It has been reported that thirty-one percent of organizations have experienced cyber-attacks. Moreover, cybercrime costs continue to accelerate with organizations spending nearly twenty-three percent more in 2017 than in 2016. On a corporate level, the average cost per breach is now at $11.7 million. While these statistics instill fear in some, they create opportunity for others. Insurers recognized an opportunity early on, and cyber insurance products quickly came to the rescue. Many of these cyber insurance policies, by design, covered very little. But they sell like hotcakes.
Corporate policyholders are more educated now than they were in the early cyber insurance days, but insurers still sell deficient cyber insurance products, and routinely deny cyber insurance claims that should be paid.
Please join Mark E. Miller, founding partner of Miller
Friel, PLLC, as he addresses these and other concerns in his recent PLI
Coverage under current cyber insurance policies;
How cyber insurance policies can be improved through negotiation;
Common bases for denials of cyber insurance claims; and
Best practices for handling corporate cyber insurance claims.
For additional information, please see Cyber Insurance – What Educated Policyholders Need to Know Now Presentation Materials.
New York has taken a two-prong approach to dealing with sexual abuse claims. First, the state legislature enacted the NY Child Victims Act. Second, New York publicly called out insurers telling them that providing Insurance Coverage for Child Victims Act Claims should be one of their highest priorities. See Insurers Should Prepare to Promptly Handle Wave of Child Sex Abuse Claims.
The state Department of Financial Services, in a guidance, told insurers they should be prepared to promptly approve coverage for those claims, when applicable, or face state action.
Based on our experience, many insurers are not treating policyholders fairly, and they are not promptly handling these kinds of claims. This was the subject of a recent PLI CLE Seminar where we addressed in detail some of the insurance implications we are seeing for Child Victims Act Claims. For additional information, please see PLI Seminar Course Materials.
What is the Child Victims Act?
Influenced by horrific, widely publicized incidents of sexual abuse, such as the ongoing Catholic Church scandal, and Larry Nassar’s widespread abuse of gymnasts, many states are revisiting how sexual abuse claims are handled in court. New York’s recently enacted Child Victims Act is a prime example.
The Child Victims Act revives claims for childhood sexual abuse or molestation that might otherwise be barred by statutes of limitation. Among other things, the Act creates a one-year window for claimants to file claims against their alleged abusers. That window for claims recently opened on August 14, 2019 and closes on August 14, 2020. Virtually any organization that works with children may be subject to liability.
In New York, a considerable number of Child Victims Act lawsuits were filed when the window opened for claims on August 14, 2019.
By 5:00 a.m. on the first day that lawsuits could be filed, roughly 200 lawsuits were filed;
On the first day, over 400 lawsuits were filed;
In the first two days, over 500 lawsuits were filed.
Plaintiffs’ lawyers contend that what we have seen to date is only a small portion of the lawsuits they intend to file.
New York is just one of many jurisdictions passing similar Child Victims Act laws. Child USA, reports that the vast majority of states have either passed or introduced laws extending the statute of limitations for child victims.
Insurance Coverage for Sexual Abuse Claims
Insurance coverage for sexual abuse claims is part of the solution. See Securing Insurance Coverage for Child Victims Act Claims Although insurance typically covers revived sexual abuse claims under the NY Child Victims Act and similar laws, insurance carriers don’t always see it this way. See Archdiocese of N.Y. v. Ins. Co. of N. Am., (N.Y. Sup. Ct. July 1, 2019); Rockefeller Univ. v. Aetna Cas. & Sur., (N.Y. Sup. Ct. Aug. 6, 2019).
Where plaintiffs seek financial compensation, insurance is always part of the solution. But, as we have seen with many of our clients facing claims for sexual abuse or harassment claims, many insurance carriers are circling the wagons to protect their own financial interests, rather than protecting their policyholders. Below is a list of some of the issues policyholders should consider:
1. Policies Providing Coverage
Two types of policies most commonly provide coverage: (1) Directors and Officers/ Employment Practices (D&O/EPLI) Policies and (2) General Liability (GL) Policies.
General Liability policies are the first kind of policy most policyholders think of when considering coverage. These “occurrence-based” policies cover allegations of bodily injury taking place during the policy period. Accordingly, numerous policies may be triggered by a claim and respond to a loss.
