Five Takeaways from the First Cyber Insurance Case



Similar documents
Italian Tax Reform. New legislation on abuse of law and statute of limitations. Abuse of law and tax avoidance. Introduction

Removal of Credit Ratings References

Payday Loans Under Attack: The CFPB's New Rule Could Dramatically Affect High-Cost, Short-Term Lending

Launch of Mutual Recognition of Funds Between Mainland China and Hong Kong

Health Care Entities Get Clarity from FCC on Telephone Communications

How Can the Automotive Industry Strengthen Its Regulatory Compliance Process and Reduce Its Compliance Risks?

How To Allow Sports Wagering In New Jersey

2014 Amendments Affecting Delaware Alternative Entities and the Contractual Statute of Limitations

Environment, Health And Safety. Ensuring Your Company s European Operations are Compliant with New EU Regulations and Enforcement Measures

Regulatory Implications of New Products and Services in the Australian Electricity Market

Ninth Circuit Opinion May Open Litigation Doors Most Thought Closed

DOE Announces Fundamental Shift in LNG Export Authorization Policy

SEC Staff Addresses Third-Party Endorsements of Investment Advisers on Social Media Websites

NIST Unveils Preliminary Cybersecurity Framework

Case 2:14-cv TS Document 45 Filed 05/11/15 Page 1 of 9 IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF UTAH

The Limited Liability Company and the Bankruptcy Code

ESTABLISHING A BUSINESS PRESENCE IN DUBAI

California Supreme Court Issues Ruling in Brinker Clarifying Employers Duty to Provide Meal and Rest Breaks to Hourly Employees

Insurance Coverage for Cyber Attacks

Supreme Court Clarifies Statute of Limitations Applicable to False Claims Act Whistleblower Suits Against Government Contractors

Supreme Court Decision Affirming Judicial Right to Review EEOC Actions

FILED May 21, 2015 Carla Bender 4 th District Appellate Court, IL

September Edition of Notable Cases and Events in E-Discovery

Acquisition Transaction Reinsurance: Key Concepts SEAN KEYVAN AND JEREMY WATSON, SIDLEY AUSTIN LLP

IN THE APPELLATE COURT OF ILLINOIS FIRST DISTRICT


ediscovery: Trends & Challenges

Insurance claims and losses in Spain. Procedural aspects of the Spanish legal system

Assignee Liability Is Extended by Massachusetts: Will Others Follow Suit?

Finance Alert. New Rules on Short Selling and Derivative Transactions in Germany. Introduction. Prohibition of Short Selling

IN THE COURT OF COMMON PLEAS OF PHILADELPHIA COUNTY FIRST JUDICIAL DISTRICT OF PENNSYLVANIA CIVIL TRIAL DIVISION

Insurance Coverage In Consumer Class Actions

Orient Overseas Assoc. v XL Ins. Am., Inc NY Slip Op 30488(U) February 26, 2014 Sup Ct, New York County Docket Number: /2013 Judge:

Additional Requirements for Lenders and Mortgage Servicers

2015 IL App (1st) U. No IN THE APPELLATE COURT OF ILLINOIS FIRST JUDICIAL DISTRICT

Global Real Estate Outlook

K&L Gates Insurance Coverage Practice

Client Alert. Accountants and Auditors as SEC Whistleblowers. Categories of Persons Eligible or Not Eligible for SEC Whistleblower Awards

In The Court of Appeals Fifth District of Texas at Dallas. No CV

Case 4:14-cv Document 39 Filed in TXSD on 07/08/15 Page 1 of 7 UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF TEXAS HOUSTON DIVISION ORDER

29 of 41 DOCUMENTS. SAN DIEGO ASSEMBLERS, INC., Plaintiff and Appellant, v. WORK COMP FOR LESS INSURANCE SERVICES, INC., Defendant and Respondent.

