Insurance coverage for “Business Email Compromise” (BEC) scams is a hot issue being litigated by companies and their insurance providers in jurisdictions across the country. The Ninth Circuit is poised to issue what may be an influential decision after hearing oral argument this week in a coverage action initiated by an accounting firm that lost its client’s money to a BEC scam. Learn more from Orrick attorneys Darren Teshima and Harry Moren at our sister blog, Policyholder Insider.
Posts by: Harry Moren
The coverage landscape for “Business E-mail Compromise” (BEC) scams remains somewhat tenuous, as organizations and carriers continue to battle in court over the extent of coverage. Although recent positive, policyholder-friendly trends in the Eighth Circuit (hacker who took over a bank’s computer system) and federal district court in Georgia (scheme based on spoofing a CEO’s e-mail) found insurance coverage for fraudulently transferred funds, a recent unpublished Fifth Circuit opinion moves in the other direction. Unfortunately, this new ruling—and the uncertainty it creates—may embolden insurers in fighting coverage for these scams under crime insurance policies.
“Business Email Compromise” (BEC) scams are becoming an increasingly prevalent concern for businesses—the FBI reports that incidents have increased 1,300% since January 2015. A federal district court in Georgia recently ruled that a BEC scam in which a fraudster deceived an employee into wiring $1.72 million to an account in China was covered a under a commercial crime policy. The court rejected the insurer’s argument that the wire transfer was not directly caused by the BEC scam, and determined that the policy language was ambiguous about whether intervening events affected coverage, thus resolving the ambiguity in favor of the policyholder. At our sister blog Policyholder Insider, Darren Teshima and Harry Moren discuss why this ruling is good news for policyholders who have fallen victim to a BEC scam.
Non-cyber insurance policies often contain exclusions to limit or preclude coverage for data breaches. A Maryland federal district court recently addressed the scope of such exclusions. The court analyzed the meaning of “data” in data breach policy exclusions in a multimedia liability policy and concluded that the undefined term “data” did not include satellite television programming. Having found that the exclusions did not apply, the court held that the underlying lawsuit involving allegations of unauthorized access to satellite television programming triggered the insurer’s duty to defend the policyholder. At Orrick’s Policyholder Insider blog, Darren Teshima and Harry Moren discuss this decision’s rejection of an insurer’s attempt to avoid coverage by broadening the scope of these data breach exclusions.
A recent Eighth Circuit ruling on cybercrime coverage held that the issuer of a financial institution bond must cover a bank’s losses after a hacker’s malware attack resulted in unauthorized fund transfers. The court rejected the insurer’s claim that employee negligence—a factor in the loss—excluded coverage. This is a good decision for financial institutions and crime insurance policyholders, and Orrick attorneys Russell Cohen, Darren Teshima, and Harry Moren discuss the decision and its potential impact on coverage for the trending Business E-mail Compromise (BEC) scam.
This week, a Fourth Circuit panel in an unpublished decision validated arguments long made by policyholders: that commercial general liability policies may provide coverage for certain data breach liabilities. In this case, Travelers Indemnity Company v. Portal Healthcare Solutions, the appellate court affirmed the district court’s 2014 ruling that an insurer had the duty to defend a company that provides electronic medical record management services in a class action alleging that the company made patients’ confidential records publicly accessible by posting the records to an unsecured public website.
Your insurer wrongfully denies coverage—so you file a complaint in court, right? Not so fast! Many new insurance policies now include mandatory arbitration provisions. While at one time arbitration clauses were common only in policies issued by foreign insurers, they are now finding their way into policies issued by domestic insurers and in all types of coverages, including commercial liability insurance policies, D&O, E&O, employment liability, and cyber insurance. While the terms of these clauses vary, to the extent they are enforceable or cannot be negotiated out of the coverage, arbitration provisions close the courthouse doors to insurance disputes and force policyholders and their insurers to resolve disputed issues in private and free from judicial scrutiny. READ MORE
The time may be approaching when no distracted, intoxicated or fatigued driver ever causes an accident and automobile insurance as we know it becomes a thing of the past. If this seems like fantasy, only a few years ago, so did the reason: the “driverless” car—an idea that has fascinated the public for decades is quickly becoming a reality.
There has been a fair amount of discussion and commentary on insurance issues related to this new technology. An article last year in the Wall Street Journal posed the question, “How Do You Insure a Driverless Car?” The answer, it concluded, was not to be found any time soon, noting that insurance companies were unprepared for driverless, or autonomous, cars and were presently unable to evaluate or price the risk. But with the “Internet of Things” setting the pace for current technology trends, some commentators predict that autonomous cars will be common as soon as the year 2020, so it is not too early to think about the risk of driverless cars and the inevitable questions of insurance coverage related to this new risk and others like it. READ MORE
President Obama wants to go where the Supreme Court refused to tread. As part of his cybersecurity and privacy initiatives, which we discussed last week, the President would strengthen the federal anti-hacking provisions of the Computer Fraud and Abuse Act (CFAA), including an expansion of activity covered by the statutory phrase “exceeds authorized access.” In so doing, the President would resolve a circuit split between the First, Fifth, Eighth, Seventh, and Eleventh Circuits, on the one hand, and the Ninth and Fourth Circuits, on the other. His reason? “No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families.”
Happy New Year! For a sneak peek at the developments the year may bring to the legal landscape for insurance policyholders, here are five cases worth watching in 2015:
- Fluor Corporation v. Superior Court (Hartford Accident and Indemnity Company), No. S205889 (Cal. filed Oct. 10, 2012)
The California Supreme Court likely will issue its long-awaited decision in Fluor and, in doing so, may overturn its controversial 2003 decision concerning the assignment of insurance policies to successor corporations in Henkel Corporation v. Hartford Accident and Indemnity Company, 29 Cal. 4th 934 (2003). If the Court overturns Henkel,California would join the majority of states that permit a successor corporation to recover under the predecessor’s liability insurance policies for pre-assignment liabilities, regardless of a “no-assignment” provision in the policies. The Fluor case has been fully briefed for more than a year, and many California attorneys expected the Court to issue its decision in 2014. In the interim, California Governor Jerry Brown has recently appointed two new justices to the Court, which some commentators believe may push the court in a more liberal direction and could affect the Court’s decision. READ MORE