D&O/EPLI policies, by contrast, are just as important. Many D&O or management liability policies expressly cover sexual harassment. See Village of Piermont v. Am. Alt. Ins. Corp., 151 F. Supp. 3d 438, 441 (S.D.N.Y. 2015) (sexual assault covered under D&O policy). Allegations against institutions for actions of their employees often fall squarely within D&O/EPLI coverage. Unlike GL Policies, however, the triggered policy is the one in place when the claim is made, as opposed to the ones in place when when the alleged bodily injury occurred.
2. Providing Notice
Providing notice for these kinds of claims can be one of the most complicated and important things that a policyholder does. Some of the issues with notice include:
Does providing notice under one policy preclude coverage under another?
How do prior claims and prior notice provisions impact notice?
What exactly does each policy require for notice?
What is the legal consequence of providing improper notice?
Should the policyholder request authority to incur defense costs?
Should the policyholder seek consent to hire defense counsel?
Where must notice be sent, and how?
What does the law say about notice provided in a manner different from what is provided for under the policy?
What additional requests must be included with notice, and how do those requests vary from policy to policy?
Under which policies should notice be provided?
How important is it to search for additional policy information, and how should that search be conducted?
Providing notice properly requires time, thought, and legal analysis. In practice, many policyholders delegate this process to insurance brokers. Given the complexity of the issues, astute policyholders may want coverage counsel involvement at this stage of a claim.
3. Responding to Insurer Information Requests
Once notice is provided, policyholders should expect an onslaught of requests for information.
Managing insurance companies’ requests for information is no easy task, but two important ground rules need to be considered. First, insurance companies will request information that is designed to create defenses to coverage. Ironically, the same information requested by the insurers may harm the policyholders’ defense of the underlying claims. Second, information requests are inapplicable to defense of a claim. Defense obligations are typically controlled by what is known as the eight-corners rule. An insurer is permitted to review the four corners of the underlying complaint, and compare the allegation therein to the four corners of the policy. Based on this limited information, the insurer is required to either provide a defense (pay for defense counsel) or disclaim coverage.
Accordingly, policyholders should demand that the insurance carrier provide a coverage determination before engaging in requests for information designed to harm both coverage and defense of the claim.
4. Alleged Coverage Defenses to Sexual Abuse Claims
Insurers routinely raise a number of different reasons for not paying sexual abuse or harassment claims. An analysis of these so-called defenses, addressed from the perspective of a leading insurance company, is found in Munic Re’s 2010 study “Coverage and Liability Issues in Sexual Misconduct Claims.”
Three prominent insurance company arguments to defeat coverage include (1) sexual abuse exclusions, (2) no “occurrence”, and (3) policy not triggered.
Sexual Abuse Exclusions
Sexual abuse exclusions are not standard form, and do not appear uniformly in all policies by year. They may be found in some policies starting in the 1990s, but even then, they oftentimes come and go for an individual policyholder. More favorable versions expressly provide for a defense. Like all exclusions, they are construed narrowly and any ambiguities are construed in favor of coverage.
Just because a sexual abuse exclusion is present does not mean that coverage is precluded. The default rule is that the exclusion is severable, meaning that it may apply to an individual who is alleged to have perpetrated the abuse, but it does not apply to the organization who hired that individual. Moreover, allegations of negligence, false imprisonment, etc., should not trigger exclusion. SeeVillage of Piermont v. Am. Alt. Ins. Corp., 151 F. Supp. 3d 438, 451 (S.D.N.Y. 2015) (exclusion invalid as to false imprisonment claims).
Finally, and most obviously, policies that do not contain exclusions provide coverage. For example, there may be sexual abuse exclusions in policies starting in the late 1990s and thereafter, but that does not impact coverage for allegations of bodily injury taking place prior to that time. Similarly, a current D&O policy may contain such an exclusion, but the EPLI or Employment Practices Liability coverage section found in that same policy likely would not contain such an exclusion, because EPLI policies are designed to cover and do cover sexual harassment claims.
Occurrence — Neither Expected nor Intended from the Standpoint of the Policyholder
In a typical GL policy, “occurrence” may be defined as “an accident, including continuous or repeated exposure to substantially the same general harmful conditions. . . . which is neither expected nor intended from the standpoint of the insured.” Although the definition varies over time, it raises two important issues with respect to sexual abuse or harassment claims. The first is the number of occurrences. The second is coverage for expected or intentional versus negligent conduct.
