Cyber Liability Insurance Coverage Makes News Again
Cyber Liability Insurance Coverage Makes News Again02.01.2016
A cyber liability insurance coverage case pending in Federal Court in Utah made news again last week regarding whether Travelers Insurance Company properly denied defense coverage in an underlying cyber case, and it continues to bear watching.
The case, Travelers Property Casualty Company v. Federal Recovery Services, Inc., has been getting attention since last May as there has been a scarcity of cyber liability coverage decisions, most of which addressed whether older CGL policies cover privacy and cyber risks. Late last year, for example, the 7th Circuit in Defender Security Company v. First Mercury Insurance Company held that the insurer did not have a duty to defend a consumer action alleging electronic violations of privacy. Defender argued for coverage under the personal or advertising injury part that defined such injury as “oral or written publication of material that violates a person’s right to privacy”. The 7th Circuit held that the mere recording and storage of information could not reasonably be construed as “publication’, and concluded that First Mercury therefore had no duty to defend.
The cyber-CGL coverage debate at some point should become moot as the newer CGL polices tend to specifically exclude such exposure. In this connection, prior to May 2014, the unendorsed ISO CGL coverage form states that the insurance does not apply to damages arising out of “(t)he loss of, loss of use of, damage to, corruption of, inability to access, or inability to manipulate electronic data.”. ISO issued a new mandatory endorsement effective May 2014 that provides the insurance does not apply to damages arising out of, “(a)ny access to or disclosure of any person’s or organization’s confidential or personal information, including patents, trade secrets, processing methods, customer lists, financial information, credit card information, health information or any other type of nonpublic information.” Under post May 2014 ISO CGL policies then, there should no coverage for data breach lawsuits requiring businesses to examine its cyber liability coverage needs.
This has made the Travelers v. Federal case worthy of some attention given the lack of cyber liability policy decisions, and U.S. District Court has issued two decisions thus far in the case. First, in May 2015, the Court held that Travelers has no duty to defend when the only allegations are that Federal Recovery purposely withheld data and the cyber liability policy’s insuring agreement requires an “error, omission or negligent”. This is not an earth shattering conclusion other than the District Court applied well settled coverage principles to a cyber liability policy. The case did not go away, however, as Federal Recovery then filed a countersuit accusing Travelers with breach of the implied covenant of good faith and fair dealing, breach of contract, and breach of fiduciary duty
Last month, in the same Travelers v. Federal case, the District Court held that Federal Recovery could proceed with its breach of good faith claim. Federal Recovery’s broker had testified that he was told by Travelers to wait to file a claim until formal papers in the underlying data breach lawsuit had been served, and the Court concluded that “(f)actual issues preclude summary judgment on this charge” based on Federal recovery’s expert testimony that Travelers’ conduct “is contrary to industry customs, practices and standards.”’ The District Court did dismiss Federal Recovery’s breach of contract and breach of fiduciary claims stating that it could not “seek to relitigate the same issue.” Once again, while not unique to coverage litigation, given it is one of the only active coverage cases involving a cyber liability policy, it will be interesting to see if anything noteworthy for future cyber coverage actions comes out of this case.
All information provided in this blog is for informational purposes only. The sources used are presumed accurate. Lancer Claims Services, Brown & Brown Program Insurance Services, Inc. and Brown & Brown, Inc. will not be liable for any errors, omissions, losses, injuries or damages arising from its display or use and will not assume responsibility for any misguided information. No guarantees are implied.