Cyber Insurance Claims and Coverage

The starting point for any organization seeking to understand cyber insurance claims and coverage is to understand potential cyber-related losses. It is only through this analysis that corporate policyholders can understand what cyber insurance should cover.  For illustration purposes, we examined four prominent cyber-related incidents and the fall out associated with each incident.

Insurance Recovery Issues For Corporate Policyholders

1. Cyber-Related Losses

Yahoo

Yahoo

In 2013 and 2014, roughly 1 billion Yahoo user accounts were breached. This resulted in a series of governmental investigations, numerous lawsuits alleging, among other things, gross negligence and breach of various data protection laws.  Yahoo was also forced to renegotiate its sale to Verizon at a $350 million loss

Target

Target

In 2013, 40 million debit and credit card numbers were stolen at various Target stores across the country. This resulted in a plethora of consumer lawsuits, bank lawsuits, state AG claims, and a series of credit card company claims seeking reimbursement for losses they suffered as a result of Target’s breach. Target faced roughly $240 million in reported loses for fraudulent charges, with overall expenses exceeding $290 million.  Target also suffered massive financial losses in the 4th quarter of 2013.

Anthem

Anthem

In 2015, Anthem suffered a customer database breach impacting 69 to 80 million customers. This resulted in more than 50 class action lawsuits, a series of state AG claims and a number of prominent governmental investigations. Reported losses were in the billions of dollars. A significant portion of Anthem’s loss was the cost of notifications to customers as required by law.

Sony

PlayStation

In 2011 cyber criminals targeted Sony’s PlayStation network, resulting in the loss of personal and credit card information.  102 million people were impacted, and the gaming system was temporarily interrupted. This resulted in the filing of roughly 65 class action lawsuits, with reported losses of $171 million.

2. What Cyber Insurance Should Cover

this sampling of incidents illustrates, in a very basic way, some of the main areas that cyber insurance should cover. These include:

  • Coverage for the costs of defending and settling governmental Investigations, including the recovery of regulatory fines and penalties imposed;
  • Class action and consumer lawsuit defense and settlement coverage;
  • Coverage for credit card reimbursements;
  • Coverage for notification expenditures;
  • Coverage for remediation costs and forensic investigations;
  • Coverage for losses caused by the interruption of business, lost business, and related financial losses.

3. How Insurance Carriers Have Responded to Cyber Claims

The insurance industries response to each of these kinds of losses is, for the most part, to vigorously fight against coverage. The number of cases working their way through the courts on cyber insurance denials is astounding, as are the reasons for denials.

For example, with governmental investigations, insurers routinely contended that no coverage is afforded unless the policyholder has been sued. Then, even if the policyholder is sued by the government, insurers argue that damages associated with governmental settlements are not covered because of alleged policyholder wrongdoing. Similarly, for credit card reimbursement exposures, insurers argue that contractual liability exclusions preclude coverage, even though case law holds to the contrary.   And, for business related losses, insurers routinely contend that no coverage is provided because insurers did not anticipate covering these kinds of losses.  In many instances, insurers are taking these positions, irrespective of case law finding coverage, and irrespective of policy language affording coverage.

There is a solution, but it requires a thorough understanding case law, policy language, and the law pertaining to how insurance provisions are construed.

A good insurance broker is critical to securing the best possible cyber insurance coverage.  Insurance brokers have an understanding of what insurers are selling.  This is valuable, because there are no standards for cyber coverage.  Different insurers approach the same problem from different angles.  Insurance brokers, however, typically do not opine on what the policies cover, as this is a legal function, and brokers do not practice law.

For this reason, sophisticated corporations often  seek an independent legal review of their cyber-insurance programs.

Seeing opportunity, law firms have also jumped into this hot new area, with newly minted cyber-experts available to review corporate insurance policies.  These lawyers can talk circles around most anyone when it comes to cyber-buzz words, but, when it comes to insurance coverage, they have little judgment or experience, and their counsel, quite frankly, is not that helpful.  Others have a great deal of experience, but their experience comes from representing insurance companies.

Insurance Company Lawyers have this certain mindset . . . .

There are many Insurance company lawyers who represent insurers , but also sell their “cyber-review” services to policyholders.  Their marketing materials claim that no one knows better then them as to what the policies cover — as they drafted them in the first instance.  Ethically, these firms see no legal conflicts in doing this, as long as things don’t get too contentious.  Even if they are correct on the conflicts issue, insurance company lawyers have the wrong mindset for this kind of work.  Insurance company lawyers are trained from day one not to see coverage.  They place emphasis on irrelevant things, like what insurers like to do, rather than policy language, which is the determining factor for coverage.

For additional information cyber insurance coverage, please see Cyber Insurance Claim Denials, Computer Fraud: Two Similar Scams, Two Very Different Insurance Outcomes, Cyber and Intellectual Property Claims, The Wild Wild West of Cyber Insurance, Strategies for Addressing Cloud Computing Insurance Risks.

The Role of An Insurance Broker: To Keep Lawyers from Giving Advice?


In today’s blog post, Mark Miller addresses another issue pertaining to the role of insurance broker claims advocates, namely a misperception that some brokers have about the best way to maximize insurance claim value.  Here, Mark addresses a recent visit with a prominent insurance broker seeking referrals from Miller Friel. During that visit, the brokers proudly touted marketing materials about everything they had to offer.  One of the ways this broker thought they were creating value, was by preventing lawyers from providing advice regarding the scope of insurance coverage.  This prompted us to think about some of the most successful insurance recoveries we have had for corporate clients and how best to use insurance brokers in the process.

Does a Divided Approach Make Sense? 

On one hand, what the broker is saying makes some sense. This broker was really touting its ability to help policyholders settle claims as insurance broker claims advocates.  Helping policyholders settle insurance claims is an important function of brokers.  Brokers know the right people at the insurance companies, and in many instances, they help settle claims.  It only makes sense to leverage contacts.

On the other hand, what this broker is saying is completely foolish.  Brokers know a lot of things.  They know what insurance companies have paid on claims in the past.  Brokers know how insurance companies handle claims.  And, oftentimes, brokers know what insurance companies might be willing to pay.  But, all of this has nothing to do with what is covered under the insurance policies.  Insurance policy coverage is purely a legal issue that has nothing to do with insurance company custom and practice, or what an insurance company is happy to pay to settle a claim.  Insurance coverage is controlled by the law, and despite what insurance brokers do, most don’t practice law all that well.

