The Eastern District of Pennsylvania recently gave another reminder why cyber insurance should be part of any comprehensive insurance portfolio. In Construction Financial Administration Services, LLC v. Federal Insurance Company, No. 19-0020 (E.D. Pa. June 9, 2022), the court rejected a policyholder’s attempt to find coverage under its professional liability insurance for a social engineering incident that defrauded over $1 million.
Construction Financial Administrative Services, which goes by CFAS, disburses funds to contractors. One of its clients, SWF Constructors, was hacked, and a bad actor posing as the client asked CFAS to distribute $600,000 to a sham third party. John Follmer, an executive at CFAS and the only person authorized to approve distribution of funds, approved it. The next day, the bad actor, again posing as the client, asked Follmer to transfer an additional $700,000. Follmer approved that distribution too.

Continue Reading Don’t Put All Your Eggs in the Silent-Cyber Basket

As businesses continue to increase their reliance on technology, they are bound to face the inevitable risks associated with online transactions and other cyber exposures. This, in turn, emphasizes the importance of having the proper insurance policies and compliance methods in place to prevent or, at least, mitigate losses that ensue from these risks. In this context, many insurance policies require that there be a “direct” loss for there to be coverage, which has spawned numerous lawsuits about what the word “direct” means. The latest court to weigh in has sided with the insured and interpreted that term broadly to essentially mean proximate causation.
Continue Reading Court Does Not Beat Around The Bush and Is Rather Direct In Rejecting Insurer’s Causation Argument In Computer Fraud Claim

With the circumstances in Ukraine intensifying and companies either shutting down or suspending operations in the region, the sparingly used war exclusion will become more relevant as policyholders seek to recover losses. The economic effects will be broadly felt. Some companies may have to close operations entirely, some partially, and others may have their supply chains severely disrupted. This is compounded by the worldwide risk of cyber-incidents. The US government has been adamantly warning companies to protect themselves against cyberattacks. The impact on policyholders, however, may take different forms, potentially implicating their business interruption, contingent business interruption, cyber, shipping and cargo, and political risk insurance coverages. These are only a few examples. Other coverages could be implicated.
Continue Reading The War Exclusion Will Be a Leading Issue in the Months and Years Ahead

Recently, the Ninth Circuit dealt with a case involving a scenario that is becoming all too common. In Ernst & Haas Mgmt. Co., Inc. v. Hiscox, Inc., 23 F.4th 1195 (9th Cir. 2022), a property management company’s accounts payable clerk received several e-mails from her supervisor instructing her to pay some invoices. Unbeknownst to the clerk, these e-mails did not originate with her supervisor, but were actually part of a fraudulent scheme to elicit fraudulent bank transfers. The clerk paid off hundreds of thousands of dollars in “invoices” before becoming suspicious but, by then, it was too late and the damage was done.
Continue Reading A Win for Policyholders Who Are Victims of Fraudulent Bank Transfer Schemes

Hunton insurance attorneys, Walter Andrews, Andrea DeField, and Sima Kazmir, recently published an article in the Daily Business Review, discussing the scrutiny that companies face as a result of increased cyberattacks as well as tips for your next cyber insurance renewal.
Continue Reading Hunton Andrews Kurth Attorneys Weigh In On How To Minimize Cyberattack Risks With Insurance

A commentator recently summed up the risk of ransomware attack in 2022: “we’re all screwed.” True enough. But that’s all the more reason to prepare right now. After all, the only thing worse than a ransomware attack is not having adequate insurance coverage when it occurs. The time to prepare is now.
Continue Reading As Ransomware Proliferates, Insurance Can Help

An Ohio appellate court held last month that a cyberattack triggered coverage under a commercial property insurance policy in the case EMOI Services, LLC v. Owners Insurance Company, No. 29128, 2021 WL 5144828 (Ohio Ct. App. Nov. 5, 2021).  This is good news for policyholders in light of widespread cyberattacks over the last two years, and rising premiums in today’s cyber insurance markets. The decision also has wider implications, including in suits seeking coverage for losses caused by COVID-19 under property insurance policies.
Continue Reading Ohio Appellate Court Upholds Coverage for Cyberattacks Under Commercial Property Policies

Social engineering attacks, particularly fraudulent transfers, are becoming one of the most utilized cyber scams.  As a result, there has been a flurry of litigation, and a patchwork of decisions, concerning coverage disputes over social engineering losses.  Most recently, the United States District Court for the Eastern District of Virginia found in Midlothian Enterprises, Inc. v. Owners Insurance Company, that a so-called “voluntary parting” exclusion provision in a crime policy should exclude coverage for a fraudulent transfer social engineering scheme.  The decision illustrates why policyholders must vigilantly analyze their insurance policies to ensure that their coverages keep pace with what has proven to be a rapidly evolving risk landscape.

Continue Reading Voluntary Parting Exclusion Bars Coverage for Social Engineering Scheme

The members of Hunton’s Insurance Recovery group present regularly on today’s hot topic insurance coverage issues. Upcoming insurance presentations for March 2020 include:

As crypto-asset losses continue to rise, the industry is taking steps to protect clients and investors through insurance. Crypto-exchange and custody provider, Gemini Trust Company, LLC (“Gemini”), recently launched its own captive insurance provider, Nakamoto, Ltd. Captive insurance is an alternative to self-insurance whereby a company creates a licensed insurance company to provide coverage for itself. According to a statement from Gemini, Nakamoto is “the world’s first captive to insure crypto custody” and allows Gemini “to increase its insurance capacity beyond the coverage currently available in the commercial insurance market” for cryptocurrency wallets not connected to the internet, commonly referred to as “cold storage.” According to Gemini, this move makes Nakamoto the world’s most insured crypto-asset cold storage solution, which signals an expectation of increased demand in the crypto market.

Continue Reading Captive Insurance Offers Protection to Growing Crypto-Currency Industry