Insights
Publications

New Case Highlights Deep Hole in Cyber Insurance Policies

6/30/2015 Blog

Insurance policies covering data breach liability began appearing roughly ten years ago. We noted then a troublesome provision in some forms that seemed to exclude coverage for the insured’s failure to maintain data security – in other words, the very risk the insured was seeking to insure. We’ll call it the “Mistake Exclusion.”  One AIG form from 2006, for example, excluded coverage arising out of “your failure to take reasonable steps to use, design, maintain and upgrade your security.” A 2009 Darwin form excluded coverage for any claim arising out of  “any failure of an Insured to continuously implement the procedures and risk controls identified in the Application for this insurance.” But isn’t liability insurance supposed to do just that – protect against the insured’s mistakes, innocent or negligent? We hoped and expected that as the market for these policies matured, savvy brokers and risk managers would insist that these Mistake Exclusions be removed or substantially narrowed. But that has not happened.

We now have the first case we are aware of by an insurer seeking to enforce a Mistake Exclusion. In Columbia Casualty Company v. Cottage Health Systems, filed May 7, 2015 in the U.S. District Court in Los Angeles, Columbia seeks to enforce an exclusion barring coverage for a data breach claim arising out of any “failure of an Insured to continuously implement the procedures and risk controls identified in the Insured’s application for this Insurance and all related information submitted to the Insurer in conjunction with such application whether orally or in writing.” Columbia’s complaint arises out of a class action suit against Cottage alleging that, for a period of two months in 2013, 32,500 patient records were accessible via the Internet. Cottage had hired a third-party vendor to store Cottage’s records electronically and that vendor mistakenly set the File Transfer Protocol settings to allow public access. Columbia funded Cottage’s defense and settlement, but is suing to recover all of its payments from Cottage.

Read the full blog post: New Case Highlights Deep Hole in Cyber Insurance Policies

Firm Highlights

Publication

Are Communications With Your Insurance Broker Privileged Under New York Law?

Discussions with an insured’s insurance broker are often an important part of the negotiation process for insurance claims. Brokers can provide valuable insights on the drafting and underwriting of the insurance policy as well...

Read More
News

Erica Villanueva Inducted Into American College of Coverage Counsel

Read More
Publication

Upside: What You Need To Know About Representation and Warranty Insurance

The allocation of post-transaction risk is a key area where bids for assets can differentiate themselves. And representation of warranty insurance is a great arrow to have in your quiver, whether you're a seasoned...

Read More
News

Farella Braun + Martel Announces Five New Partners

Read More
News

Legal Experts Say Opioid Coverage Disputes Far From Over

Shanti Eagle was quoted in Law360 's article "Legal Experts Say Opioid Coverage Disputes Far From Over."  Read the article here (subscription required).

Read More
Publication

The War Exclusion in a Time of War

The “war” exclusion has gotten more attention over the past couple of weeks in light of Russia’s invasion of Ukraine. For good reason. This exclusion, common in property and liability policies alike, typically eliminates...

Read More
News

Calif. Wineries Prep for Coverage Fight for Wildfire Smoke

Tyler Gerking spoke to Law360 for the article "Calif. Wineries Prep for Coverage Fight for Wildfire Smoke."  An insurance recovery partner, Tyler said he has heard from many wineries and vineyards that have voiced concerns...

Read More
Publication

Upside: Changes in the VCAP Liability Coverage Market

Over the past few years, there's been a dramatic rise in premiums in the venture capital liability insurance market and a steady increase in claims being submitted under those policies. We're also seeing a...

Read More
Publication

Illinois Courts Largely Favor Coverage for BIPA Cases Under CGL Policies

Since Illinois passed its Biometric Information Privacy Act (BIPA) in 2008, there has been a proliferation of class action lawsuits filed pursuant to the statute. BIPA generally bars private entities from collecting, capturing, purchasing...

Read More
News

2022 Cannabis Insurance Market Update

Tyler Gerking was quoted in  PropertyCasualty360 's article "2022 Cannabis Insurance Market Update."  Read the full article here (subscription required). Watch the webinar "Cyber Insurance for the Cannabis Industry" here .

Read More