Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Cyber Insurance Experiencing Future Shock
The idea of "Future Shock "— that an accelerated pace of change causes social and psychological disruptions — dates from Alvin Toffler's 1970 book of the same name. As it copes with the mutable nature of cyber risks, the Insurance industry is experiencing such a shock. Insurers who write cyber liability policies are well-equipped to manage such claims, but what about carriers and adjusters who face such claims under more traditional policies — also known as "Silent Cyber?" This article aims to help non-cyber risk adjusters who may have to oversee such a claim.
|Expanding Liability
Recent court decisions show how a cyber claim can arise under a traditional policy:
|- A Maryland federal district court determined that a ransomware attack — and the insured's attempts to remedy that attack — caused "direct physical loss or damage" to the insured's computer system by slowing the system and making it less useful. The carrier argued that the critical issue was whether the software or data had been damaged, and that both were intangible. The court reasoned that the business owner's policy listed among covered items "data stored" on physical media, including software. Thus, the policy contemplated that these things could experience direct physical loss or damage. Nat'l Ink and Stitch, LLC v. State Auto Prop. and Cas. Ins. Co., 435 F.Supp.3d 679 (D. Md. 2020).
- Under a similar policy, Ohio's Court of Appeals determined that the encryption of a company's data — when hackers locked the data after gaining access to the company's systems — may fall within the definition of "direct physical damage." The court noted that in addition to damage to data and media, the attack resulted in the company's phone system being completely unworkable. EMO Servs., LLC v. Owners Ins. Co., 2021 Ohio App. LEXIS 3849. The Supreme Court of Ohio has accepted review.
- A company that operated restaurants, hotels, and casinos suffered a data breach which led to the loss of customer credit card data. A credit card processor sued the company after a data breach seeking to recover $20,000,000 in assessments from MasterCard. The company in sough coverage from its insurer under a commercial general liability policy. The United States Court of Appeals for the 5th Circuit Court found that the retail company's loss of the data was a "publication" of that information that triggered "personal and advertising injury" coverage. The insurer had to defend the case against the retail company because the complaint alleged that the breach had exposed consumer data and violated the right of the consumers to keep credit card data private. Landry's, Inc. v. Ins. Co. of the Pa., 4 F.4th 366 (5th Cir. 2021).
- The most recent example comes from the court that reversed itself. Target's 2013 breach led to $138 million in losses, including $74 million to replace credit cards that were compromised. After finding no coverage in a 2021 ruling, the court changed its mind in March 2022, ruling that the loss of use of the compromised cards had occurred to "tangible property that is not physically injured." Target Corp. v. Ace Am. Ins. Co., 19-cv-2916 (WMW/DTS), 2022 U.S. Dist. LEXIS 51044 (D. Minn. Mar. 22, 2022).
What Makes Cyber Claims So Difficult?
As the cases above show, cyber claims can have huge stakes. This has caused insurers to try to clarify when such losses are covered. They have tried to exclude cyber liability from traditional policies for more than a decade, seeking to push coverage for such claims towards cyber-insurance policies. But this is where the Future Shock comes; insurers cannot write new policy language as quickly as hackers change their tactics. Freeman Mathis & Gary partner Jonathan Schwartz pointed this out in a recent interview with Law 360: While insurers are "writing a policy and accepting premium based on the risk that they're assuming," the criminals' changing tactics force courts to apply policies that may not be tailored to the new circumstances. This is how adjusters who handle claims under traditional policies may find themselves adjusting what seems like a cyber loss.
|Tips for Non-Cyber Adjusters
1. Recognize the Need for Speed
This premium content is locked for Entertainment Law & Finance subscribers only
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
- Stay current on the latest information, rulings, regulations, and trends
- Includes practical, must-have information on copyrights, royalties, AI, and more
- Tap into expert guidance from top entertainment lawyers and experts
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
How Secure Is the AI System Your Law Firm Is Using?
In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.
COVID-19 and Lease Negotiations: Early Termination Provisions
During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.
Pleading Importation: ITC Decisions Highlight Need for Adequate Evidentiary Support
The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.
The Power of Your Inner Circle: Turning Friends and Social Contacts Into Business Allies
Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.
Authentic Communications Today Increase Success for Value-Driven Clients
As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.