To follow up on our post last week recapping a recent Ninth Circuit decision regarding coverage for losses from a social engineering scheme, federal appellate courts continue to examine the coverage available for such losses. As Law360 highlighted, and as we previously reported (here, here, here, and here), appeals are pending in the Second, Sixth, and Eleventh circuits. These cases, some of which involve lower court findings of coverage while others do not, show that coverage for social engineering scams remains hotly contested, which means policyholders must carefully consider such coverage when purchasing insurance. While more and more insurers have introduced endorsements designed to specifically address social engineering schemes, as Hunton attorney Patrick McDermott recently pointed out in a separate Law360 piece, one issue policyholders ought to consider is “whether an endorsement providing coverage for losses resulting from social engineering schemes actually narrows the coverage available for those losses.”
On April 17, 2018, the Ninth Circuit affirmed a district court decision finding that an exclusion barred coverage for a $700,000 loss resulting from a social engineering scheme. Aqua Star (USA) Corp. v. Travelers Cas. & Surety Co. of Am., No. 16-35614 (9th Cir. Apr. 17, 2018). The scheme involved fraudsters who, while posing as employees, directed other employees to change account information for a customer. The employees changed the account information and sent four payments to the fraudsters.
As we have previously written, students accused of hazing can obtain coverage under a parent’s homeowners’ policy. See our prior post. A recent New York decision provides the latest example.
In an article recently featured in FC&S Legal, Hunton & Williams insurance lawyers Syed Ahmad and Patrick McDermott discuss ways to guard against waiver of the attorney-client privilege when cooperating with insurers providing Representations & Warranties insurance coverage. The full article can be found here.
In a recent brief filed in the Sixth Circuit, American Tooling Center, Inc. argued that the appellate court should reverse the district court’s decision finding no insurance coverage for $800,000 that American Tooling lost after a fraudster’s email tricked an employee into wiring that amount to the fraudster. As we previously reported here, the district court found the insurance policy did not apply because it concluded that American Tooling did not suffer a “direct loss” that was “directly caused by computer fraud,” as required for coverage under the policy. The district count pointed to “intervening events” like the verification of production milestones, authorization of the transfers, and initiating the transfers without verifying the bank account information and found that those events precluded a “finding of ‘direct’ loss ‘directly caused’ by the use of any computer.”
Last week Bloomberg Law launched an online “cyber insurance suite” authored by Hunton attorneys, Walter J. Andrews, Sergio F. Oehninger, and Patrick M. McDermott. The online suite, available here and to Bloomberg subscribers, covers all aspects of cyber insurance, including identifying the major cyber risks and liabilities, applying for and obtaining cyber insurance coverage, and submitting claims under cyber coverages. It also contains an overview of case law evaluating coverage for cyber liabilities under traditional insurance policies and under cyber specific insurance policies. Hunton will regularly update the suite as the risks, coverages, and law continues to develop.
A California state court recently rejected an excess insurer’s attempt at an early exit from litigation over whether it owes coverage for cyber liabilities. In that case (previously summarized here), the policyholder, Cottage Health, suffered a data breach resulting in the disclosure of patients’ private medical information. Subject to a reservation of rights, Cottage Health’s primary insurer, Columbia Casualty, paid millions of dollars to help respond to the data breach and to defend and settle a class action lawsuit filed against Cottage Health. Cottage Health’s excess insurer was Lloyd’s.
A recent decision highlights the need for businesses to carefully consider the applicability of insurance coverage across borders. In this case, the owners of an Idaho restaurant traveled to Thailand for business related to the restaurant. While in Thailand, thieves stole uniforms and decorations from the owners, who then submitted an insurance claim. The insurer denied the claim because the policy only covered property within the “coverage territory,” which was limited to the U.S., its territories, and Canada.
In prior posts (here and here), we have highlighted some potential coverage concerns for losses arising out of the use of blockchain technology. However, as previously reported, Blockchain technology’s relevance to insurance is not limited to coverage for losses. In fact, earlier this week, the Blockchain Insurance Industry Initiative known as B3i expanded its membership to include heavyweight insurance companies like Chubb, AIG, and Gen Re as well as notable insurance and reinsurance brokers like Marsh, Guy Carpenter, Willis Re, and JLT Re.
In an article in the September issue of ABA Business Law Today, Hunton & Williams attorneys Lorie Masters, Sergio F. Oehninger, and Patrick McDermott discuss the increasing use of blockchain technology, the security of the technology, and insuring against the relevant risks. As they explain, the “potential disruptive uses of blockchain technology in the marketplace have been compared to that of the Internet.” Thus, businesses across industries should consider their insurance would cover risks arising out of the use of blockchain technology. The authors point out that current cyber insurance coverages leave unanswered questions about the extent of coverage for such risks.