The Federal Financial Institutions Examination Council (“FFIEC”), a U.S. governmental body comprised of banking regulators, recently issued guidance to financial institutions directing them to consider implementing dedicated cyber insurance programs to offset financial losses resulting from cyber incidents. Financial institutions face a number of potentially crippling risks arising from cyber incidents, including financial, operational, legal, compliance, strategic, and reputational risks resulting from fraud, data loss, or disruption of service. While cyber insurance can mitigate these risks, it is not required by financial regulators, and thus many financial institutions may not have obtained such insurance specifically designed to cover their cyber risks. Nonetheless, the FFIEC now is urging financial institutions to include dedicated cyber insurance as part of a multi-faceted cyber risk management strategy and not to rely solely on traditional insurance. In addition, the FFIEC is recommending that financial institutions have their outside advisors review their potential cyber insurance coverage to ensure that it will cover the relevant risks.
A recent ruling by U.S. District Judge Paul Byron of the Middle District of Florida has made clear that the actual words used in an insurance contract matter. The court, in Mt. Hawley Insurance Co. v. Tactic Security Enforcement, Inc., No. 6:16-cv-01425 (M.D. FL. 2018), denied an insurance company’s motion for summary judgment attempting to rely on an exclusion to deny coverage to its policyholder. The policyholder, Que Rico La Casa Del Mofongo, operated a restaurant establishment in Orlando, Florida, and sought coverage for two negligence lawsuits filed against it for allegedly failing to prevent a shooting and another violent incident on its premises.
As we have previously written, students accused of hazing can obtain coverage under a parent’s homeowners’ policy. See our prior post. A recent New York decision provides the latest example.
A Florida state court has awarded over $5.5 million to singer Gloria Estefan’s hotel company in a lawsuit against Landmark Insurance Company because the insurer wrongly refused to cover building code-related upgrade costs after two 2004 hurricanes, Hurricane Frances and Hurricane Jeanne, severely damaged the hotel property. The case is Pin-Pon Corp. v. Landmark American Ins. Co., No. 312009CA0122-44 (Fla. 19th Cir. Ct. Dec. 28, 2017).
The U.S. District Court for the Middle District of Florida, in Innovak International v. The Hanover Insurance Co., recently granted summary judgment in favor of Hanover Insurance Company finding that it had no duty to defend Innovak against a data breach lawsuit. Innovak, which is a payroll service, suffered a breach of employee personal information, including social security numbers. The employees then filed suit against Innovak alleging it had negligently created a software that allowed personal information to be accessed by third parties. Innovak sought a defense for the lawsuit from its commercial general liability carrier, Hanover Insurance Company. Innovak argued that the employee’s allegations triggered the personal and advertising injury coverage part of the policy, which covers loss arising out of the advertising of the policyholder’s goods or services, invasion of privacy, libel, slander, copyright infringement, and misappropriation of advertising ideas. The court disagreed and found the employees’ allegations did not involve a publication that would trigger coverage under the commercial general liability policy.
In an article that first appeared in Electric Light & Power, Hunton & Williams attorneys Sergio F. Oehninger and Paul T. Moura discuss the growing Electric Vehicle (EV) industry and the risks posed due to the consequential strain on the power grid. As they explain, demand and investment in EVs will likely spur greater demand for supercharging stations that consume significant amounts of electricity. Urban centers and real estate owners are also expected to increase the supply of these stations in order to make these areas more attractive and accessible to EV owners, drone operators, and autonomous vehicle fleets. All of this growth will put increasing demands on electricity supply that can be difficult for businesses to control, leading to grid outages that can cause an interruption in business operations, an inability to access or restore system data, and significant losses of business income. All of this raises the question—Can businesses count on their insurance coverage to respond to the risks posed by EVs?
In the wake of the continued aftermath from Hurricane Irma, Georgia Tech and Central Florida have decided to cancel their game, scheduled for this upcoming Saturday in Orlando. The cancellation joins a long and growing list of games cancelled due to hurricanes in recent weeks. Last weekend alone, Florida State and Louisiana Monroe; Miami and Arkansas State; South Florida and Connecticut; and Florida and Northern Colorado all had to scratch their contests due to the impending arrival of Hurricane Irma. The week before, Hurricane Harvey forced UTSA and Houston to cancel their game, while BYU and LSU had to relocate their game from Houston to New Orleans.
Policyholders are often surprised to hear that their policies cover more than the run-of-the-mill claim. For example, a general liability policy may cover a cyber-related loss. See our prior post. As a more recent example, a federal court in South Carolina found that a parent’s homeowners’ policy obligated an insurer to defend a college student against hazing allegations. Allstate Ins. Co. v. Ingraham, No. 7:15-cv-3212 (D.S.C. Mar. 14, 2017).
Cyber and crime insurance policies have been heavily recommended to address the growing prevalence and types of cyber risks. Walter Andrews and Jennifer White recently authored an article appearing in Risk Management discussing how the purchase of cyber and crime insurance policies alone is not enough to successfully manage these risks. These policies must be carefully evaluated and tailored to the particulars of each organization. The full article is available here. In the article, Andrews and White identify four key questions that every organization must ask when purchasing cyber and crime insurance policies to ensure that their cyber coverage is sufficient to meet their organization’s needs.
Globalization has inspired the development of cross-border business activities, as companies across several industries seek new markets for their goods and services. The dynamic rewards have been accompanied by a corresponding increase in novel risks, and those who rely on traditional risk assessment mechanisms have often been left unnecessarily exposed.