The Superior Court of New Jersey Appellate Division recently upheld a lower court’s finding that the war exclusion in a property insurance policy did not preclude coverage for Merck’s claim stemming from a 2017 cyberattack. The decision is appropriately being heralded as a huge win for policyholders and an affirmance of New Jersey’s longstanding history of protecting policyholders’ reasonable expectations. We previously blogged about developments relating to the war exclusion and the Merck case when it was initially heard by the Appellate Division.
Continue Reading Merck Wins Again in Cyber Coverage Battle
Ohio Supreme Court Launches COVID-19 Holdings into Cyberspace; Denies Coverage for Physical Loss or Damage to Computer Software
Last week, the Ohio Supreme Court ruled in EMOI Services, L.L.C. v. Owners Ins. Co., 2022 WL 17905839 (Ohio, Dec. 27, 2022), that a policyholder did not suffer direct physical loss of or damage to computer media that was encrypted and rendered unusable. The Court reached its ruling even though “media” was defined in the policy to include “computer software,” concluding that software does not have a “physical existence.” The Supreme Court’s decision reverses an Ohio appellate court’s earlier ruling that the cyberattack triggered coverage under a commercial property insurance policy and builds upon plainly distinguishable rulings in COVID-19 business interruption cases, such as Santo’s Italian Café, L.L.C. v. Acuity Ins. Co., 15 F.4th 398, 402 (6th Cir. 2021), where the Sixth Circuit found that government orders issued in response to the COVID-19 pandemic did not physically alter insured property.
Continue Reading Ohio Supreme Court Launches COVID-19 Holdings into Cyberspace; Denies Coverage for Physical Loss or Damage to Computer Software
Back to School Blues: Risk Exposures Affecting Higher Education
Like other policyholders, hard insurance market trends, aggravated by cybersecurity risks, climate change, and COVID-19, have hit higher education policyholders, yielding reduced or limited coverages for increased premiums. These conditions – reduced coverages and higher premiums – are symptoms of a “hard” insurance market. (A hard market is caused by a mismatch between policyholders’ waxing demand for coverage and insurers’ waning risk appetite.) But higher education policyholders face unique risks that exacerbate existing market conditions, including:
Continue Reading Back to School Blues: Risk Exposures Affecting Higher Education
Hunton Andrews Kurth Attorneys Weigh In On How To Minimize Cyberattack Risks With Insurance
Hunton insurance attorneys, Walter Andrews, Andrea DeField, and Sima Kazmir, recently published an article in the Daily Business Review, discussing the scrutiny that companies face as a result of increased cyberattacks as well as tips for your next cyber insurance renewal.
Continue Reading Hunton Andrews Kurth Attorneys Weigh In On How To Minimize Cyberattack Risks With Insurance
Key Takeaways From OFAC’s Recent Guidance: Carefully Scrutinize Insurance Coverage And Respond To Cyber Incidents With The Assistance of Experienced Advisors
On September 21, 2021 and October 15, 2021, the US Treasury Department’s Office of Foreign Assets Control (OFAC) issued reminders of the sanctions risks for facilitating ransom payments to designated malicious cyber actors. As discussed in our prior blogpost on OFAC’s October 1, 2020 advisory, OFAC has made clear that it is increasingly willing to bring enforcement actions against entities, including cyber insurers, that facilitate payments to sanctioned threat actors on behalf of corporate victims.
Continue Reading Key Takeaways From OFAC’s Recent Guidance: Carefully Scrutinize Insurance Coverage And Respond To Cyber Incidents With The Assistance of Experienced Advisors
While OFAC Cautions Cyber Insurers About Facilitating Ransomware Payments, Policyholders Should Ensure They’re Covered
Is it illegal for an insurer to pay the ransom demanded in a cyber extortion or ransomware attack on its insured? According to the US Department of the Treasury’s Office of Foreign Assets Control’s (“OFAC”) October 1, 2020 advisory (“OFAC Advisory”), in certain situations, it may be.
Continue Reading While OFAC Cautions Cyber Insurers About Facilitating Ransomware Payments, Policyholders Should Ensure They’re Covered
Hunton Insurance Partners Andrews and Levine Comment to Law360 and Business Insurance on Recent Ransomware Coverage Win for National Ink
A Maryland federal court recently awarded summary judgment to National Ink and Stitch, finding coverage for a cyber-attack under a non-cyber insurance policy after the insured’s server and networked computer system were damaged as a result of a ransomware attack. We discussed the significance of the decision in a January 27 blog post that can be found here.
Continue Reading Hunton Insurance Partners Andrews and Levine Comment to Law360 and Business Insurance on Recent Ransomware Coverage Win for National Ink
Maryland Court Finds Coverage For Lost Data And Slow Computers After Ransomware Attack
A Maryland federal court awarded summary judgment last week to policyholder National Ink in National Ink and Stitch, LLC v. State Auto Property And Casualty Insurance Company, finding coverage for a cyber-attack under a non-cyber insurance policy after the insured’s server and networked computer system were damaged as a result of a ransomware attack. This is significant because it demonstrates that insureds can obtain insurance coverage for cyber-attacks even if they do not have a specific cyber insurance policy.
Continue Reading Maryland Court Finds Coverage For Lost Data And Slow Computers After Ransomware Attack
Hunton Insurance Team Head Walter Andrews Comments On FBI’s Guidelines For Ransomware Payments
In a recent Global Data Review article, Hunton Andrews Kurth insurance practice head Walter Andrews commented on the FBI’s guidelines on ransomware payments and the insurance industry’s aggressive marketing of ransomware policies, noting that policyholders now have a resource that can help cover the cost of such an attack. The full Global Data Review article
Will Insurers Declare “War”? The War Exclusion, the Ransomware Attack on Baltimore, and the NSA Cyber-Tool?
The City of Baltimore is the latest victim of increasingly common ransomware attacks. On May 7, 2019, unidentified hackers infiltrated Baltimore’s computer system using a cyber-tool named EternalBlue, developed originally by the United States National Security Agency to identify vulnerabilities in computer systems. However, the NSA lost control of EternalBlue, and since 2017, cybercriminals have used it to infiltrate computer systems and demand payment in exchange for relinquishing control. For instance, in Baltimore, the hackers have frozen the City’s e-mail system and disrupted real estate transactions and utility billing systems, among many other things. The hackers reportedly demanded roughly $100,000 in Bitcoin to restore Baltimore’s system. The city has refused to pay.
Continue Reading Will Insurers Declare “War”? The War Exclusion, the Ransomware Attack on Baltimore, and the NSA Cyber-Tool?