The War Exclusion and State-Sponsored Cyberattacks: The Battle Is Won but Is the War Over?

James S. Carter

Sovereign nation states have been behind (or suspected of being behind) some of the worst cyberattacks. When a cyberattack has state involvement, the inevitable question is whether it constitutes an act of war. The answer can have a profound impact on insurance coverage because virtually every insurance policy has a war exclusion. In a case of first impression, a New Jersey trial court recently addressed whether a war exclusion applied to losses arising from the NotPetya cyberattack in 2017.[1]

The United States and several other countries contended that Russia was responsible for launching the NotPetya attack to destabilize Ukraine. NotPetya quickly spread beyond its intended targets in Ukraine, causing collateral damage to millions of computers worldwide. Among the many impacted organizations was the pharmaceutical company, Merck & Co. Inc., which suffered damage to 40,000 of its computers, costing it more than $1.4 billion.

Continue reading “The War Exclusion and State-Sponsored Cyberattacks: The Battle Is Won but Is the War Over?”

Is There a Glitch in Insurance Coverage for Social Engineering Scams?

James S. Carter

Social engineering scams seeking to deceive companies into making wire transfers to fraudulent bank accounts continue to plague companies. According to the FBI, social engineering fraud costs businesses billions of dollars each year. On top of the lost funds, social engineering scams can lead to substantial investigation costs and even litigation.

Many businesses trust their crime or fidelity insurance policies to protect them from social engineering losses. Insurers, however, take the position that such policies do not cover all social engineering scams. Depending on the type of social engineering scam or how it happens to play out, insurers may deny coverage, depriving the policyholder of valuable insurance protection. Continue reading “Is There a Glitch in Insurance Coverage for Social Engineering Scams?”

Credit Insurance: Insurance for Late Payments or Nonpayments

John A. Gibbons and James S. Carter

Recent events and the decline of the global economy have brought a raft of notices of late payments or no payments for creditors, lenders, landlords, and trade counterparties. In many instances there may be no notice at all, but rather just silence and a nonpayment. With the downturn and record number of layoffs and closures also comes the specter of further prolonged defaults and bankruptcies.

Is there insurance to protect against a nonpayment? Yes. Beyond Business Interruption / Business Income and other insurance policies that cover losses from recent events and business suspension losses, there is specific insurance designed to protect against the risk of nonpayment of a debt: Credit Insurance / Trade Credit Insurance.

What Is Credit Insurance?

Credit insurance protects those that purchase the insurance against the risk of nonpayment of an insured debt. Purchasers of credit insurance can fall within a wide array of businesses—lenders, exporters, commodity traders, product suppliers. Credit Insurance is typically used to protect a company’s own account receivables (“AR”) against the risk of nonpayment. Continue reading “Credit Insurance: Insurance for Late Payments or Nonpayments”

Recent Lawsuit Highlights Need for Careful Review of Cyberinsurance Policies

James S. Carter and Amy J. Spencer

The “WannaCry” and “NotPetya” computer viruses that infected computer systems around the world in 2017 sounded a wakeup call. They demonstrated the power of a cyber event to disrupt the core operations of numerous companies and other organizations. Now some fear that another unpleasant surprise related to the 2017 virus attacks may be on the horizon—this time from the insurance industry. A recent lawsuit alleges that an insurer denied coverage for losses arising out of the “NotPetya” virus based on an exclusion for “hostile and warlike actions.” A version of this war exclusion appears in virtually all insurance policies, including cyberinsurance policies, which are supposed to address cyber events like “WannaCry” and “Not Petya.”

The lawsuit is Mondelez International, Inv. v. Zurich American Insurance Company. Filed late last year in Illinois state court, the policyholder, a snack food and beverage maker, alleges that it suffered a nightmare cyber scenario. Two separate intrusions of the “NotPetya” virus at different locations “rendered permanently dysfunctional approximately 1700 of [the policyholder’s] servers and 24,000 laptops.” According to the complaint, the virus caused property damage, commercial supply disruptions, unfulfilled customer orders, reduced margins, and other covered losses aggregating well in excess of $100,000,000. Continue reading “Recent Lawsuit Highlights Need for Careful Review of Cyberinsurance Policies”

Seeking Insurance Coverage for Data Breach Claims? A Recent Case Confirms that Certain D&O Policies Potentially Provide Coverage

