cash to address these risks or to rebuild damaged systems or data. Businesses must actively improve their risk protections, including improving their insurance coverage. Policyholders should begin that process by reading their policies, and working with experienced brokers and coverage counsel to ensure that coverages actually protect against real-world risks.
As discussed Friday on the Hunton Privacy and Information Security Blog, the U.S. Department of Health and Human Services has imposed a non-appealable $3.2 million fine on Children’s Medical Center of Dallas due to breaches of HIPPA-protected information. The breaches allegedly occurred in 2009 (when an employee lost an unencrypted Blackberry containing electronic protected health information (ePHI) for 3,800 individuals); 2010 (when a medical resident lost an “iPod device” synced to a hospital email account, compromising the ePHI of at least 22 individuals); and 2013 (when an unencrypted laptop, which contained ePHI for 2,462 individuals was stolen from the hospital). The government’s investigation allegedly led Children’s Hospital to admit additional thefts of devices containing ePHI in 2008 and 2009.
On February 3, 2017, members of Hunton & Williams’ insurance group, led by Insurance Practice Head Walter Andrews, and firm associate Anna Lazarus, achieved a significant victory in the Eleventh Circuit U.S. Court of Appeals, in Hillsborough County v. Star Insurance Co. The 11th Circuit’s published opinion, available here, addressed an issue of first impression under Florida law involving the impact of Florida’s statutory limitations on liability and an excess liability policy’s self-insured retention. The decision provides substantial guidance under Florida law and will have significant impact on many other cases in the Florida state and federal courts. Hillsborough County concerned an order relieving the policyholder from satisfying its self-insured retention after the court found that the statutory requirement for an intervening act of the Florida legislature frustrated the purpose of the policy. On appeal, and after oral argument, the 11th Circuit unanimously reversed in favor of our client, finding that the policy should be enforced in accordance with its terms. The case demonstrates why policyholders and insurers should be very careful in negotiating policy provisions that may be impacted by statutory liability provisions.
Maryland’s highest court recently held that a policyholder’s failure to provide notice of a lawsuit for two and a half years was no basis for a denial of coverage. The court in Nat’t Union Fire Ins. Co. of Pittsburgh, PA v. Fund for Animals, Inc. held instead that, because National Union could not prove it suffered “actual prejudice” as a result of the late notice, Fund For Animals, Inc. (“FFA”) was entitled to receive the coverage it contracted for under its non-for-profit liability insurance policy (the “Policy”).
Hunton & Williams insurance partner, Syed Ahmad, tells Law360 about trends in D&O liability insurance that are likely to grab headlines in 2017, including the impact of privacy and cyber breaches on corporate executives and the continued fallout from 2015’s “Yates Memo,” emphasizing an increase in government prosecution of individual corporate wrongdoers and incentivizing companies to cooperate in cases against their executives. A link to the article featuring Syed’s comments can be found here.
Hunton & Williams Insurance practice head, Walter Andrews, provides a brief, 5-minute overview, of why members of the real estate industry should be thinking about and obtaining appropriate cyber insurance protection for their real estate operations. Mr. Andrews explains why cyber insurance is different from other insurance products and requires a careful examination of the particular assets and exposures that are to be protected.
On January 27, my colleague, Jennifer White, was quoted in Business Insurance concerning the recent decision in E.M. Sergeant Pulp & Chemical Company, Inc. v. The Travelers Indemnity Company, which she and attorney Brittany Davidson discussed last week on Hunton’s Insurance Recovery Blog. In that case, a federal district court allowed a chemical company to seek coverage and defense costs for Superfund-related claims, despite what the court call “scanty” evidence that the company was even insured during the relevant time period. As Jenn explained to Business Insurance, the court’s decision is significant because the court “balance[d] the evidentiary burdens against the reality of long-term claims, and the reality is that papers and people are often missing by the time the claim is made.” If you have questions about the case, or about your own long-tail claim (for example, involving asbestos or alleged environmental damage), contact Jenn or any member of our or Insurance Coverage Counseling and Litigation team for more information.