The Role of Insurance Broker Claims Advocates and Lawyers

So, what is an insurance broker claims advocate and what is their role?  Lawyers use the word advocate quite seriously, recognizing their obligation to zealously advocate.  Insurance brokers use the word more as a marketing phrase, to illustrate that they are helpful in the process of settling claims.  What insurance broker claims advocates do is more akin to a lobbyist than an advocate.  Insurance broker claims advocates work with insurance companies to see if they can find common ground on a claim.  They leverage their contacts to get meetings with insurers.  Like a lobbyist, they provide access and contacts.  They don’t, however, advocate for coverage in the way that insurance coverage lawyers are bound to do for their clients.

In working with insurance brokers to settle some of the largest insurance claims in the country, we have found that there is a better way.  Brokers and lawyers are a team, not advocates against one another.  Each has a different but equally important function.  Lawyers determine what is covered based on the law and develop strategies to pressure the insurance carrier to pay.  This may include submission of legal analysis to the insurer to help them reverse their position on coverage, or it may include other dispute resolution mechanisms.  Brokers keep communications open with the insurer, and search for common ground. Together, the whole is much greater than the sum of its parts.

Please watch the video to learn more, or Contact us if you have any questions.

Continue reading

Why Insurance Carriers Prefer Insurance Coverage Arbitration Over Litigation

A question that corporate policyholders should ask before entering insurance coverage arbitration is whether arbitration is a viable way to resolve a complex corporate insurance dispute. In the not so recent past, arbitration provisions in insurance policies were rare. Now, they are common.   And, language contained in many standard-form arbitration clauses has become even more onerous over time. The reason for this is that Insurance Carriers prefer Insurance Coverage Arbitration over litigation.

Are Insurance Coverage Arbitrations a Good Option for Corporate Policyholders?

We address here some of the issues that corporate policyholders should note when faced with an insurance coverage arbitration.  We also draw some basic conclusions about insurance coverage arbitration based on our extensive experience in this area of insurance recovery law.

First, lets look at some of the reasons why insurers feel so strongly about arbitration.

1)  Arbitrators May Not Follow Policyholder-Friendly Law

To prevail on claims, policyholders rely on powerful policyholder-friendly rules of construction. For example, there is a duty to defend whenever there is any potential of coverage.   Courts and arbitrators should not look to the ultimate outcome of whether the claim is covered. Rather, if a claim has any possibility of being covered, a defense must be provided. Similarly, policy exclusions are construed against insurers and in favor of policyholders, and for an exclusion to apply, there must be no other reasonable interpretation of coverage other than the one offered by the insurer.

It goes without saying that both arbitrators and Courts should follow the law.  If these and other common insurance rules of construction are applied, policyholders have a distinct advantage.

As a general rule, courts follow the law, and if the law is followed, policyholders are typically entitled to coverage. In litigation, if a Court does not follow the law correctly, an appeal may be taken.

Arbitration is a different animal. Review of arbitration awards is limited, and arbitrators are generally afforded more flexibility than courts in fashioning their rulings.  In insurance coverage arbitration, arbitrators may be permitted to evaluate factors that have nothing to do with coverage.  Arbitrators have been known to look at what a policyholder paid for coverage in relation to the value of the claim to determine what the insurer intended as far as coverage. They may also be improperly swayed by insurance industry custom and practice regarding what insurance companies think critical language means, rather than following the legal standard of interpreting insurance policy language.  These factors that arbitrators may be interested in considering cannot be considered in court, as they are legally and factually irrelevant to coverage.

Finally, some arbitrators are reluctant to apply standard rules of construction because these rules of law are designed to render black and white coverage determinations in favor of coverage. Applying these rules to most contested corporate insurance claims can lead to a ruling that the claim is covered.

To cloud the issue, insurance carriers typically raise as many possible defenses to coverage as possible, and push for devaluation of a claim, irrespective of the validity of their so-called defenses. Hence, even if the applicable legal rules mandate coverage, arbitrators can, either intentionally or unintentionally, open the door to legally invalid insurer defenses. Although this does not necessarily lead to an incorrect decision, it unnecessarily complicates the process.

2)  Arbitrators May Ignore Insurance Carrier Bad Faith 

Another problem with arbitration is that some arbitrators have been conditioned to give insurance carriers a pass on bad faith conduct, whereas courts and juries may be conditioned in the opposite direction. Insurance carriers have a fiduciary duty not to place their interests above those of their corporate policyholders. This is an exceptionally hard standard for insurance companies to meet. Pursuant to their responsibilities to shareholders.  Insurance companies are also obligated to maximize shareholder value. One way for insurance companies to increase net income is to limit expenses, which includes limiting payments on claims. These two competing burdens, one to shareholders, and another to policyholders, puts insurance companies in a uniquely difficult place. All too often, it is just too enticing to deny claims for financial reasons, which results in a  breach of their duty of good faith and fair dealing to corporate policyholders.  In the corporate insurance context, these damages can be immense.

Insurance carriers commit bad faith because it is difficult for them to reconcile pursuit of their interests with the idea that they are not permitted to place their interests ahead of corporate policyholders.

One reason why arbitrators in an insurance coverage arbitration  may not be inclined to award bad faith damages may be purely economic.  If such a ruling is issued, and the insurers are upset by that ruling, the arbitrator will not be proposed by the insurers to handle future insurance coverage arbitrations.

3)  Some Arbitrators May Find it Difficult to Side With Corporate Policyholders

Insurance companies hire arbitrators as part of their business.  They are repeat consumers of arbitration services.  They keep track of how arbitrators handle their insurance disputes. They know who is good for them, and who is not, and they are not about to take any chances by proposing an arbitrator who does not pass their internal results-oriented tests.

For this reason, arbitrators that routinely handle insurance coverage arbitrations are generally not the best choice for corporate policyholders.  Future work drives any service oriented business and arbitration is no exception.  Corporate policyholders should assume that experienced Insurance coverage arbitrators know that insurers can drive their future business.  Arbitrators need future work to remain employed, and insurers may not be inclined to agree to use an arbitrator again if that arbitrator finds against them in a high-dollar insurance coverage arbitration.

This is not to say that arbitrators cannot see their way through this morass and find for corporate policyholders.  Rather, it is one of many important issues for corporate policyholders to consider when selecting an arbitrator for an insurance coverage arbitration.

4)  Some Insurance Arbitration Organizations are Mere Extensions of Insurance Companies

Insurance carriers are always concerned about the possibility that an arbitrator who they have not vetted properly will be appointed for an insurance coverage arbitration.  To protect against this, insurers have formed specific trade associations disguised as arbitration tribunals. The most infamous of these is ARIAS.   ARIAS arbitrators have experience working for insurers, and they translate this knowledge into finding for insurers in arbitration.  An arbitration before ARIAS is like an arbitration with the insurance company claims adjuster who denied the claim acting as arbitrator.  Policyholders should never agree to an arbitration with an ARIAS arbitrator.