2016 IL App (1st) U. No IN THE APPELLATE COURT OF ILLINOIS FIRST DISTRICT

Henkel Corp v. Hartford Accident

FLORIDA S VALUED POLICY LAW: DOES A HOMEOWNERS POLICY COVER EXCLUDED PERILS? Travis Miller, Esq. (850)

DOING BUSINESS IN AUSTRALIA EMPLOYMENT LAW

THE THREAT OF BAD FAITH LITIGATION ETHICAL HANDLING OF CLAIMS AND GOOD FAITH SETTLEMENT PRACTICES. By Craig R. White

Tax Court Addresses Implied Waiver of the Attorney-Client Privilege

United States Court of Appeals

Reverse and Render in part; Affirm in part; Opinion Filed December 29, In The Court of Appeals Fifth District of Texas at Dallas

Dodd-Frank Whistleblower Provision

O P I N I O N A N D O R D E R. through her legal guardians, John and Crystal Smith, against Joseph M. Livorno,

Second Annual Conference September 16, 2015 to September 18, 2015 Chicago, IL

IN THE UNITED STATES COURT OF APPEALS FOR THE FIFTH CIRCUIT

In Win for CFPB, Federal Court Clarifies Scope of Substantial Assistance and Service Provider Provisions of Dodd-Frank Act

COURT OF APPEAL, FOURTH APPELLATE DISTRICT DIVISION ONE STATE OF CALIFORNIA

Illinois Official Reports

MASSACHUSETTS INSURANCE LAW UPDATE

IN THE UNITED STATES DISTRICT COURT FOR THE EASTERN DISTRICT OF PENNSYLVANIA

UNITED STATES DISTRICT COURT EASTERN DISTRICT OF MISSOURI EASTERN DIVISION

CRITICAL THINKING AT THE CRITICAL TIME CONSTRUCTION SOLUTIONS

Marketing and Branding in Recruitment. Robert Wegenek Squire Patton Boggs (UK) LLP

Transcription:

21 May 2015 Practice Groups: Insurance Coverage Cyber Law and Cybersecurity This article was first published by Law360 on May 18, 2015. Five Takeaways from the First Cyber Insurance Case By Roberta D. Anderson On May 11, 2015, in a case that is being widely celebrated as one of the first coverage rulings involving a cyber insurance policy, a federal court ruled that Travelers has no duty to defend its insured in Travelers Property Casualty Company of America, et al. v. Federal Recovery Services, Inc., et al. 1 Although the Travelers case does not involve cyber -specific coverage issues, the case nonetheless carries some important takeaways for insureds, insurers, and many other interested spectators. Here is a brief summary of the ruling and five key takeaways. The Facts The insured, Federal Recovery, was in the business of providing processing, storage, transmission, and other handling of electronic data for its customers, including Global Fitness. In particular, Federal Recovery agreed to process Global Fitness s gym members payments under a Servicing Retail Installment Agreement. 2 In the underlying litigation, Global Fitness brought suit against Federal Recovery alleging, essentially, that Federal Recovery wrongfully refused to return member account data to Global Fitness, including member credit card and bank account information. Global Fitness asserted claims for tortious interference, promissory estoppel, conversion, breach of contract, and breach of the implied covenant of good faith and fair dealing. 3 The Cyber Policy The policy at issue was a CyberFirst policy issued by Travelers. The policy included a Technology Errors and Omissions Liability Form, which stated that Travelers will pay those sums that [Federal Recovery] must pay as damages because of loss caused by an errors and omissions wrongful act. The key term errors and omissions wrongful act was defined to include any error, omission or negligent act. 4 In addition to covering potential damages, the Travelers policy provided defense coverage, stating that Travelers will have the right and duty to defend [Federal Recovery] against any claim or suit seeking damages for loss to which the insurance provided under one or more of your cyber liability forms applies. 5 1 No. 2:14-CV-170 TS, Slip Op. (D. Utah May 11, 2015) (Utah law). 2 Id. at 2-3. 3 Id. at 5. 4 Id. at 3. 5 Id. at 2.

Federal Recovery tendered the defense of the underlying Global action to Travelers, which initiated coverage litigation seeking a declaration of non-coverage. Travelers argued that it did not have a duty to defend [Federal Recovery] against the original or amended complaints in the Global action because Global [Fitness] does not allege damages from an error, omission or negligent act. 6 The Coverage Disputes: Scope of Coverage and Duty to Defend Although Travelers involves underlying cyber-related facts and a cyber insurance policy, the coverage issues arising out of the facts and policy certainly are not cyber-specific. Travelers declaratory judgment action raises two coverage disputes concerning: (1) the scope of coverage afforded by the technology errors and omissions policy at issue, as shaped by its key wrongful act definition; and (2) the scope of an insurer s duty to defend under Utah law. While arising in the context of cyber -related facts surrounding electronic account and payment data, and under a cyber insurance policy, the coverage disputes at issue in the Travelers case are precisely the types of disputes that we routinely see in the context of errors and omissions and other claims-made liability coverages. (1) The Scope of Coverage As to the scope of coverage, errors and omissions, D&O, professional liability, and other claims-made policies, like the policy at issue in the Travelers case, typically cover wrongful acts, a term that typically in turn is defined as any negligent act, error, or omission, or similar verbiage. There are scores of cases addressing whether intentional and nonnegligent acts fall within or outside the purview of a covered wrongful act. Unfortunately, and in contrast to other decisions, the United States District Court for the District of Utah in the Travelers case took a narrow view of the key language, ruling that [t]o trigger Travelers duty to defend, there must be allegations in the [underlying] action that sound in negligence. 7 The court further found that there were no such allegations. 8 In contrast, other courts have appropriately upheld coverage for various types of intentional and non-negligent conduct under errors and omissions and other claims-made policies. As one commentator has summarized: [C]laims-made policies typically afford coverage for claims by reason of any negligent act, error or omission. What if an insured is held liable for a non-negligent act? Most courts have held that the insured is still entitled to coverage. The strongest argument in favor of that conclusion is that (i) an error or omission encompasses more than negligent conduct, and (ii) if only negligent errors and negligent omissions were covered, the error or omission language would be rendered redundant. 9 6 Id. at 7. 7 Id. at 8. 8 Id. 9 Allan D. Windt, 2 Insurance Claims and Disputes 4th 11:5 (2003) (emphasis added). 2

To the extent some may wish to reference other cases addressing cyber -related fact patterns, those cases exist. For example, in 1995, the Supreme Judicial Court of Massachusetts in USM Corp. v. First State Ins. Co. 10 upheld coverage under an errors and omissions policy for a breach of express warranty claim involving the insured s failure to develop and deliver a turnkey computer system that would perform certain functional specifications. The errors and omissions policy at issue in the USM case, similar to the policy at issue in the Travelers case, covered claims against the insured by reason of any negligent act, error or omission. 11 Also, the insurers in USM, like the insurers in Travelers, argued that the policy only covered the insured for negligent acts. The USM court rejected the insurers arguments, noting that courts have not limited coverage under errors and omissions policies to circumstances involving negligence: Other courts have not limited liability under errors and omissions policies to circumstances involving negligence, but have recognized certain nonnegligent errors as being within the coverage afforded. Cases involving the words such as negligent act, error or omission (the crucial language of the policies before us) have not consistently determined that an error must be a negligent one if coverage is to be available. *** Because some, but not all, judicial opinions have rejected the interpretation of errors and omissions policies for which the insurers contend, if it was the insurers intention, the crucial words of the policy should have been amended to eliminate the ambiguity and to make clear that coverage extended only to negligent errors. Potential policyholders could then have more accurately determined whether such coverage met their needs. Because of the uncertainty about the scope of the word error, the insurers as authors of the policies must suffer the consequences of the ambiguity. 12 The New York Appellate Division s decision in Volney Residence, Inc. v. Atlantic Mut. Ins. Co. 13 is likewise instructive. In that case, the Appellate Division held that the insurer had a duty to defend a federal RICO action in which the insured defendants were alleged intentionally to have committed acts of self-dealing and fraud. 14 Applying well-established rules of contract interpretation, the court ruled that there was a duty to defend: The policy provision in question covers claims arising from a negligent act, error or omission, which term is defined as any negligent act, error or omission or breach of duty of [the] directors or officers while acting in their capacity as such. The definition is susceptible of more than one meaning and can be understood to cover any breach of duty of the directors or 10 652 N.E.2d 613 (Mass. 1995). 11 Id. at 614. 12 Id. at 614-15 (emphasis added). 13 600 N.Y.S.2d 707 (N.Y. App. Div. 1993). 14 Id. at 707. 3

