Tag Archive for: coverage

Silent cyber coverage here to stay? New Jersey Appellate Court rejects insurers’ attempt to expand scope of the war exclusions to cyber claims

/in


The War and Hostile Action Exclusions have been standard exclusions in property and general liability policies for decades. With the rise of cyber claims, insurers have turned to these exclusions to deny coverage where the bad actor may have governmental roots. In a win for policyholders, the New Jersey Appellate Division rejected the insurers’ attempt to deny coverage and held that the hostile/warlike action exclusion did not apply to non-military, cyber-attack claims. See Merck & Co. v. ACE American Insurance Co.1 This ruling affirms the traditional scope of these exclusions and establishes that coverage under a commercial property policy for property damage caused by cyber-related incidents, colloquially known as “silent cyber” coverage, persists.

Merck & Co. v. ACE American Insurance Co.

On June 27, 2017, New Jersey pharmaceutical company, Merck & Co. (“Merck”), suffered a cyber-attack that left thousands of Merck’s computers damaged and encrypted by the malware known as NotPetya. The malware caused large-scale disruption to Merck’s business, resulting in $699,475,000 in losses. Although the exact origin of the malware was unknown, it was believed to have originated from the Russian Federation.

Merck tendered the claim to its all-risk property insurance carriers. The insurers reserved their right to deny coverage pursuant to hostile/warlike action exclusions and then subsequently denied coverage. Specifically, these exclusions exclude coverage for “loss or damage caused by hostile or warlike action” which was caused by “any government or sovereign power . . . or by military, naval or air forces . . . or by an agent of such government . . . .”2 The insurers argued that the word “hostile” should be broadly read to mean any antagonistic, unfriendly, or adverse action by a government or sovereign power, including the Russian Federation. Rejecting the insurers’ argument, the trial court held that the hostile/warlike action exclusions were inapplicable to the NotPetya related claims. The insurers appealed.

The New Jersey Court of Appeals Narrowly Construed the Hostile/Warlike Action Exclusion

On appeal, the Court looked to the plain and ordinary…

Source…

Coverage Challenges in Ransomware Claims: Cyber Insurance Policies and Trends in Denials | Kohrman Jackson & Krantz LLP

/in


A consistent pattern emerges in data breach and cyber-attack cases when companies turn to their insurers for coverage after such incidents. Whether they possess specialized cyber insurance or not, insurers often decline claims, citing various reasons such as failure to provide timely notice, failure to mitigate costs, employee misconduct or criminal activity leading to the breach, or attributing the losses to a party not covered by the policy. This holds true for both General Casualty or Liability policies (GCL) and specialized cyber liability insurance policies, covering damage to electronic assets.

On December 22, 2022 the Ohio Supreme Court in EMOI Servs., L.L.C. v. Owners Ins. Co. ruled that an Ohio medical billing company’s cyber insurance policy did not cover a ransomware claim for damages because the insured could not demonstrate that there was “physical harm or damage” to the computers which housed the data, as required by the terms of the policy. The electronic policy noted that the coverage included:

“When a limit of insurance is shown in the Declarations under ELECTRONIC EQUIPMENT, MEDIA, we will pay for direct physical loss of or damage to “media” which you own, which is leased or rented to you or which is in your care, custody or control while located at the premises described in the Declarations. We will pay for your costs to research, replace or restore information on “media” which has incurred direct physical loss or damage by a Covered Cause of Loss. Direct physical loss of or damage to Covered Property must be caused by a Covered Cause of Loss.”

The insured argued that since the ransomware made the data inaccessible and unusable, the media suffered damage covered by the policy language. However, the Ohio court disagreed.

EMOI Servs., L.L.C. v. Owners Ins. Co. Case Overview

EMOI is an Ohio-based company assisting hospitals with medical billing, resulting in the handling of personal data, financial data, and Protected Health Information. In September of 2019, EMOI was the victim of a ransomware attack, where the attackers locked up files and demanded ransom. After obtaining a “test key” from the hackers to unlock a single data file,…

Source…

Ohio Supreme Court Upholds Denial of Coverage for Ransomware Attack Losses

/in


The Ohio Supreme Court recently reversed the decision of an appellate court and reinstated the trial court’s grant of summary judgment in favor of an insurer and against an insured company on the company’s claim for breach of contract and bad faith denial of insurance coverage relating to damages arising from a ransomware attack.

In so ruling, the Ohio Supreme Court held that because a ransomware attack caused no “direct physical loss of or damage to” the company’s software — a requirement for coverage under the policy at issue — the insurer was not responsible for covering the resulting loss.

A copy of the opinion in EMOI Servs., L.L.C. v. Owners Ins. Co. is available at: Link to Opinion.

As background, the insured company became the target of a ransomware attack when a hacker illegally gained access to the company’s computer systems and encrypted files needed for using its software and database systems. After looking into the timing and financial feasibility of recovering the files through the assistance of a third-party company, the insured company decided to pay the ransom.

At the time of the ransomware attack, the company was insured under a businessowners insurance policy issued by the defendant insurer. Thus, the insured company’s general manager contacted the insurer to file an insurance claim within a day of the attack. However, the insurer denied coverage because, among other reasons, there was no “direct physical loss of or damage to ‘media’,” as defined in the electronic-equipment endorsement in the policy.

The policy’s electronic-equipment endorsement provided:

When a limit of insurance is shown in the Declarations under ELECTRONIC EQUIPMENT, MEDIA, we will pay for direct physical loss of or damage to “media” which you own, which is leased or rented to you or which is in your care, custody or control while located at the premises described in the Declarations. We will pay for your costs to research, replace or restore information on “media” which has incurred direct physical loss or damage by a Covered Cause of Loss. Direct physical loss of or damage to Covered Property must be caused by a Covered Cause of Loss.

Furthermore, the…

Source…

Tops apps Android users should download now to get most secure coverage on their device

/in


THE very best apps for secure Android usage have been revealed by users across the internet.

Complex software is helping to meet the numerous security needs that come with safely using these devices.

Androids are at risk for getting hacked, but these app's have your phone's back

1

Androids are at risk for getting hacked, but these app’s have your phone’s back

Regardless which Android phone you have, extra security features can only help safe smartphone use, SecurityDegreeHub (SDH) reported.

The following apps can help you meet your safety concerns.

AVAST

Avast offers up a free download, and paying a monthly subscription will give you access to the desired features.

They give you protection from malware, phishing, spyware, and damaging viruses such as Trojans.

Warning about 'wrong number' phishing scam that could cost you $1,000s
Android users warned over FluBot malware via text about 'missed delivery'

With the use of the Anti-Theft feature, subscribers can track their phone’s location and even control it remotely, according to SDH, while the “Sandbox” function acts as virus prevention.

Another plus is that iPhones can also use it, so if you like the app, pass it on to your Apple-cult friends.

LOOKOUT

Similar to Avast, Lookout is around to provide Android users with a one-stop-shop security experience.

In addition to covering all the basics, like phishing, malware, and even phone tracking, a System Advisor will check your OS to make sure root operations are functioning as they should.

Those needing an extra boost of protection can even get $1million Identity Theft Insurance for those with extensive risk, like security executives, according to SDH.

ORBOT

Orbot is a free proxy app, and it is available to use for anyone 12 or older.

A huge focus of Orbot’s is to encrypt your internet browsing information, with the use of several computers SDH said.

This encryption process makes internet browsing private, so watching and messaging anything you’d like remains for your eyes only.

The app is 100 percent free, and it was put forth by the Guardian Project, which focuses on protecting and masking the identities of internet users who wish to keep their treasured information non-public.

Source…