Conclusions

Insurance carriers favor insurance coverage arbitrations because insurance coverage arbitration is better at limiting insurer exposure than litigation.  A number of important lessons can be learned from understanding this, including:

1)  Policyholders should not agree to arbitration clauses in insurance policies;

2)  Policyholders should resist insurance company efforts to arbitrate, unless adequate precautions have been taken to select a neutral arbitrator;

3)  Arbitrators with extensive insurance coverage experience are likely not neutral; the fact that they have been repeatedly selected for insurance matters could mean that they have rendered numerous decisions favorable to insurers; and

4)  Arbitrators with minimal insurance experience are more likely to provide policyholders with a fair arbitration.

A good friend who runs the arbitration group for a major multinational corporation once said to me, “if you get the wrong arbitrator, you lose your case upon selection of that arbitrator, but you will not know it until years later.”  These are sound words to live by.

Cyber Insurance for Business Interruption Losses

Cyber insurance for business interruption losses is of great importance to business  This year business interruption ranked as the leading threat to companies globally, with cyber incidents acting as the primary trigger for associated losses. Domestically, cyber incidents, — cybercrime, data breaches and distributed delay of service attacks — surveyed as the single most critical risk to businesses. Commerce’s increased reliance on technology-driven solutions only compounds the detrimental impact of these disruptions.

The New Frontier of Cyber Insurance — Business Interruption Coverage

Miller Friel recently had the honor of presenting on cyber insurance for business interruption losses in a recent Stafford CLE Presentation entitled Business Interruption Coverage for Cyber-Related Losses. This CLE webinar addressed the unique risks that cyber-related losses pose to business operations and how to mitigate those risks with business interruption (BI) coverage. Mark Miller of Miller Friel presented the corporate policyholder perspective, and two insurance company lawyers, Mary Borja of Wiley Rein and Eric Eric Stern of Kaufman Dolowich, provided insurance carrier perspectives.

An analysis of several recent high-profile cyber incidents demonstrates that business interruption and financial losses associated with cyber-attacks can be immense.  Case in point, after a 2013 to 2014 cyber attack at Yahoo, Yahoo was forced to renegotiate its deal with Verizon at a loss of $350 million.   Cyber insurance for business interruption losses and associated financial losses is certainly a timely issue.

What Are Insurers Doing to Provide Cyber Insurance for Business Interruption Losses?

The answer to this question is easy: very little.  Mary Borja, giving the insurers’ perspective explained that cyber insurance has developed as a series of specific coverages, for very specific cyber issues.  She describes cyber-coverage like this picture.

Current Cyber Insurance Policies — You Don’t Know What is Behind the Door Until a Claim is Made and the Door is Opened

Her analogy is that cyber insurance, as currently structured is like a series of doors.  Each door represents a different cyber insurance coverage grant.  To find out what you have, you must open a door to see.

This door picture is a good analogy.  But, with cyber insurance, no one knows exactly what an insurer will do with respect to coverage until a claim is made, or the door is opened.  Make a claim, open a door, and see what the insurers will cover.  This is not the best approach, but it is the current state of cyber-insurance.

What Can Businesses Do Now?

Even with the current state of cyber insurance, there are certain things that businesses can do no to maximize the value of their cyber insurance coverage.

 1.  Look Beyond Cyber Specific Coverage

Insurance company lawyers are not happy when a new court decision comes out finding coverage for a cyber attack under a non-cyber policy.  Eric Stern addressed some of the insurance decisions addressing cyber-related losses, focusing predominantly on “all risk” property policies, which provide coverage for a wide variety of business interruption losses.

Representing insurers, Eric argued for a  narrow reading of coverage, stating that the policies require “direct physical loss or damage to property” for coverage to be triggered.  According to  insurers, there must be direct physical loss to property for coverage to apply.  The only problem with this argument is that this is not what the policies provide.  All risk property policies expressly cover both direct physical loss of property, and damage to property.  Accordingly, if  a cyber-incident renders property, or a computer system,  unusable for the purposes intended, business interruption coverage should be provided.  There is simply no requirement of physical injury to the computer system in order for coverage to be triggered.

In the cyber context, Eric noted a number of decisions finding coverage for cyber-related losses under all risk property policies.  See Am. Guarantee v. Ingram, 2000 U.S. Dist. LEXIS 7299 (D. Ariz. 2000) (holding that physical damage is not limited to physical destruction or harm but includes “lack fo access, loss of use, and loss of functionality”); Lambrecht v. State Farm Lloyds, 119 S.W.3d 16 (Tex. App. 2003) (alternatively finding that hard drives were physically damaged because they could no longer hold or store information); NMS Services, Inc. v. The Hartford, 62 Fed. Appx. 511 (4th Cir. 2003) (holding that there was coverage under a business property policy for an insured’s loss of business and costs to restore records lost when a former employee hacked into the insured’s network);  Southeast Mental Health Center Inc. v. Pacific Ins. Co. Ltd., 439 F. Supp. 2d 831 (W.D. Tenn. 2006) (insured proved necessary direct physical loss where the insured’s pharmacy computer data was corrupted due to a power outage).

The takeaway for policyholders is that “all risk” property policies can and oftentimes do provide coverage for cyber-related business interruption losses.

2.  Pay Attention to Cyber Coverage Grants and Exclusions

The participants agreed that there is no standard cyber-policy form, so a review of applicable policy language is critical.

Without Standard Insurance Policy Forms or Regulations, We are Still in the WIld Wild West of Cyber Insurance

Mark Miller noted six specific limitations to coverage that are particularly important with respect to financially related losses, including: (1) scope of coverage grants, (2) time limitations to coverage, (3) the fraud exclusion, (4) the profit or advantage exclusions, (5) prior notice exclusions, and (6) conditions to coverage.

To find out more about the steps that policyholders need to take with respect to cyber-related claims and policies, please feel free to  contact us.

Media Liability Insurance Claim Success Story


In this post, Miller Friel attorney Brian Friel discusses media liability insurance claims and how insurance carriers improperly deny media liability insurance claims.  In the example presented here, a prominent TV and radio host was sued for defamation.   The media liability insurer denied the claim based on an improper reading of an exclusion.  Turning this improper media liability insurance claim denial around involved comparing the facts of the company’s on-air statements across multiple media outlets, and the language of the policy, which indicated that the insurance company’s initial denial improper.