James S. Carter

Businesses are increasingly purchasing dedicated cyber insurance policies to address their cyber and data security exposures. To date, however, many of the judicial decisions addressing insurance for cyber exposures have done so under other, more traditional, types of insurance policies such as commercial general liability (“CGL”) and commercial property policies. Some of these rulings have disappointed policyholders by concluding that such non-cyber insurance policies do not cover cyber exposures. But a recent decision by the United States Court of Appeals for the Fifth Circuit demonstrates that certain non-cyber policies potentially afford coverage for cyber exposures. In Spec’s Family Partners, Ltd. v Hanover Insurance Co., No. 17-20263, 2018 U.S. App. LEXIS 17246 (5th Cir. June 25, 2018), the court of appeals found that a contractual liability exclusion in a management liability policy did not excuse the insurer of its duty to defend its policyholder, a private company, against a claim arising out of a payment card data breach. Continue reading “Seeking Insurance Coverage for Data Breach Claims? A Recent Case Confirms that Certain D&O Policies Potentially Provide Coverage”

Helping Get Deals Done: 10 Tips to Assess Rep and Warranty Insurance Language in Government Services M&A Transactions

James S. Carter and Justin A. Chiarodo

Representations and Warranties (“R&W”) insurance has burst into the market in the last five years and now plays a key role in mergers and acquisitions (“M&A”) involving government contractors. Both private equity and strategic buyers use R&W insurance to improve their competitive position, and sellers benefit by avoiding escrows and holdbacks. In short, it can help get deals done. R&W insurance continues to evolve, and government contracts deals present unique challenges.

Below we discuss the basic aspects of this important insurance product and provide 10 tips for potential R&W policyholders to consider when evaluating policies. Continue reading “Helping Get Deals Done: 10 Tips to Assess Rep and Warranty Insurance Language in Government Services M&A Transactions”

Ransomware and Cyberinsurance

James Carter, Omid Safa, and Jared Zola

At the beginning of 2017, many publications predicted that ransomware would be one of the most significant cyber threats of the year. The year is not even half over and that prediction appears to be coming true.

On Friday, May 12, 2017, tens of thousands of organizations and companies across the world fell victim to a virulent form of ransomware known as “WannaCry.” The global event has been recognized as one of the largest cyberattacks ever. Continue reading “Ransomware and Cyberinsurance”

Managing Cyber Risks: Tips for Purchasing Insurance That Works for Your Business (Part 2)

Omid SafaJames S. Carter, and Jared Zola

This blog post is Part Two of our blog series and highlights several strategies for maximizing the value of a cyber insurance purchase. Part One of the blog series, highlighted the need for an organization to reevaluate its insurance coverage as part of a comprehensive strategy for addressing emerging cyber risks and outlined several ‘‘big picture’’ considerations relevant to any organization contemplating a cyber insurance purchase. This second part focuses on several strategies to consider when negotiating a cyber insurance purchase and seeking to customize a policy to align with an organization’s particular business needs. Continue reading “Managing Cyber Risks: Tips for Purchasing Insurance That Works for Your Business (Part 2)”

Cyberinsurance Buyers Beware! Is the Past Prologue?

James S. CarterOmid Safa, and Jared Zola

 

 

 

 

More insurers are offering stand-alone cyberinsurance policies than ever before. At the same time, there are very few decisions by courts regarding this relatively new breed of insurance policy. Most of the decisions construing insurance coverage for cyber risks to date involve other types of insurance policies, such as commercial general liability (“CGL”) and commercial crime policies. Although such cases may not involve cyber policies per se, buyers trying to navigate the cyberinsurance market ignore them at their peril. They illustrate the types of cyber incidents that have generated insurance coverage disputes significant enough to be litigated to decision. Familiarity with such cases can help buyers select and negotiate cyber risk policies with wording aimed at minimizing such disputes and increasing the scope and certainty of the coverage available to the policyholder.

Continue reading “Cyberinsurance Buyers Beware! Is the Past Prologue?”

Managing Cyber Risks: Tips for Purchasing Insurance That Works for Your Business (Part 1)

Omid Safa, James S. Carter, and Jared Zola

Safa, OmidCarter, James S.Zola, Jared With information technology impacting nearly every aspect of commerce in our “wired” economy, few issues present more concern to businesses today than cybersecurity. Cyberattacks continue to proliferate at an alarming rate and the threats facing companies continue to evolve and become more sophisticated with each passing day. The legal and financial costs associated with such events also grow more serious, as legislators, regulators, and customers insist on greater protection and impose more stringent requirements. Meanwhile, insurance companies have sought to limit the coverage available under traditional insurance policies with new exclusions aimed at cyber-related risks. As a result, it has become imperative for organizations to reevaluate their cybersecurity protocols and breach response plans—and their insurance coverage assets to help offset losses and liabilities associated with such events when all other safeguards fail. Increasingly, this means that companies must consider purchasing cyber-specific coverage to insure against these emerging risks and address the potential gaps in their traditional insurance programs. Continue reading “Managing Cyber Risks: Tips for Purchasing Insurance That Works for Your Business (Part 1)”

%d bloggers like this: