Cyber

Subscribe to Cyber

For many, the “metaverse” sounds like some obscure sci-fi fantasyland. You may be asking, where is it? How does one get there? Chances are, if you are reading this article on a screen then you are already interacting with what could be described as the metaverse. One thing is certain though, if the metaverse is

Last week, the Ohio Supreme Court ruled in EMOI Services, L.L.C. v. Owners Ins. Co., 2022 WL 17905839 (Ohio, Dec. 27, 2022), that a policyholder did not suffer direct physical loss of or damage to computer media that was encrypted and rendered unusable. The Court reached its ruling even though “media” was defined in the policy to include “computer software,” concluding that software does not have a “physical existence.” The Supreme Court’s decision reverses an Ohio appellate court’s earlier ruling that the cyberattack triggered coverage under a commercial property insurance policy and builds upon plainly distinguishable rulings in COVID-19 business interruption cases, such as Santo’s Italian Café, L.L.C. v. Acuity Ins. Co., 15 F.4th 398, 402 (6th Cir. 2021), where the Sixth Circuit found that government orders issued in response to the COVID-19 pandemic did not physically alter insured property.
Continue Reading Ohio Supreme Court Launches COVID-19 Holdings into Cyberspace; Denies Coverage for Physical Loss or Damage to Computer Software

A federal court recently found that a policyholder adequately plead that a loss of hundreds of thousands of dollars through wire fraud is covered under a commercial crime policy. In Landings, Yacht, Golf, and Tennis Club v. Travelers Casualty and Surety Company of America Case No. 2:22-cv-00459 , Landings Yacht, Golf, and Tennis Club (“Landings”) sued Travelers Casualty and Surety Company of America (“Travelers”) under a crime policy for denying coverage for: (1) about $6,885.79 in unauthorized withdrawals (“First Withdrawal”) from users purporting to be Landings and (2) $575,723.95 in withdrawals made by a third-party purporting to act on behalf of Landings (“Second Withdrawal”).
Continue Reading Covered Members Only: Federal Court Accepts Yacht Club’s Wire Fraud Allegations

From IRS rulings that “virtual currency” is taxed as “property” to an SEC lawsuit claiming that digital assets are “securities” under federal law, meteoric growth of the largely unregulated crypto industry has raised numerous questions about whether crypto-related risks are covered by insurance. In the latest example of the intersection of crypto and insurance, a California federal court recently held that cryptocurrency stolen from a Coinbase account did not constitute a covered loss under a homeowner’s insurance policy. The fundamental issue was whether the stolen crypto met the policy’s requirement for “direct physical loss to property” and, more specifically, whether the losses were “physical” in nature. The court ruled against coverage, reasoning that lost control of cryptocurrency is not a direct physical loss as a matter of California law.
Continue Reading California Holds Stolen Cryptocurrency Does Not Qualify as “Physical” Loss Under Homeowners’ Policy

Like other policyholders, hard insurance market trends, aggravated by cybersecurity risks, climate change, and COVID-19, have hit higher education policyholders, yielding reduced or limited coverages for increased premiums. These conditions – reduced coverages and higher premiums – are symptoms of a “hard” insurance market. (A hard market is caused by a mismatch between policyholders’ waxing demand for coverage and insurers’ waning risk appetite.) But higher education policyholders face unique risks that exacerbate existing market conditions, including:

Continue Reading Back to School Blues: Risk Exposures Affecting Higher Education

The Eastern District of Pennsylvania recently gave another reminder why cyber insurance should be part of any comprehensive insurance portfolio. In Construction Financial Administration Services, LLC v. Federal Insurance Company, No. 19-0020 (E.D. Pa. June 9, 2022), the court rejected a policyholder’s attempt to find coverage under its professional liability insurance for a social engineering incident that defrauded over $1 million.
Construction Financial Administrative Services, which goes by CFAS, disburses funds to contractors. One of its clients, SWF Constructors, was hacked, and a bad actor posing as the client asked CFAS to distribute $600,000 to a sham third party. John Follmer, an executive at CFAS and the only person authorized to approve distribution of funds, approved it. The next day, the bad actor, again posing as the client, asked Follmer to transfer an additional $700,000. Follmer approved that distribution too.

Continue Reading Don’t Put All Your Eggs in the Silent-Cyber Basket

As businesses continue to increase their reliance on technology, they are bound to face the inevitable risks associated with online transactions and other cyber exposures. This, in turn, emphasizes the importance of having the proper insurance policies and compliance methods in place to prevent or, at least, mitigate losses that ensue from these risks. In this context, many insurance policies require that there be a “direct” loss for there to be coverage, which has spawned numerous lawsuits about what the word “direct” means. The latest court to weigh in has sided with the insured and interpreted that term broadly to essentially mean proximate causation.
Continue Reading Court Does Not Beat Around The Bush and Is Rather Direct In Rejecting Insurer’s Causation Argument In Computer Fraud Claim

With the circumstances in Ukraine intensifying and companies either shutting down or suspending operations in the region, the sparingly used war exclusion will become more relevant as policyholders seek to recover losses. The economic effects will be broadly felt. Some companies may have to close operations entirely, some partially, and others may have their supply chains severely disrupted. This is compounded by the worldwide risk of cyber-incidents. The US government has been adamantly warning companies to protect themselves against cyberattacks. The impact on policyholders, however, may take different forms, potentially implicating their business interruption, contingent business interruption, cyber, shipping and cargo, and political risk insurance coverages. These are only a few examples. Other coverages could be implicated.
Continue Reading The War Exclusion Will Be a Leading Issue in the Months and Years Ahead

Recently, the Ninth Circuit dealt with a case involving a scenario that is becoming all too common. In Ernst & Haas Mgmt. Co., Inc. v. Hiscox, Inc., 23 F.4th 1195 (9th Cir. 2022), a property management company’s accounts payable clerk received several e-mails from her supervisor instructing her to pay some invoices. Unbeknownst to the clerk, these e-mails did not originate with her supervisor, but were actually part of a fraudulent scheme to elicit fraudulent bank transfers. The clerk paid off hundreds of thousands of dollars in “invoices” before becoming suspicious but, by then, it was too late and the damage was done.
Continue Reading A Win for Policyholders Who Are Victims of Fraudulent Bank Transfer Schemes

Hunton insurance attorneys, Walter Andrews, Andrea DeField, and Sima Kazmir, recently published an article in the Daily Business Review, discussing the scrutiny that companies face as a result of increased cyberattacks as well as tips for your next cyber insurance renewal.
Continue Reading Hunton Andrews Kurth Attorneys Weigh In On How To Minimize Cyberattack Risks With Insurance