Please watch the video to learn more, or Contact us if you have any questions.

Continue reading

Cyber Insurance Claim Denials

There have been a series of recent high profile cyber insurance claim denials.  As a result, policyholders are asking questions.  What, if anything, did we purchase?  Is our cyber coverage any good?  Were we duped by all of the marketing hype offered to sell cyber insurance products?  Why are cyber insurers denying claims?  Why are cyber insurance claim denials so common?

Policyholders rightly expect cyber insurance to respond to cyber crimes — But, insurers don’t see it that way

There are a number of reasons for the large number of cyber insurance claim denials.  First, claims determinations under cyber insurance are particularly susceptible to insurers arguing that they did not intend to cover a type of claim, even  when their policy language often tells a different story.  Second, as with many new products, cyber security insurance policies have not yet normalized around a single coverage grant and standardized exclusions.  Third, insurers are writing coverage to cover very specific types of risks, yet the types of liability policyholders are facing in the cyber world seem to be changing all the time.

This, however, is not putting a damper on sales of cyber insurance products.  With the amount of media coverage each cyber-attack receives, corporations continue to add cyber insurance to their portfolios.

Who Is Buying Cyber Insurance?

Recent estimates show that roughly one third of US companies purchased cyber insurance coverage.   The rate of penetration varies significantly across industry groups.  While healthcare and retail sectors reveal a 50% penetration rate, manufacturing is lagging behind at only 5%.  Not surprisingly, the largest claims and some of the most notorious breaches have occurred in the healthcare, finance and retail sectors, driving the interest in cyber insurance in such markets.  The highest growth rates, however, are in the manufacturing business sector, suggesting that more industries across the board are concluding that even if the internet is not the primary way they interact with customers or potential customers, such businesses may see value in purchasing cyber insurance products.

What Does Cyber Coverage Offer?

Standalone cyber insurance typically provides coverage for both first party and third party losses resulting from a computer based attack or malfunction of a policyholder’s information technology systems.  Despite the lack of a standardized coverage form, the coverage grants provided by cybercrime policies are finding growing consistency.  Many offer first party coverage for costs arising from investigations of security breaches, restoring business services, notifying affected individuals, credit monitoring services, extortion and ransom payments and business interruption.  Like property coverage, many cyber policies contain sub-limits which can substantially limit available coverage for defined losses, including most often cyber extortion and “computer attack.”

Unlike standard property policies, cyber policies also include third party liability coverage. Common third party liability coverage applies to costs from defending against public or private investigations, settlements, judgments and possibly fines and fees arising from such third party claims. Again, cyber insurance policies employ sub-limits to simultaneously limit the available coverage, including limits applicable to data compromise, network security and electronic media.

While policy coverages may be becoming more consistent, policy exclusions continue to have substantial differences.  The most common exclusions were for criminal/fraudulent/dishonest activity, disregard for computer security, contractual liability and payments of fines or fees. Just from the labels one can see that such exclusions potentially apply to most common cyber-attacks.

One such example is theft coverage. Cyber policies often exclude losses resulting from theft, yet fidelity and crime policies that cover theft often limit coverage for computer fraud by excluding “electronic data.” If the data is the very thing the hacker is interested in taking, it’s possible that such thefts fall in between the cyber insurance coverage and the crime and fidelity coverage. Less common exclusions apply to limit coverage for collateral damage, failure to disclose a loss of which an executive was aware and unsolicited disseminations of communication.

Even when policies contain similar exclusions, the specific wording can differ from policy to policy meaning the scope of the exclusion similarly can differ. The differences in language can also mean that the limited judicial interpretations of these clauses may or may not apply to your specific policy wording. Be wary of insurers who argue that a case decided on another insurer’s policy language bars or limits your coverage. The policy language is not settled and the case law suffers the same difficulties. Experienced coverage counsel is required to evaluate an insurer’s efforts to avoid coverage.

Common Causes of Cyber Claims

The most common cause of cyber insurance claims are hackers, or persons or groups that use unauthorized access to computer systems and access personal data or files. Nearly as prevalent are attacks using “socially engineered malware,” where a user is tricked into running a program that delivers malware to the target, and often today that means data encrypting ransomware. Each of these two types of claims illustrate how even the most sophisticated policyholders can fall prey to improper cyber insurance claim denials.

In an all too common scam, hackers infiltrate a business’ databases and steal customer credit information or other personally identifying information. Such attacks often carry substantial costs in protecting customer credit information going forward, as well as significant fines and fees from credit providers. But insurers have issued Cyber Insurance Claim Denials for such actions by use of exclusions for theft or exclusions for fines and fees. Another common form of hacking is “spoofing,” sending an email to make it look like it came from within the company. Insurers have argued that such claims are not covered because the theft is not “direct” because someone within the company took the last step to fraudulently wire the money. But again the cases and policy language differ such that insurers are potentially attempting to deny a covered claim.

Recent cyber insurance claim denials also illustrate how insurers are limiting or denying coverage for ransomware attacks. One common practice is for insurers to limit coverage through the use of deductibles and sub-limits. The most recent ransomware deployed against the computer systems of the City of Atlanta is just one example, but hospitals and other commercial enterprises have similarly proven vulnerable to these types of hacks.

Ransom coverage is typically included in cyber insurance policies but collecting on such coverage may prove difficult. A newer trend in ransomware claims sees the extortionist making what appear to be smaller demands that may fall within standard deductibles such that the coverage does not come into play. Ransomware actors have discovered that lower demands put pressure on victims to pay, as the ransom often is several times smaller than the cost of duplicating the lost data. For example, in the attack against the Atlanta, the city was asked to pay 6 bitcoins, at current values approximately $36,000. Similarly, the “WannaCry” attack, which crippled computers across the world, resulted in a relatively small payment of $140,000 spread among multiple victims. Given the existence of deductibles, its doubtful cyber insurance played a substantial role in one of the largest attack in history.

An Overview of Cyber Insurance Claim Denials

With cyber insurance, insurers seem to be denying more claims than they are paying, and in some instances getting away with improper cyber insurance claim denials.  The most well known claim denial under a stand alone cyber insurance policy came in the infamous   P.F. Chang’s China Bistro v. Federal Ins. Co., 2016 WL 3055111 (D. Ariz. 2016) case.  There, Chubb denied coverage fees imposed by MasterCard pertaining to stolen credit cards.