officers, not exclusively negligent breaches of duty. Ambiguities in an insurance policy are to be resolved against the insurer. 15 Other cases are to the same effect. (2) Scope of the Duty to Defend Turning to the separate issue of the duty to defend, it is well established that the duty to defend is very broad broader than the duty to indemnify. The duty to defend is typically triggered if there is some potential for coverage and, in many jurisdictions, it is appropriate to look outside the facts pled in the underlying complaint to determine whether there is a duty to defend. 16 Again, unfortunately, the court in the Travelers case took a narrow view of the insurer s duty to defend. Even assuming for the sake of argument that the policy covered only negligence, the underlying complaint alleged, among other things, that Federal Recovery retained possession of Member Accounts Data, including the Billing Data, which was the property of Global Fitness. 17 Allegations surrounding improper retention of data, even if that retention ultimately was wrongful or not legally justifiable, clearly may arise out of negligence as opposed to intentional conduct. Travelers Takeaways Putting aside the ultimate merits of the court s ruling, and whether this case addresses any coverage issues that are appropriately characterized as cyber issues, Travelers offers at least five key takeaways: First, Second, Third, 15 Id. (original emphasis). Travelers illustrates that decisions involving cyber insurance policies are coming and, considering all of the attention and buzz surrounding an otherwise seemingly mundane errors and omissions case, insureds and insurers alike are anxiously awaiting and anticipating the guidance those decisions may provide. Travelers underscores that the types of coverage disputes that we will see arise out of cyber -related facts and, under cyber insurance policies, often will involve, or at least will intertwine with, the types of disputes that routinely arise in connection with traditional insurance coverages, including errors and omissions coverage and general liability coverage. This is useful for insureds to appreciate toward the goal of being prepared for future potential coverage disputes under cyber policies. Travelers underscores the importance of securing a favorable choice of forum and choice of law in insurance coverage disputes. Until the governing law applicable to an insurance contract cyber or otherwise is 16 See, e.g., Frontier Insulation Contractors, Inc. v. Merchants Mut. Ins. Co., 690 N.E.2d 866, 869 (N.Y. 1997 ( If any of the claims against the insured arguably arise from covered events, the insurer is required to defend the entire action. ); New York City Hous. Auth. v. Commercial Union Ins. Co., 734 N.Y.S.2d 590, 592 (N.Y. App. Div. 2001) ( An insurer s duty to defend is broader than the duty to indemnify and arises whenever the allegations of the complaint against the insured, liberally construed, potentially fall within the scope of the risks undertaken by the insurer. ). 17 Travelers, Slip Op. at 4-5. 4

Fourth, Fifth, established, the policy can be, in a figurative and yet a very real sense, a blank piece of paper. Although its label as a first cyber case is debatable, Travelers at a minimum has spotlighted the approaching disputes under cyber liability policies, which should remind insureds of the need to be prepared for, in addition to the traditional types of coverage issues and disputes that can arise under those policies, the potential cyber -specific coverage issues and disputes that may arise, such as, for example, the scope of coverage for cloud - related exposures. Travelers illustrates the importance of obtaining the best possible policy cyber language at the initial coverage placement and renewal stage. Unlike some types of traditional insurance policies, cyber policies are extremely negotiable, and the insurer s off-the-shelf language can often be significantly negotiated and improved often for no increase in premium. It is important for the insured to understand its unique potential risk profile and exposure and what to ask for from the insurer. Often in coverage disputes, the issue of coverage comes down to a few words, the sequence of a few words, or even the position of a comma or other punctuation. It is important to get the policy language right before a dispute. And while the Travelers case addresses coverage issues that are not cyber -specific, the fundamentals of successfully pursuing coverage under traditional insurance coverage are important to keep in mind as we enter a time and space in which coverage disputes based on underlying cyber -related factual scenarios, and under specialized cyber insurance coverages, are poised to become commonplace. Author: Roberta D. Anderson roberta.anderson@klgates.com +1.412.355.6222 Anchorage Austin Beijing Berlin Boston Brisbane Brussels Charleston Charlotte Chicago Dallas Doha Dubai Fort Worth Frankfurt Harrisburg Hong Kong Houston London Los Angeles Melbourne Miami Milan Moscow Newark New York Orange County Palo Alto Paris Perth Pittsburgh Portland Raleigh Research Triangle Park San Francisco São Paulo Seattle Seoul Shanghai Singapore Spokane Sydney Taipei Tokyo Warsaw Washington, D.C. Wilmington K&L Gates comprises more than 2,000 lawyers globally who practice in fully integrated offices located on five continents. The firm represents leading multinational corporations, growth and middle-market companies, capital markets participants and entrepreneurs in every major industry group as well as public sector entities, educational institutions, philanthropic organizations and individuals. For more information about K&L Gates or its locations, practices and registrations, visit www.klgates.com. This publication is for informational purposes and does not contain or convey legal advice. The information herein should not be used or relied upon in regard to any particular facts or circumstances without first consulting a lawyer. 2015 K&L Gates LLP. All Rights Reserved. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information