The head of Hunton Andrews Kurth’s insurance practice, Walter Andrews, was interviewed earlier this week by ABC 7 (WJLA) concerning the need for cyber insurance and the benefits that it can provide to government contractors and other businesses that are impacted by a cyber event.  Andrews explains the diverse spectrum of benefits that are available through cyber insurance products, but cautions that a serious lack of uniformity exists among today’s cyber insurance products, making it crucial that policyholders carefully analyze their cyber insurance to ensure it provides the scope and amount of insurance they desire.

Continue Reading Hunton Insurance Head Interviewed Concerning the Benefits and Hidden Dangers of Cyber Insurance

The Sixth Circuit has rejected Travelers Casualty & Surety Company’s request for reconsideration of the court’s July 13, 2018 decision, confirming that the insured’s transfer of more than $800,000 to a fraudster after receipt of spoofed e-mails was a direct loss” that was “directly caused by” the use of a computer under the terms of ATC’s crime policy.  In doing so, the court likewise confirmed that intervening steps by the insured, such as following the directions contained in the bogus e-mails, did not break the causal chain so as to defeat coverage for “direct” losses.

Continue Reading Sixth Circuit Declines Reconsideration of American Tooling Center’s “Spoofing” Win

The Second Circuit has rejected Chubb subsidiary Federal Ins. Co.’s request for reconsideration of the court’s July 6, 2018 decision, confirming that the insurer must cover Medidata’s $4.8 million loss under its computer fraud insurance policy.  In July, the court determined that the loss resulted directly from the fraudulent e-mails.  The court again rejected the insurer’s argument that the fraudster did not directly access Medidata’s computer systems.  But the court again rejected that argument, finding that access indeed occurred when the “spoofing” code in emails sent to Medidata employees ended up in Medidata’s computer system.

Continue Reading Second Circuit Stands By Medidata “Spoofing” Decision

In a recent article appearing in Florida’s Daily Business Review (available here), Hunton Insurance Recovery Practice team head, Walter Andrews, explains why phishing and whaling scams should be covered by insurance.  In the article, Andrews notes that recent appellate decisions support policyholders’ reasonable expectations of coverage and reject insurers’ contentions that social engineering losses do not result directly from the use of computers.  Andrews goes on to explain that should a company find itself a victim of a phishing or whaling attack, it should carefully assess its insurance coverage to determine whether it applies to the loss, including under both traditional insurance policies and specialized cyber insurance products, and not be dissuaded by their insurers’ initial denial of coverage.

In a recent post, we discussed the Sixth Circuit’s holding in American Tooling Center, Inc. v. Travelers Casualty and Surety Co. of America, No. 17-2014, 2018 WL 3404708 (6th Cir. July 13, 2018), where the Sixth Circuit reversed the district court’s summary judgment for the insurer, finding coverage under its policy for a fraudulent scheme that resulted in a $834,000.00 loss. The insurer, Travelers, has now asked the Court to reconsider its decision.

Continue Reading Insurance Carriers Tell Circuit Courts To Reconsider Holdings For Coverage In Cybercrime Suits

The Sixth Circuit, in American Tooling Center, Inc. v. Travelers Casualty and Surety Co. of America, No. 17-2014, 2018 WL 3404708 (6th Cir. July 13, 2018), reversed the District Court’s grant of summary judgment in favor of the insurer in a dispute over coverage for a social engineering scheme. The policyholder, American Tooling, lost $800,000 after a fraudster’s email tricked an American Tooling employee into wiring that amount to the fraudster.

Continue Reading Second Major Policyholder Win For Social Engineering Schemes

In a July 9, 2018 article appearing in Insurance Law360, Hunton Andrews Kurth insurance recovery practice head, Walter J. Andrews, explains why the Second Circuit’s decision in Medidata Solutions Inc. v. Federal Insurance Co., No. 17-2492 (2nd Cir. July 6, 2018), affirming coverage for a $4.8 million loss caused by a “phishing” e-mail attack, is a common sense application of the plain language of Medidata’s computer fraud coverage provision.  As Andrews explained, “[c]learly, hijacking — or spoofing — email addresses constitutes an attack on a company’s computer system for which a reasonable policyholder should expect coverage. A computer is a computer is a computer. Everyone knows that — except for insurance companies.”

Continue Reading Hunton Insurance Recovery Practice Head Explains Why Medidata Decision Affirming Phishing Coverage is “Common Sense”

On July 6, 2018, the Second Circuit Court of Appeals affirmed a district court’s summary judgment award in favor of Medidata Solutions, Inc., finding that Medidata’s $4.8 million loss suffered after Medidata was tricked into wiring funds to a fraudulent overseas account, triggered coverage under a commercial crime policy’s computer fraud provision. The decision in Medidata Solutions, Inc. v. Federal Ins. Co., 17-cv-2492 (2d Cir., July 6, 2018), confirms a ruling by District Judge Andrew L. Carter, Jr., in which the district court found that a fraudsters manipulation of Medidata’s computer systems constitutes a fraudulent entry of data into the computer system, since the spoofing code was introduced into the email system.

Continue Reading 2nd Cir. Affirms Medidata’s Spoofing Loss is Covered Under Crime Policy’s Computer Fraud Provision

The construction industry is no stranger to insuring its projects against the risks of physical and natural disasters. Policies purchased to cover these risks, however, often are not broad enough to reach cyber threats, which can be just as damaging and costly as a physical disaster. During the past decade, hacks have targeted the data held by several high profile companies, including Target Corp., Sony Corp., Equifax Inc. and Yahoo Inc.  So far, the construction industry has not yet been at the center of one of these attacks.  Still, builders are no less susceptible to these risks than any other industry, especially given that these companies often possess sensitive data related to buildings and projects.

Continue Reading Construction Industry May Be At Risk For Uncovered Losses Due To Cyber Attacks

Phishing attacks are on the rise, and they are targeting Microsoft’s flagship cloud-based products. According to a report by specialist data breach insurer Beazley, hackers have increased attempted and successful attacks on Microsoft Office 365, especially systems used by financial, health care, and professional services organizations. These attacks are deceptively simple, relying on employees and contractors falling for fake, yet well disguised, Microsoft communications, like a HelpDesk message or a survey. Once employees or contractors interact with these communications, they are prompted to enter personal information, which allows the hackers access to confidential information. This information allows the intruders to steal customer data, initiate bank transfers, and gain access to additional employees’ accounts. Microsoft 365’s default settings compound the dangers of these attacks because they decrease the ability to track how many accounts are compromised.

Continue Reading Insurance Catch Of The Day: Phishing Attacks On The Rise