Insurers also deny cyber-related claims under other kinds of insurance as well.  For example, in Recall Total Mgmt, Inc. v. Federal Ins. Co., 317 Conn. 46, 115 A.3d 458 (2015), the personal injury coverage applied to the electronic, oral, written or other publication of material that violates a person’s right or privacy. The insured, Recall Total, transported computer tapes carrying details of IBM personnel. The tapes were lost, and IBM incurred costs in providing identity-theft services to its employees, which it in turn sought from Recall Total. Losing hardware or other media is a common type of cyber security event.

Despite this, Federal (a Chubb/ACE company) denied the claim, arguing that there was no proof of publication. The court agreed that because there was no evidence that anyone had found and accessed the computer records, there was no evidence that they had been published so as to trigger coverage. “Publication” was not a defined term in the policy and there is no reason why “finding and accessing” the information was required or could not be presumed. The fact that the information was made publicly available and may have circulated on the “dark web” unknown to the insurer or the insured, and the fact that the insured had to bear costs to remedy the error, was not determinative, despite the fact that the insured thought it had protection for such cyber events.

Travelers tried the same arguments in Travelers Indem. Co. v. Portal Healthcare Solutions, LLC, 35 F.Supp.3d 765 (E.D.Va. 2014), where it claimed that when the insured unintentionally made third party medical records available on the internet, that action was not a “publication” of the records. Travelers claimed that accidentally allowing access was not the same as publication. Here the Court disagreed, since anyone searching a patient’s name on google could gain access to their private medical records. Since “publication” was not defined in the policy, the court rejected Travelers’ efforts to give it a narrow definition and found that “publication” occurs when information in “placed before the public.” Whether it is read or not is irrelevant to whether it was published. The same rationale would have been of significant benefit to Recall Total in their claim.

As these cases demonstrate, stand-alone cyber insurance products remain highly variable and largely untested by the Courts. As these policies gain further traction in the marketplace, and as cybercrimes expand and alter over time, these policies are very likely to lead to substantial disagreement between insureds and insurers about the application of the coverages to real world cyber events. These factors require the early involvement of coverage counsel to strategize and advocate for the insured seeking coverage under these policies.

Conclusion

Cyber insurance claim denials are far too common. Insurance carriers sell cyber insurance products into a rising tide of fear, but when a cyber insurance claim is presented, insurance carrier lawyers vigorously fight to deny or otherwise limit coverage. The cyber insurance market has not yet equalized. Cyber insurance products are flying off the shelves of insurers. While, at the same time, cyber insurers are issuing more and more cyber insurance claim denials.

Although there are reasons for this, this immature cyber insurance market will not correct itself unless policyholders evaluate and pursue cyber insurance claims. Involving insurance counsel at the earliest stage of the claims process is the first step to addressing improper cyber insurance claims denials that policyholders are facing. Additional information can be found in Computer Fraud Two Similar Scams Two Very Different Insurance Outcomes; Cyber And Intellectual Property Claims; The Wild Wild West Of Cyber Insurance; The Impossible Intersection of Baseball Cybercrime and Insurance; Strategies for Addressing Cloud Computing Risks. Please feel free to contact us at Miller Friel if you have any questions.

Notice For Governmental Investigations – Navigating Insurance Traps

Providing notice for governmental investigations is fraught with difficulty.  D&O and E&O insurance policies can provide coverage for the costs of responding to subpoenas, civil investigation demands, and defending against regulatory actions.  Yet, notice of these claims is often an issue.  The reasons for this are threefold.  First, some companies are advised by defense counsel not to provide notice.   Second, some policyholders simply don’t realize that coverage is provided.  And third, in some cases, the governmental agency directs the policyholder not to disclose the non-public investigation, because doing so could make the investigation public.

The first two of these notice for governmental investigation issues typically resolve themselves once the policyholder becomes aware of coverage.  It is difficult dealing with insurers, but the defense of government investigations is expensive, and most companies elect not to waive coverage. The final one, dealing with a governmental directive to keep quiet, is more difficult.

What if a Governmental Agency Directs the Policyholder Not to Disclose an Investigation?

One particularly tricky insurance issue for corporate policyholders seeking to provide notice for governmental investigations is providing notice in connection with “non-public” or “informal” governmental inquiries and investigations.  The Department of Justice (“DOJ”) and a whole host of other government agencies have the power to issue a subpoena or direct an informal request to a company seeking information and documents. It may be a simple issue to tender such a demand to the insurance carrier, but doing so is more difficult if the policyholder is expressly directed not to disclose the existence of the subpoena, inquiry or investigation.  Here is a real-world example:

Company receives a DOJ subpoena and related Qui Tam action during Policy Period 1. The DOJ letter accompanying the subpoena includes prohibitions against discussing the subpoena until the DOJ’s investigation is complete, with an admonition that “Premature disclosure could impede the investigation and interfere with the enforcement of the law.” Company does not provide notice to its D&O insurer at that time during Policy Period 1.  Company then receives a letter from the DOJ that its investigation is complete during Policy Period 2, at which time company promptly provides written notice to its D&O insurers under both Policy Periods 1 and 2 (claims-made and reported policies).  Both insurers deny coverage – the Policy Period 1 D&O insurer denied coverage for late notice, and the Policy Period 2 D&O insurer denied coverage pursuant to the policy’s known loss exclusion.

Unfair, yes. Unlawful, perhaps. But her is the good news. There are at least three ways to address this issue.

1.  Ignore the Government’s Directive

Under certain circumstances, and subject to certain applicable laws, a policyholder may be able to provide notice of an investigation, even if the governmental agency directs them to keep the investigation private.  Case law in other contexts suggests that a government request not to disclose a subpoena because it may impede an investigation is improper. Fed. R. Crim. P. 6(d)(2) (“No obligation of secrecy may be imposed on any person except in accordance with Rule 6(e)(2)(B),” which does not include subpoena recipients); U.S. v. Bryant, 655 F.3d 232, 237-38 (3d Cir. 2011) (finding a Rule 6(e) violation where government issued subpoenas that contained language requesting that the witnesses not disclose the existence of the subpoena, and ordering the government to notify all such witnesses by letter that they are under no obligation to keep the subpoena secret); In re Grand Jury Proceedings (Diamante), 814 F.2d 61, 68, 70 (1st Cir. 1987) (finding violation of Fed. R. Crim. P. 6(e) where cover letter accompanying a grand jury subpoena stated, “[y]ou are not to disclose the existence of this subpoena or the fact of your compliance for a period of 90 days,” and ordering the government to advise subpoenaed witnesses by letter that they are under no obligation to keep the existence of the subpoena or their compliance with it a secret); U.S. v. Blumberg, No. 3:97-CR-119(EBB), 1998 WL 136174, at *1-2 (D. Conn. Mar. 11, 1998) (same).  Thus, and subject to appropriate legal review, a company may be able to provide its insurer with notice of a subpoena despite any admonition or instruction from the government not to disclose the subpoena.

