Hunton Andrews Kurth insurance practice head, Walter Andrews, recently commented to the Global Data Review regarding the infirmities underlying an Orlando, Florida federal district court’s ruling that an insurer does not have to defend its insured for damage caused by a third-party data breach.
In a recent article appearing in Florida’s Daily Business Review (available here), Hunton Insurance Recovery Practice team head, Walter Andrews, explains why phishing and whaling scams should be covered by insurance. In the article, Andrews notes that recent appellate decisions support policyholders’ reasonable expectations of coverage and reject insurers’ contentions that social engineering losses do not result directly from the use of computers. Andrews goes on to explain that should a company find itself a victim of a phishing or whaling attack, it should carefully assess its insurance coverage to determine whether it applies to the loss, including under both traditional insurance policies and specialized cyber insurance products, and not be dissuaded by their insurers’ initial denial of coverage.
In a recent post, we discussed the Sixth Circuit’s holding in American Tooling Center, Inc. v. Travelers Casualty and Surety Co. of America, No. 17-2014, 2018 WL 3404708 (6th Cir. July 13, 2018), where the Sixth Circuit reversed the district court’s summary judgment for the insurer, finding coverage under its policy for a fraudulent scheme that resulted in a $834,000.00 loss. The insurer, Travelers, has now asked the Court to reconsider its decision.
In a July 9, 2018 article appearing in Insurance Law360, Hunton Andrews Kurth insurance recovery practice head, Walter J. Andrews, explains why the Second Circuit’s decision in Medidata Solutions Inc. v. Federal Insurance Co., No. 17-2492 (2nd Cir. July 6, 2018), affirming coverage for a $4.8 million loss caused by a “phishing” e-mail attack, is a common sense application of the plain language of Medidata’s computer fraud coverage provision. As Andrews explained, “[c]learly, hijacking — or spoofing — email addresses constitutes an attack on a company’s computer system for which a reasonable policyholder should expect coverage. A computer is a computer is a computer. Everyone knows that — except for insurance companies.”
The construction industry is no stranger to insuring its projects against the risks of physical and natural disasters. Policies purchased to cover these risks, however, often are not broad enough to reach cyber threats, which can be just as damaging and costly as a physical disaster. During the past decade, hacks have targeted the data held by several high profile companies, including Target Corp., Sony Corp., Equifax Inc. and Yahoo Inc. So far, the construction industry has not yet been at the center of one of these attacks. Still, builders are no less susceptible to these risks than any other industry, especially given that these companies often possess sensitive data related to buildings and projects.
The Federal Financial Institutions Examination Council (“FFIEC”), a U.S. governmental body comprised of banking regulators, recently issued guidance to financial institutions directing them to consider implementing dedicated cyber insurance programs to offset financial losses resulting from cyber incidents. Financial institutions face a number of potentially crippling risks arising from cyber incidents, including financial, operational, legal, compliance, strategic, and reputational risks resulting from fraud, data loss, or disruption of service. While cyber insurance can mitigate these risks, it is not required by financial regulators, and thus many financial institutions may not have obtained such insurance specifically designed to cover their cyber risks. Nonetheless, the FFIEC now is urging financial institutions to include dedicated cyber insurance as part of a multi-faceted cyber risk management strategy and not to rely solely on traditional insurance. In addition, the FFIEC is recommending that financial institutions have their outside advisors review their potential cyber insurance coverage to ensure that it will cover the relevant risks.
The Daily Business Review, an ALM publication covering the south Florida business community, has named Hunton’s Insurance practice head, Walter Andrews, as a recipient of its 2018 Professional Excellence Award. The award recognizes exemplary work by attorneys in the legal profession and community. The award is a precursor to an event hosted by the Daily Business Review on May 30 at the Rusty Pelican in Miami, where one of this year’s three Professional Excellence Award winners will be named Attorney of the Year. Congratulations, and good luck Walter!
A recent ruling by U.S. District Judge Paul Byron of the Middle District of Florida has made clear that the actual words used in an insurance contract matter. The court, in Mt. Hawley Insurance Co. v. Tactic Security Enforcement, Inc., No. 6:16-cv-01425 (M.D. FL. 2018), denied an insurance company’s motion for summary judgment attempting to rely on an exclusion to deny coverage to its policyholder. The policyholder, Que Rico La Casa Del Mofongo, operated a restaurant establishment in Orlando, Florida, and sought coverage for two negligence lawsuits filed against it for allegedly failing to prevent a shooting and another violent incident on its premises.
With the wave of wage and hour litigation showing no signs of receding, employers often have questions about whether they should consider insurance coverage for these claims. In the first of this two-part interview, Hunton & Williams partners Emily Burkhardt Vicente and Walter Andrews discuss what employers need to understand about insurance coverage for state and federal wage and hour claims. View the 5-minute video here.