James S. Carter and Amy J. Spencer
The “WannaCry” and “NotPetya” computer viruses that infected computer systems around the world in 2017 sounded a wakeup call. They demonstrated the power of a cyber event to disrupt the core operations of numerous companies and other organizations. Now some fear that another unpleasant surprise related to the 2017 virus attacks may be on the horizon—this time from the insurance industry. A recent lawsuit alleges that an insurer denied coverage for losses arising out of the “NotPetya” virus based on an exclusion for “hostile and warlike actions.” A version of this war exclusion appears in virtually all insurance policies, including cyberinsurance policies, which are supposed to address cyber events like “WannaCry” and “Not Petya.”
The lawsuit is Mondelez International, Inv. v. Zurich American Insurance Company. Filed late last year in Illinois state court, the policyholder, a snack food and beverage maker, alleges that it suffered a nightmare cyber scenario. Two separate intrusions of the “NotPetya” virus at different locations “rendered permanently dysfunctional approximately 1700 of [the policyholder’s] servers and 24,000 laptops.” According to the complaint, the virus caused property damage, commercial supply disruptions, unfulfilled customer orders, reduced margins, and other covered losses aggregating well in excess of $100,000,000. Continue reading “Recent Lawsuit Highlights Need for Careful Review of Cyberinsurance Policies”
James S. Carter
Businesses are increasingly purchasing dedicated cyber insurance policies to address their cyber and data security exposures. To date, however, many of the judicial decisions addressing insurance for cyber exposures have done so under other, more traditional, types of insurance policies such as commercial general liability (“CGL”) and commercial property policies. Some of these rulings have disappointed policyholders by concluding that such non-cyber insurance policies do not cover cyber exposures. But a recent decision by the United States Court of Appeals for the Fifth Circuit demonstrates that certain non-cyber policies potentially afford coverage for cyber exposures. In Spec’s Family Partners, Ltd. v Hanover Insurance Co., No. 17-20263, 2018 U.S. App. LEXIS 17246 (5th Cir. June 25, 2018), the court of appeals found that a contractual liability exclusion in a management liability policy did not excuse the insurer of its duty to defend its policyholder, a private company, against a claim arising out of a payment card data breach. Continue reading “Seeking Insurance Coverage for Data Breach Claims? A Recent Case Confirms that Certain D&O Policies Potentially Provide Coverage”
James S. Carter and Justin A. Chiarodo
Representations and Warranties (“R&W”) insurance has burst into the market in the last five years and now plays a key role in mergers and acquisitions (“M&A”) involving government contractors. Both private equity and strategic buyers use R&W insurance to improve their competitive position, and sellers benefit by avoiding escrows and holdbacks. In short, it can help get deals done. R&W insurance continues to evolve, and government contracts deals present unique challenges.
Below we discuss the basic aspects of this important insurance product and provide 10 tips for potential R&W policyholders to consider when evaluating policies. Continue reading “Helping Get Deals Done: 10 Tips to Assess Rep and Warranty Insurance Language in Government Services M&A Transactions”
James Carter, Omid Safa, and Jared Zola
At the beginning of 2017, many publications predicted that ransomware would be one of the most significant cyber threats of the year. The year is not even half over and that prediction appears to be coming true.
On Friday, May 12, 2017, tens of thousands of organizations and companies across the world fell victim to a virulent form of ransomware known as “WannaCry.” The global event has been recognized as one of the largest cyberattacks ever. Continue reading “Ransomware and Cyberinsurance”
Omid Safa, James S. Carter, and Jared Zola
This blog post is Part Two of our blog series and highlights several strategies for maximizing the value of a cyber insurance purchase. Part One of the blog series, highlighted the need for an organization to reevaluate its insurance coverage as part of a comprehensive strategy for addressing emerging cyber risks and outlined several ‘‘big picture’’ considerations relevant to any organization contemplating a cyber insurance purchase. This second part focuses on several strategies to consider when negotiating a cyber insurance purchase and seeking to customize a policy to align with an organization’s particular business needs. Continue reading “Managing Cyber Risks: Tips for Purchasing Insurance That Works for Your Business (Part 2)”
James S. Carter, Omid Safa, and Jared Zola
More insurers are offering stand-alone cyberinsurance policies than ever before. At the same time, there are very few decisions by courts regarding this relatively new breed of insurance policy. Most of the decisions construing insurance coverage for cyber risks to date involve other types of insurance policies, such as commercial general liability (“CGL”) and commercial crime policies. Although such cases may not involve cyber policies per se, buyers trying to navigate the cyberinsurance market ignore them at their peril. They illustrate the types of cyber incidents that have generated insurance coverage disputes significant enough to be litigated to decision. Familiarity with such cases can help buyers select and negotiate cyber risk policies with wording aimed at minimizing such disputes and increasing the scope and certainty of the coverage available to the policyholder.
Continue reading “Cyberinsurance Buyers Beware! Is the Past Prologue?”
Omid Safa, James S. Carter, and Jared Zola
With information technology impacting nearly every aspect of commerce in our “wired” economy, few issues present more concern to businesses today than cybersecurity. Cyberattacks continue to proliferate at an alarming rate and the threats facing companies continue to evolve and become more sophisticated with each passing day. The legal and financial costs associated with such events also grow more serious, as legislators, regulators, and customers insist on greater protection and impose more stringent requirements. Meanwhile, insurance companies have sought to limit the coverage available under traditional insurance policies with new exclusions aimed at cyber-related risks. As a result, it has become imperative for organizations to reevaluate their cybersecurity protocols and breach response plans—and their insurance coverage assets to help offset losses and liabilities associated with such events when all other safeguards fail. Increasingly, this means that companies must consider purchasing cyber-specific coverage to insure against these emerging risks and address the potential gaps in their traditional insurance programs. Continue reading “Managing Cyber Risks: Tips for Purchasing Insurance That Works for Your Business (Part 1)”