A decision to disregard the governments directive, however, should not be considered without the advice of defense counsel.  Nonetheless, it is an option worthy of discussion.  This is certainly the case because the insurers may be considered part of the defense, so disclosure may not in fact be prohibited disclosure to a third party.

2.  Cooperate and Educate

In an effort to remain cooperative with the government, a company may not want to simply disclose the existence of an investigation without the government’s input, particularly where such an investigation is under seal. Thus, for example, in claims dealing with a Qui Tam (or whistleblower) action, which are filed under seal, prior to expiration of the policy period during which the company learns of the investigation, the policyholder, through counsel, should approach the governmental agency to obtain permission to share the existence of the investigation with its insurer on a confidential (and, if necessary, redacted) basis. Indeed, providing such information will be more than sufficient to trigger an insurer’s duty to defend. See, e.g., CNA Cas. of Cal. v. Seaboard Sur. Co., 176 Cal. App. 3d 598, 606 (1986) (“[T]he insurer must furnish a defense when it learns of facts from any source that create the potential of liability under its policy”). This approach ensures that the company maintains a cooperative relationship with the regulatory or governmental agency while protecting its ability to recover under its insurance.

3.  Fix the Problem Before It Starts

Finally, a company can negotiate a “no prejudice” provision into its D&O and/or E&O liability policy, which essentially provides that “if a governmental or law enforcement agency prohibits the Insured from providing notice as required by this section, the Policy shall not be prejudiced.”  This, however, is not an option after an investigation has commenced, but it is worthy of consideration for policyholders prior to the commencement of a governmental investigation.

With such a provision in the Policy’s notice clause, if a company is unable to provide notice to its insurer based on an agency’s instruction not to, a company’s rights to coverage would be protected.  We have successfully negotiated such language into D&O and E&O notice provisions in the past.  But, it appears that many policyholders still do not know what needs to be requested.

CONCLUSIONS

Providing notice for governmental investigations is one of the most important issues policyholders face when confronted with a governmental action against them.  That is because late notice is one of the primary reasons insurance carriers use to deny coverage for governmental investigation claims.  The only way to prevent such denials is to thoroughly investigate insurance as soon as counsel is hired to handle a governmental investigation.  Given the intricacies and variability of the law in this area, most insurance brokers rightly shy away from providing advice in this area.  Here, perhaps more than in any other area of insurance, the correct course of action is dictated by the law.  Coverage counsel should be retained to determine the best course of action.  Otherwise, an insurance carrier may later claim that coverage was waived.

If you have any questions, please feel free to give us a call.

Insurance Coverage Litigation – Insurer and Policyholder Perspectives

Insurance Coverage litigation may be, by some, considered a last resort. That is, a process to enter into when all other avenues of settlement have failed. In certain situations, however, insurers file early declaratory judgment actions. In others, policyholders sue soon after receipt of a denial of coverage letter. There appear to be other considerations at play.

The stakes can be high for both insurers and policyholders, and the perspectives on litigation from both the insurer and policyholder perspectives are seldom discussed together. Here, two insurance coverage litigation adversaries candidly discuss what factors and considerations should go into insurance coverage litigation.

To understand better what goes into insurance coverage litigation cases, we put together a panel of two insurance trial experts in the field, Deborah L. Stein of Simpson Thatcher, (addressing the insurance company side of the equation), and Mark E. Miller of Miller Friel (addressing the policyholder side of the equation). The full course is available from PLI and the PowerPoint for the presentation is linked here. Insurance Coverage Litigation PLI

Six topics were covered:

  • Pre-Litigation – what goes on prior to filing suit;
  • Filing a Complaint – what drives the decision;
  • Motions to Dismiss – valuable to both sides;
  • Discovery – using it effectively;
  • Summary Judgement – a critical juncture;
  • Trial – best practices and perspectives.

At the risk of oversimplifying, here are some of the highlights on the competing  policyholder / insurer perspectives on insurance coverage litigation:

1. Pre-Litigation – what goes on prior to filing suit

INSURER PERSPECTIVE POLICYHOLDER PERSPECTIVE
Compile information;
Correspond with policyholder;
Evaluate dispute, jurisdiction, timing of claim issues.
Full evaluation of the claim – law, facts;
Send well-drafted letters to insurers refuting denials;
Compliance with policy conditions, even if waived;
Develop strategy to maximize recovery.

2. Filing a Complaint – what drives the decision

INSURER PERSPECTIVE POLICYHOLDER PERSPECTIVE
Issue of first impression;
How clean are facts and law;
Duty to defend law;
Burdens;
Duty to indemnify law;
Coverage issues vs. valuation issues;
Jurisdiction.
Key question – will filing suit maximize legal recovery. Look at:
a) Choice of law;
b) Law of jurisdiction
c) Risk of being sued first
d) Insurer reputation
e) Insurer conduct / bad faith
f) Reasons for denial (potentially legitimate vs. industry custom and practice;
g) Overall case strategy.

3. Motions to Dismiss – valuable to both sides

INSURER PERSPECTIVE POLICYHOLDER PERSPECTIVE
Case specific – be selective in filing;
Possible filings for:
a) Jurisdictional and standing issues;
b) Whether claimant is an insured;
c) Timing of injury (outside of period);
d) Undisputed law and facts;
e) Bad faith;
f) Statutory claims handling causes of action.
File if insurer filed suit in wrong jurisdiction;
Care taken so complaints cannot be dismissed.

4. Discovery – using it effectively

INSURER PERSPECTIVE POLICYHOLDER PERSPECTIVE
Build your defenses and themes from the discovery you produce and obtain, but don’t force a story;
Document Requests – think about types of documents you need; request further documents in depositions;
Interrogatories – Use strategically (identification of documents, witnesses, facts); untargeted interrogatories not helpful;
RFAs – look for discrete admissions; use for authentication;
Depositions – usually the most effective tool; prepare, prepare, prepare; remember that you are still discovering.
Focus Discovery on elements of proof at trial;
Offensive Discovery – use it to build the story of improper denial; don’t waste time taking 30(b)(6) depositions;
Defensive Discovery – this is where cases are lost; prepare witnesses properly, as insurance issues are too complex to understand without preparation; pay extra attention to those that know about insurance (risk managers and brokers);
Know the rules; be prepared;
Recognize that no document has ever spoken for itself;
Think about what documents you need authenticated, and what documents you don’t.