Determining the number of occurrences can be a touchstone issue in these kinds of cases. Multiple occurrences means multiple policies are triggered (giving rise to increased limits), but it can also trigger multiple deductibles. Unfortunately, legal tests seldom provide a bright line answer. For example, New York applies the “unfortunate event” test. Roman Catholic Diocese of Brooklyn v. Nat’l Union Fire Ins. Co. of Pittsburgh, Pa., 991 N.E.2d 666, 672 (N.Y. 2013). The unfortunate event test requires consideration of “whether there is a close temporal and spatial relationship between the incidents giving rise to injury or loss, and whether the incidents can be viewed as part of the same causal continuum, without intervening agents or factors.” Id. Unfortunately, the test does not lend itself to one absolute and indisputable outcome in the context of a school that is sued for the negligent hiring of a perpetrator who allegedly abused multiple victims.
The “neither expected nor intended” part of the “occurrence” definition clearly favors policyholders. Here, many insurance carriers paint with a broad brush, claiming that everything is intentional, and thus, not covered. These arguments, at most, apply only to perpetrators. The neither expected nor intended argument does not apply to organizations facing negligence-based claims.
When I was a young insurance coverage lawyer in the early 1990s, many coverage lawyers immersed themselves in the intricacies of trigger law. Now, virtually everyone who can read an insurance policy agrees that all GL policies in place during the time of bodily injury are triggered. Long gone are creative insurance company arguments attempting to limit the triggering of GL policies to one and only one policy period. That fight is over and the insurers came out on the wrong end of history.
Now, there are two accepted variations of the rule that all policies in place during the time of bodily injury are triggered: the All Sums approach, and the Pro Rata approach.
Under the All Sums approach, the policyholder can collect its total liability under any one triggered policy, up to policy limits. Matter of Viking Pump, Inc., 27 N.Y.3d 244, 255-56 (N.Y. 2016); Keyspan Gas E. Corp. v. Munich Reins. Am., Inc., 31 N.Y.3d 51, 58 (N.Y. 2018). Conversely, under the Pro Rata approach, each insurance carrier is allocated a “pro rata” share of the total loss covered under the various policies for the portion of the loss occurring during its policy period.Keyspan Gas, 31 N.Y.3d at 58. New York has not adopted a strict “all sums” or “pro rata” allocation rule. Viking Pump, 27 N.Y.3d at 257; Keyspan Gas, 31 N.Y.3d at 58.
5. Settling Insurance Claims — Best Practices
We have found that settlement of insurance claims for sexual abuse and harassment should be conducted in two phases: first defense, and second indemnity.
Before settlement with an underlying claimant can be addressed, policyholders need to secure coverage for defense of the claims asserted against them. The first step here is to create a coverage chart (time on the X axis, and dollars on the Y axis) indicating the policies available for various years of alleged injury. Then, create an overlay of when the allegations in the complaint took place to understand which policies are triggered.
From a legal standpoint, any triggered GL carrier is obligated to provide a defense for the entire action. Although one might think that this concept is a powerful thing, which is is, it does not always facilitate settlement because insurers are often more concerned about how much the other carriers will pay, than how much they will pay themselves. Getting things going requires a proactive approach, getting all of the insurers in one room, and hammering out a defense funding agreement.
Once a defense funding agreement has been reached, insurers should be approached for contribution, or indemnification for settlement with the underlying claimants. If the insurance carriers refuse to cooperate, litigation may be the best option. We have been repeatedly told by mediators that early mediation with insurers does not work unless a complaint has been filed. In our experience, litigation is the best way to get an insurance carrier to move.
The volume of child abuse cases filed is challenging the courts and discussions appear to be underway to structure an Alternate Dispute Resolution (ADR) process. Insurers will participate in that ADR process, but policyholders need to be prepared with respect to legal issues raised by the insurers, and they should not be afraid to use litigation against their insurance carriers as a tool to promote justice.
Finally, the law relating to settlement of claims with or without insurance carrier consent is difficult to navigate. The general rule is that a policyholder should not settle a case without consent from the insurer. There are exceptions to this rule, such as when an insurer has denied coverage for the claim. And, there are proven ways to obtain consent if a carrier is recalcitrant. If insurance coverage is important, a claim should not be settled without first contacting coverage counsel.
Over the years, we have seen some crazy defenses raised by insurers attempting to limit their exposure for corporate insurance claims. Most are laughable when raised, but that does not stop insurers from pushing them.
Several examples illustrate this point. In the 1990’s the insurers came up with the idea that general liability policies do not cover injunctive relief such as environmental cleanup orders. Why? Because, according to the law of England, in place long before anyone on this planet was born, there was a difference between courts at law and courts at equity. No matter how crazy this idea now sounds, insurance companies litigated this issue for decades. Later, with the proliferation of claims-made coverages (the norm for D&O and E&O policies), insurers came up with an even crazier idea – that long since established “duty to defend” standards did not apply anymore. Why? Because the insurers claimed that their duty to pay for defense of a lawsuit was fundamentally different from their duty to defend and pay for an underlying lawsuit. As crazy as this sounds, insurers have been pushing this idea, and more litigation to address this issue is likely to follow.
We raise these examples to illustrate a fundamental observation about high-end insurance company lawyers. They are always thinking up new ways to deny coverage. They push the envelope by continually offering their clients (insurance companies) potential solutions to minimize loss.
We also raise these examples to illustrate how many in the insurance business respond to these crazy defenses. Rather than go on common sense, we see a lot of folks, lawyers included, giving credit to these crazy defenses, rather than calling them out for what they are – complete nonsense.
Recently, we came across a shocking new defense. We call this one the “it’s not over defense.” This defense comes up in the all-to-common scenario where a corporate policyholder is subjected to a series of pending claims. Let’s say there are twenty lawsuits for which coverage is sought. One of those lawsuits is going to trial, and the judge is pushing for settlement. The parties go to mediation, and reach what they think is an acceptable resolution. But, when the insurer is asked to contribute, the insurer says, we can’t, because we don’t know what our overall exposure is, given that 19 lawsuits remain.
Please watch the video to learn more, or Contact us if you have any questions.
Below is a transcript of today’s video:
The Craziest Insurance Defense Ever
The craziest insurance defense ever. Now I think about … we see all kinds of insurance defenses, these are defenses insurance companies throw up to paying corporate insurance claims. Some of them are just laughable, others are “wow I can’t believe somebody was able to think that one up”. But the bottom line is you’ve got a bunch of lawyers sitting around in their office trying to make points with the insurance companies, trying to find new ways to deny claims. It’s an industry. A lot of money is being paid by these insurance companies to have these lawyers think up new ways to not pay claims.
The craziest insurance defense ever and we’ve seen it come up repeatedly in recent claims and that defense is, “well we can’t settle that claim because you’ve still got other claims out there”. Look if you’re a corporation and sometimes these claims, they come in waves, somebody sues you for a TCPA violation and then 20 different people sue you. So, you have 20 different claims. Somebody sues you for a securities claim and then you have four different securities claims in different jurisdictions, all of these with the plaintiff’s lawyers competing on who’s going to be the big dog and get the most money.
So, they come in waves. It seldom that you see one claim and that one claim is the only claim you have. But let’s think about what the insurance company’s saying. They’re saying, “Well you have five claims, you can’t settle these three because you still have two left.” Now it’s not in the insurance policy. There’s no defense for that. It’s not anywhere else that we can see, but it’s something they’re asserting. And the basis for asserting it is, well we just don’t want to do it because we’re afraid that these other claims might cost more money and we want to do a deal with you to pay you less than policy limits. So, it’s not really a defense. It’s more a posturing for settlement.
But the problem is what we’re seeing nowadays is insurance companies are going to mediations and they’re saying, “We’re not paying anything, till we know what the universe of the claims is.” And that’s simply wrong and that’s simply something that’s inconsistent with the policy language. The insurance company has a duty to defend and they also have a duty to settle. They can’t sit back and say, “We’re doing nothing.” And if they do, they’re in a position of bad faith.
The starting point for any organization seeking to understand cyber insurance claims and coverage is to understand potential cyber-related losses. It is only through this analysis that corporate policyholders can understand what cyber insurance should cover. For illustration purposes, we examined four prominent cyber-related incidents and the fall out associated with each incident.
1. Cyber-Related Losses
In 2013 and 2014, roughly 1 billion Yahoo user accounts were breached. This resulted in a series of governmental investigations, numerous lawsuits alleging, among other things, gross negligence and breach of various data protection laws. Yahoo was also forced to renegotiate its sale to Verizon at a $350 million loss
In 2013, 40 million debit and credit card numbers were stolen at various Target stores across the country. This resulted in a plethora of consumer lawsuits, bank lawsuits, state AG claims, and a series of credit card company claims seeking reimbursement for losses they suffered as a result of Target’s breach. Target faced roughly $240 million in reported loses for fraudulent charges, with overall expenses exceeding $290 million. Target also suffered massive financial losses in the 4th quarter of 2013.
In 2015, Anthem suffered a customer database breach impacting 69 to 80 million customers. This resulted in more than 50 class action lawsuits, a series of state AG claims and a number of prominent governmental investigations. Reported losses were in the billions of dollars. A significant portion of Anthem’s loss was the cost of notifications to customers as required by law.
In 2011 cyber criminals targeted Sony’s PlayStation network, resulting in the loss of personal and credit card information. 102 million people were impacted, and the gaming system was temporarily interrupted. This resulted in the filing of roughly 65 class action lawsuits, with reported losses of $171 million.
2. What Cyber Insurance Should Cover
this sampling of incidents illustrates, in a very basic way, some of the main areas that cyber insurance should cover. These include:
Coverage for the costs of defending and settling governmental Investigations, including the recovery of regulatory fines and penalties imposed;
Class action and consumer lawsuit defense and settlement coverage;
Coverage for credit card reimbursements;
Coverage for notification expenditures;
Coverage for remediation costs and forensic investigations;
Coverage for losses caused by the interruption of business, lost business, and related financial losses.
3. How Insurance Carriers Have Responded to Cyber Claims
The insurance industries response to each of these kinds of losses is, for the most part, to vigorously fight against coverage. The number of cases working their way through the courts on cyber insurance denials is astounding, as are the reasons for denials.
For example, with governmental investigations, insurers routinely contended that no coverage is afforded unless the policyholder has been sued. Then, even if the policyholder is sued by the government, insurers argue that damages associated with governmental settlements are not covered because of alleged policyholder wrongdoing. Similarly, for credit card reimbursement exposures, insurers argue that contractual liability exclusions preclude coverage, even though case law holds to the contrary. And, for business related losses, insurers routinely contend that no coverage is provided because insurers did not anticipate covering these kinds of losses. In many instances, insurers are taking these positions, irrespective of case law finding coverage, and irrespective of policy language affording coverage.
There is a solution, but it requires a thorough understanding case law, policy language, and the law pertaining to how insurance provisions are construed.
A good insurance broker is critical to securing the best possible cyber insurance coverage. Insurance brokers have an understanding of what insurers are selling. This is valuable, because there are no standards for cyber coverage. Different insurers approach the same problem from different angles. Insurance brokers, however, typically do not opine on what the policies cover, as this is a legal function, and brokers do not practice law.
For this reason, sophisticated corporations often seek an independent legal review of their cyber-insurance programs.
Seeing opportunity, law firms have also jumped into this hot new area, with newly minted cyber-experts available to review corporate insurance policies. These lawyers can talk circles around most anyone when it comes to cyber-buzz words, but, when it comes to insurance coverage, they have little judgment or experience, and their counsel, quite frankly, is not that helpful. Others have a great deal of experience, but their experience comes from representing insurance companies.
There are many Insurance company lawyers who represent insurers , but also sell their “cyber-review” services to policyholders. Their marketing materials claim that no one knows better then them as to what the policies cover — as they drafted them in the first instance. Ethically, these firms see no legal conflicts in doing this, as long as things don’t get too contentious. Even if they are correct on the conflicts issue, insurance company lawyers have the wrong mindset for this kind of work. Insurance company lawyers are trained from day one not to see coverage. They place emphasis on irrelevant things, like what insurers like to do, rather than policy language, which is the determining factor for coverage.
