Rosen Millennium Inc. (“Millennium”), the cyber security and IT support subsidiary of Rosen Hotels & Resorts, Inc., has appealed to the Eleventh Circuit contending that a Florida federal court ignored Florida insurance law when it ruled that Travelers Insurance Company has no duty to defend it against a multimillion dollar claim arising out of a cybersecurity breach.

Continue Reading

Notwithstanding the absence of a congressional war declaration since Japan bombed Pearl Harbor, Zurich American Insurance Company has invoked a “war exclusion” in an attempt to avoid covering Illinois snack food and beverage company Mondelez International Inc.’s expenses stemming from its exposure to the NotPetya virus in 2017. The litigation, Mondelez Intl. Inc. v. Zurich Am. Ins. Co., No. 2018-L-11008, 2018 WL 4941760 (Ill. Cir. Ct., Cook Cty., complaint filed Oct. 10, 2018), remains pending in an Illinois state court.
Continue Reading

Hunton Andrews Kurth insurance partner Michael Levine was recently interviewed by LegalTech News concerning Ohio’s recent adoption of the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. The law, modeled after the New York State Department of Financial Services Cybersecurity Requirements for Financial Service Companies Act, seeks to provide a framework for

New cybersecurity rules for insurance companies licensed in South Carolina are set to take effect in part on January 1, 2019. The new law is the first in the United States to be enacted based on the data security model law drafted by the National Association of Insurance Commissioners. The law requires licensed insurance companies to notify state insurance authorities of data breaches within 72 hours of confirming that nonpublic information in the company’s (or a service provider’s) system was “disrupted, misused, or accessed without authorization.” The breach reporting requirement is in addition to notification obligations imposed under South Carolina’s breach notification law and applies if the insurance company has a permanent location in the state or if the breach affects at least 250 South Carolina residents, among other criteria. The 72-hour notice requirement takes effect January 1, 2019.
Continue Reading

The head of Hunton Andrews Kurth’s insurance practice, Walter Andrews, was interviewed earlier this week by ABC 7 (WJLA) concerning the need for cyber insurance and the benefits that it can provide to government contractors and other businesses that are impacted by a cyber event.  Andrews explains the diverse spectrum of benefits that are available through cyber insurance products, but cautions that a serious lack of uniformity exists among today’s cyber insurance products, making it crucial that policyholders carefully analyze their cyber insurance to ensure it provides the scope and amount of insurance they desire.

Continue Reading

A California federal court found coverage under AIG’s general liability policy for the defense and indemnity of email scanning suits against Yahoo!. Those suits generally alleged that Yahoo! profited off of scanning its users’ emails. Because the allegations gave rise to the possibility that Yahoo! disclosed private content to a third party, the court found

Hunton Andrews Kurth insurance practice head, Walter Andrews, recently commented to the Global Data Review regarding the infirmities underlying an Orlando, Florida federal district court’s ruling that an insurer does not have to defend its insured for damage caused by a third-party data breach.

Continue Reading

As reported yesterday in Business Insurance, Lloyd’s of London underwriters have agreed to insure digital currency storage company, Kingdom Trust Co., against theft and destruction of cryptocurrency assets.  The cover comes after almost a decade-long search by Kingdom Trust for insurance to cover its crypto-assets.  According to the BI, Kingdom Trust sees the availability of insurance as a key factor in bringing institutional investors into the marketplace by dispelling concerns about lack of traditional safeguards in the emerging crypto-asset space.

Continue Reading

The Sixth Circuit has rejected Travelers Casualty & Surety Company’s request for reconsideration of the court’s July 13, 2018 decision, confirming that the insured’s transfer of more than $800,000 to a fraudster after receipt of spoofed e-mails was a direct loss” that was “directly caused by” the use of a computer under the terms of ATC’s crime policy.  In doing so, the court likewise confirmed that intervening steps by the insured, such as following the directions contained in the bogus e-mails, did not break the causal chain so as to defeat coverage for “direct” losses.

Continue Reading

The Second Circuit has rejected Chubb subsidiary Federal Ins. Co.’s request for reconsideration of the court’s July 6, 2018 decision, confirming that the insurer must cover Medidata’s $4.8 million loss under its computer fraud insurance policy.  In July, the court determined that the loss resulted directly from the fraudulent e-mails.  The court again rejected the insurer’s argument that the fraudster did not directly access Medidata’s computer systems.  But the court again rejected that argument, finding that access indeed occurred when the “spoofing” code in emails sent to Medidata employees ended up in Medidata’s computer system.

Continue Reading