5. Summary Judgement – a critical juncture

INSURER PERSPECTIVE POLICYHOLDER PERSPECTIVE
Frame issues wisely;
Consider purpose: resolve dispute, avoid trial; knock out claims; obtain direction from court;
Evaluate facts and law;
Know undisputed facts necessary for motion;
Be true to record; don’t overreach.
Overall goal is to get to trial;
Consider proactive motions such as duty to defend motions;
Motions and responses need to be drafted so the Court comes to the conclusion that you are right;
Insurance jargon and insurance complexities are not your friend.

6. Trial – best practices and perspectives

INSURER PERSPECTIVE POLICYHOLDER PERSPECTIVE
“Your trial presentation wasn’t complicated enough,” said no one ever;
Focus;
Keep it simple;
Know elements and evidence; consider burdens;
Prepare order of proof;
Remember the big picture;
Humanize witnesses; don’t be over-technical and don’t stretch;
Don’t overuse documents.
Trial preparation starts on day one, as everything that is done is for the purpose of trial;
Develop case theme based on discovery;
Simplify case to its essential elements and tell your story;
Simplify;
Be likable, interesting, and nice;
You are painting a picture. You decide what to put on the canvas. Opponent will try and mess up your beautiful painting. Don’t let this happen.

Although there is enough material on any one of these topics to fill an entire CLE course, this CLE is a good start for in house counsel faced with the task of managing either insurance coverage litigation or an insurance claim.  Moreover, policyholders seldom get the insurance company counsel perspective, which is always valuable when assessing a claim. All that and more can be found in this course.

The most important information I got from presenting this course is:

  1. Claim denials can be reversed, but sending a nasty letter will not do the trick.
  2. Rather, well-crafted letters rebutting each and every error made in an insurer’s denial letter is the way to go.  This requires mastery of the facts and law.
  3. Prepare for trial from the moment you become aware of the claim.
  4. Letters are drafted for the Court.
  5. There are ample opportunities to make mistakes, and policyholder self-inflicted wounds are the most common way that insurance coverage cases are lost.
  6. Develop your story, and refine that story through discovery.
  7. Push for trial.  If an insurer wants to settle, they know who to call.
  8. When preparing for trial, think about painting a picture for the judge and jury.  You decide what colors to use, and what to put into the record.  Insurers will try and mess up your painting.  Don’t let them.

For other Miller Friel PLI presentations on the topic of insurance, please see Top Ten Insurance Issues for Non Insurance Lawyers, State of the Art D&O Insurance.

 

 

Insurance Policy Enhancements to Coverage

Best practices for securing insurance policy enhancements to coverage should not be a confusing issue.  Insurance brokers, who are essential to placing coverage, offer pre-approved insurance policy enhancements to coverage, and shop for the best price. Some corporate policyholders stop there, which is great, until a claim comes in.  When an insurer denies the claim, the policyholders rightly question why their claim was denied.  All too often, the insurer cites to an insurance policy enhancement to coverage, that was not really an enhancement to coverage, but a limitation to coverage.

Insurance Policy Placement — A One-Sided Process, Even With the Best Insurance Broker

There is nothing better than a great insurance broker.  But, not all brokers understand that the gold standard for insurance policy placement involves more than just price and adding pre-approved broker enhancements to coverage to the policy.  Depending on the company, an integrated legal /broker team may be warranted.   There, the broker focuses on price, and obtains the best language they can find. Then, the suggested program is evaluated by policyholder counsel to determine if the proposed language functions as intended.  The result is that the policyholder binds the best possible coverage for their specific needs.

This is not a complicated or expensive process, but the essential piece, legal review, can be overlooked if policyholders conclude that pre-approved endorsements are all that is needed to secure the best possible coverage.

Price is Important But Price is Not the Only Factor

Focusing only on price is a disservice to corporate policyholders. The purpose of insurance is to provide coverage for claims.  Insurers sell a promise, and that promise is only as good as the language contained in the insurance policy.  Yet, Insurance policies are one sided.  They are drafted by some of the best insurance company lawyers in the industry, and are designed to cover less rather than more.  Standard form policies are marketed to brokers and policyholders with the understanding that many corporate policyholders will accept their terms and conditions, as proposed, without alteration.

Standard Policy “Improvements” Can Create More Issues Than They Solve

Naturally, most corporate policyholders push back on policy language.  Insurers expect this and have contingencies to appease policyholders.  Insurers and brokers have developed standard pre-approved “improvements” to coverage that are added by the broker as endorsements to the policy.  The policyholder  may then be told that they have all of the improvements, and that the coverage is great.  The problem with these improvements, like the policy itself, is that they were expertly drafted by insurance company lawyers who understand insurance law in all 51 jurisdictions.   Many times, an “improvement” to coverage actually takes away coverage afforded by recent case law.   Hence, an insurance policy with all of the bells and whistles recommended by a broker in good faith,  may provide less coverage than the original policy.

Learning From Insurance Company Practices

Insurance coverage for any given claim is determined by ever changing insurance case law and statutes.  Insurers constantly monitor these developments, as it is a critical part of their business.  Policy language is adjusted based on the law.  Pre-approved forms are adjusted to limit coverage.

Policyholders, however, may unintentionally rely on insurance brokers to interpret the law and tell them what the policies cover.  Insurance companies know this as well.  But, insurance companies do not rely on insurance brokers to tell them what their policies mean.  Instead, they rely on lawyers, and they have many of them at their disposal.  See   Where Have all of the Insurance Lawyers Gone

Fixing the Problem of Insurance Policy Enhancements to Coverage

Although insurers are intently focused on insurance law when approving policy language, policyholders are at a distinct disadvantage.  Insurance brokers, upon who policyholders rely, don’t practice law and will readily admit that they cannot opine on what the policies cover .  The best they can do, is try.  And they do a valiant job at that.  But, without an understanding of the law, their proposed adjustments to policy language may not be proper.

Selecting appropriate policyholder counsel for insurance policy review, however, can be difficult. Virtually every law firm in the country advertises their ability to review insurance policies.  Most of these firms represent insurance carriers.  Some openly claim that because they wrote the policy forms for insurers, they are uniquely suited to revise them for policyholders. That could be true, but it raises questions of loyalty, and makes one wonder if such a firm would later advise an insurer on how to avoid revisions they made for a policyholder, because they are, in fact, uniquely suited to do so.  Call me old fashioned, but it does not seem right for a law firm to play on both sides of the corporate fence.

