Insights
Publications

New Case Highlights Deep Hole in Cyber Insurance Policies

6/30/2015 Blog
Dennis M. Cusack

Insurance policies covering data breach liability began appearing roughly ten years ago. We noted then a troublesome provision in some forms that seemed to exclude coverage for the insured’s failure to maintain data security – in other words, the very risk the insured was seeking to insure. We’ll call it the “Mistake Exclusion.”  One AIG form from 2006, for example, excluded coverage arising out of “your failure to take reasonable steps to use, design, maintain and upgrade your security.” A 2009 Darwin form excluded coverage for any claim arising out of  “any failure of an Insured to continuously implement the procedures and risk controls identified in the Application for this insurance.” But isn’t liability insurance supposed to do just that – protect against the insured’s mistakes, innocent or negligent? We hoped and expected that as the market for these policies matured, savvy brokers and risk managers would insist that these Mistake Exclusions be removed or substantially narrowed. But that has not happened.

We now have the first case we are aware of by an insurer seeking to enforce a Mistake Exclusion. In Columbia Casualty Company v. Cottage Health Systems, filed May 7, 2015 in the U.S. District Court in Los Angeles, Columbia seeks to enforce an exclusion barring coverage for a data breach claim arising out of any “failure of an Insured to continuously implement the procedures and risk controls identified in the Insured’s application for this Insurance and all related information submitted to the Insurer in conjunction with such application whether orally or in writing.” Columbia’s complaint arises out of a class action suit against Cottage alleging that, for a period of two months in 2013, 32,500 patient records were accessible via the Internet. Cottage had hired a third-party vendor to store Cottage’s records electronically and that vendor mistakenly set the File Transfer Protocol settings to allow public access. Columbia funded Cottage’s defense and settlement, but is suing to recover all of its payments from Cottage.

Read the full blog post: New Case Highlights Deep Hole in Cyber Insurance Policies

Firm Highlights

Publication

Using Multi-Factor Authentication as a Prerequisite to Cyber Liability Coverage

Multi-factor authentication (MFA) is more than an annoying popup or text message when logging onto a company’s website or platform. Not only is using MFA a sound security practice and good business, it is frequently...

Read More
Publication

Maximizing Your Insurance Coverage for Data Privacy Liability

With news of massive data breaches making headlines in recent years, the handling of personal data has become a focus for legislators and regulators around the world. Compliance with data privacy regulations such as the...

Read More
Publication

A Promise To Pay Is Just That: Two Courts Reject Insurers’ Bids To Escape Their Coverage Obligations by Complaining About Third Party Recoveries or Reductions in Liabilities

An insurer in Washington could not eliminate its coverage obligation based on its insured’s recovery from a third party.  T-Mobile USA, Inc. v. Steadfast Ins. Co., et al ., No. 82704-9-I, 2022 WL 17246715...

Read More
News

Patrick Loi Selected to MCCA Sources of Success Program

Read More
Publication

Breach Cases Hint At Liability Coverage For Mobile Losses

More and more, companies generate revenue through the use of their customers' or users' mobile devices. This interaction takes many forms, from collecting transaction fees for mobile payments or cryptocurrency purchases to generating advertising...

Read More
News

Chambers USA 2023 Recognizes Farella Braun + Martel Lawyers, Practices

Farella Braun + Martel is pleased to announce that Chambers USA has recognized 16 lawyers and six practice areas in the legal directory’s 2023 edition. Individual California and Western U.S. Rankings: Sarah Bell &ndash...

Read More
Publication

Nonprofit Basics: Insurance Coverage for the New Nonprofit

Welcome to EO Radio Show – Your Nonprofit Legal Resource . Risk management for a nonprofit starts with good governance, effective management and appropriate policies for employment practices, conflicts of interest and financial management...

Read More
Publication

Fire Preparedness for Vineyards and Wineries

Winter, spring, summer, fire season, and fall – as Californians, we have all become accustomed to a fifth season – fire season. Even worse, fire season was once confined to just a few months...

Read More
Publication

Caught in the Crossfire — How Will the War Exclusion Affect Commercial Policyholders?

The war exclusion has received a lot of attention over the past year, particularly since Russia invaded Ukraine in February. Policyholders’ concern that insurers will assert the exclusion as a basis to deny coverage...

Read More
Publication

More Stringent California Claim Law Could Benefit Policyholders

To combat a perceived litigation tactic by plaintiffs counsel of using settlement demands within policy limits to set up insurers for bad faith, insurance company associations lobbied for statutory clarification to avoid uncertainty around...

Read More