Social engineering attacks, particularly fraudulent transfers, are becoming one of the most utilized cyber scams.  As a result, there has been a flurry of litigation, and a patchwork of decisions, concerning coverage disputes over social engineering losses.  Most recently, the United States District Court for the Eastern District of Virginia found in Midlothian Enterprises, Inc. v. Owners Insurance Company, that a so-called “voluntary parting” exclusion provision in a crime policy should exclude coverage for a fraudulent transfer social engineering scheme.  The decision illustrates why policyholders must vigilantly analyze their insurance policies to ensure that their coverages keep pace with what has proven to be a rapidly evolving risk landscape.

Continue Reading

On November 4, Michael Levine and Matthew McLellan provided commentary for Westlaw about the Fifth Circuit’s recent decision in Apache Corp. v. Great American Insurance Co., No. 15-20499, 2016 WL 6090901 (5th Cir. Oct. 18, 2016), on which Michael Levine had previously written a blog post. In the Westlaw Journal: Computer and Internet,

In a seemingly illogical decision, the Fifth Circuit Court of Appeals ruled in Apache Corp. v. Great American Ins. Co., No 15-20499 (5th Cir. Oct. 18, 2016), that loss resulting from a fraudulent e-mail did not trigger coverage under a crime policy’s “computer fraud” coverage because the loss was not the “direct result” of computer use.

Continue Reading

A federal judge in Georgia held last week that a Commercial Crime Policy must cover a $1.7 million wire-transfer of funds precipitated by a fraudulent e-mail, purportedly authored by one of the insured’s managing directors. The decision marks yet another attempt by insurers to improperly narrow the scope of coverage afforded for cyber and technology-related losses.

Continue Reading