Either way, the best practice for securing insurance policy enhancements to coverage is for corporate policyholders is to not accept an insurance program without legal review.

Miller Friel represents corporate policyholders in insurance coverage disputes.  We litigate and resolve complex insurance claims on behalf of some of the world’s finest companies. We also see the worst of the worst insurance company tactics.  Some of this can be avoided if care is taken at the front end when policies are being underwritten.

The important thing is that policyholders find a corporate insurance recovery law firm to review their policies.   There are many law firms doing this, but only a few are doing it correctly.   Moreover, there are drastic differences in how effectively policyholder law firms address the problem.  The important thing for policyholders to recognize is that the process of insurance policy placement, from start to finish, is one sided in favor of insurers.

Miller Friel handles insurance policy reviews for select corporate clients with complex insurance programs.  For those we cannot serve, we are happy to recommend unbiased counsel to assist.

Insurance Broker RFPs

Insurance broker RFPs are one of the best ways for corporations to select qualified insurance brokers.   The practice of using RFPs for the selection of insurance brokers, however,  is underutilized, and, even when used, it does not always provide meaningful information.   Typical RFPs elicit a canned marketing presentation and lots of glad-handing.  Interesting, perhaps, but certainly not the best way to test broker abilities and approach.

Insurance Broker RFPs — Obtain Useful Information by Asking the Right Questions

The best way to keep brokers moving in a direction that is consistent with corporate interests is to have perspective brokers submit RFPs every several years. The problem with most insurance broker RFPs is that they seldom get to the issue of how good brokers are at placing coverage or assisting with respect to claims. To get this kind of information, RFPs need to be specifically targeted at current insurance issues.

To be useful, broker RFP questions need to be targeted.  From an insurance law standpoint, questions should be designed to address three critical issues.  First, how the insurance broker addresses important insurance policy language issues.  Second, how the broker deals with insurance provisions that are one sided towards insurance company interests.  And, third, how hard the broker pushes for policyholder (as opposed to insurer) interests.

The following select questions, for a technology company insurance broker RFP, gives an idea of just how specific RFP question need to be to elicit an appropriate response:

SAMPLE INSURANCE BROKER RFP QUESTIONS
TECHNOLOGY COMPANY

For Discussion Purposes Only
Not to Be Used Without Prior
Consent of Miller Friel, PLLC

I.  Commercial General Liability

  1. Please provide examples of the best advertising injury language you have secured for a company like [INSERT CLIENT NAME], and your opinion on whether or not you will be able to achieve similar results for [INSERT CLIENT NAME].
  2. Examples in policies of this kind where you have been able to secure patent coverage; same for trademark.
  3. Please provide examples of the best data and software coverage language you have been able to obtain for clients.

II.  Technology Errors and Omissions

  1. Examples of the best technology policies you have secured for clients, and things that you would improve with respect to that language.
  2. Please provide examples of how you have secured coverage for false advertising.
  3. Examples of whether you have secured coverage under such policies for patent claims.

III.  Directors and Officers Liability

  1. Please provide examples of the best definition of “Claim” language that you have been able to secure for clients.
  2. Please give examples of how this language was found to cover governmental investigations.
  3. Please provide examples of the best definition of “Loss” language that you have been able to secure for clients.
  4. Please provide examples of how this definition of “Loss” language was found to cover fines and penalties assessed against the policyholder.
  5. Please provide examples of how you have narrowed the scope of the bump up exception to the definition of “Loss” to avoid potential application to traditional fiduciary duty claims.
  6. Please provide the best punitive damages coverage language that you have been able to secure for clients.

IV.  Claims-Made Coverage Generally (D&O, E&O)

  1. Please provide examples of the best interrelated wrongful acts language that you have secured for clients.
  2. Please provide examples of the best prior-notice exclusions that you have secured for other clients.
  3. Please provide examples of the best prior-knowledge exclusions you have been able to secure for clients.
  4. Please provide examples of the best prior-claim notice language that you have secured for other clients.
  5. Please explain how you structure such interrelated wrongful acts, prior-notice, and prior claim exclusionary language so that insurers cannot claim that neither current nor past policies cover otherwise covered claims.
  6. Please provide examples of the best conduct exclusions you have been able to secure for clients.
  7. Please provide your position on whether applications are necessary for renewal policies, and examples of when you have instructed insurers that applications are not warranted.
  8. Please provide examples of when you have revised standard-form application language to protect the insured.
  9. Please provide examples of situations where you have had insurers waive warranty requirements; please provide examples of the same when coverage was new (not renewal coverage).
  10. Examples of when you have challenged prior and pending dates proposed by an insurer, and the outcome of such challenge.

V.  Other

  1. Your recommendations on the best additional time-element provisions for [INSERT CLIENT NAME], with examples (including extra expense, royalties, contingent time element, interruption by villi or military authority, ingress/egress, extended period of indemnity).
  2. Please provide examples of how you have revised exclusions in policies to make certain that all terrorism related activities under TRIA for certified acts of terrorism are covered, including dirty bombs and bio-terrorism.
  3. Please confirm that you will be able to secure pre-approval of defense counsel, by endorsement, for the following law firms: [INSERT NAMES OF PREFERED DEFENSE COUNSEL].
  4. Please provide examples of the best endorsements you have secured for clients providing for approval of pre-selected defense counsel, and identify what, if anything, additional you recommend adding to such endorsements.
  5. Please provide examples of the best hourly rates you have been able to secure for defense counsel.
  6. Please provide examples of how you have worked with coverage counsel both in litigation and pre-litigation to resolve claims.
  7. Please provide your recommended course of action to preserve legal privilege for discussions you may have with for [INSERT CLIENT NAME] concerning claims.
  8. Please provide examples of insurers pressuring your firm with respect to a policyholder claim, and how you dealt with it, and whether your firm will take similar action with respect to [INSERT CLIENT NAME].
  9. Please provide your examples of situations where you have challenged arbitration language in an insurance policy prior to issuance, and the outcome of such challenge.
  10. Please provide examples of the best ADR provisions you have secured for clients, and why you believe that such language is advantageous.
  11. Please provide examples of the best warranty language that you have been able to secure for clients.

Most RFPs will contain what the insurance broker believes are their strongest selling points, like, how much coverage they place. who their clients are, their great relationships with insurers, and the fact that they have claims people on staff.  This information will be provided even without an REP.  RFP questions should be designed to address something more.  In the insurance context, that more is how well the broker pushes issues to benefit the policyholder.