In today’s blog post, Mark Miller addresses another issue pertaining to the role of insurance broker claims advocates, namely a misperception that some brokers have about the best way to maximize insurance claim value. Here, Mark addresses a recent visit with a prominent insurance broker seeking referrals from Miller Friel. During that visit, the brokers proudly touted marketing materials about everything they had to offer. One of the ways this broker thought they were creating value, was by preventing lawyers from providing advice regarding the scope of insurance coverage. This prompted us to think about some of the most successful insurance recoveries we have had for corporate clients and how best to use insurance brokers in the process.
Does a Divided Approach Make Sense?
On one hand, what the broker is saying makes some sense. This broker was really touting its ability to help policyholders settle claims as insurance broker claims advocates. Helping policyholders settle insurance claims is an important function of brokers. Brokers know the right people at the insurance companies, and in many instances, they help settle claims. It only makes sense to leverage contacts.
On the other hand, what this broker is saying is completely foolish. Brokers know a lot of things. They know what insurance companies have paid on claims in the past. Brokers know how insurance companies handle claims. And, oftentimes, brokers know what insurance companies might be willing to pay. But, all of this has nothing to do with what is covered under the insurance policies. Insurance policy coverage is purely a legal issue that has nothing to do with insurance company custom and practice, or what an insurance company is happy to pay to settle a claim. Insurance coverage is controlled by the law, and despite what insurance brokers do, most don’t practice law all that well.
The Role of Insurance Broker Claims Advocates and Lawyers
So, what is an insurance broker claims advocate and what is their role? Lawyers use the word advocate quite seriously, recognizing their obligation to zealously advocate. Insurance brokers use the word more as a marketing phrase, to illustrate that they are helpful in the process of settling claims. What insurance broker claims advocates do is more akin to a lobbyist than an advocate. Insurance broker claims advocates work with insurance companies to see if they can find common ground on a claim. They leverage their contacts to get meetings with insurers. Like a lobbyist, they provide access and contacts. They don’t, however, advocate for coverage in the way that insurance coverage lawyers are bound to do for their clients.
In working with insurance brokers to settle some of the largest insurance claims in the country, we have found that there is a better way. Brokers and lawyers are a team, not advocates against one another. Each has a different but equally important function. Lawyers determine what is covered based on the law and develop strategies to pressure the insurance carrier to pay. This may include submission of legal analysis to the insurer to help them reverse their position on coverage, or it may include other dispute resolution mechanisms. Brokers keep communications open with the insurer, and search for common ground. Together, the whole is much greater than the sum of its parts.
Please watch the video to learn more, or Contact us if you have any questions.
A question that corporate policyholders should ask before entering insurance coverage arbitration is whether arbitration is a viable way to resolve a complex corporate insurance dispute. In the not so recent past, arbitration provisions in insurance policies were rare. Now, they are common. And, language contained in many standard-form arbitration clauses has become even more onerous over time. The reason for this is that Insurance Carriers prefer Insurance Coverage Arbitration over litigation.
We address here some of the issues that corporate policyholders should note when faced with an insurance coverage arbitration. We also draw some basic conclusions about insurance coverage arbitration based on our extensive experience in this area of insurance recovery law.
First, lets look at some of the reasons why insurers feel so strongly about arbitration.
1) Arbitrators May Not Follow Policyholder-Friendly Law
To prevail on claims, policyholders rely on powerful policyholder-friendly rules of construction. For example, there is a duty to defend whenever there is any potential of coverage. Courts and arbitrators should not look to the ultimate outcome of whether the claim is covered. Rather, if a claim has any possibility of being covered, a defense must be provided. Similarly, policy exclusions are construed against insurers and in favor of policyholders, and for an exclusion to apply, there must be no other reasonable interpretation of coverage other than the one offered by the insurer.
It goes without saying that both arbitrators and Courts should follow the law. If these and other common insurance rules of construction are applied, policyholders have a distinct advantage.
As a general rule, courts follow the law, and if the law is followed, policyholders are typically entitled to coverage. In litigation, if a Court does not follow the law correctly, an appeal may be taken.
Arbitration is a different animal. Review of arbitration awards is limited, and arbitrators are generally afforded more flexibility than courts in fashioning their rulings. In insurance coverage arbitration, arbitrators may be permitted to evaluate factors that have nothing to do with coverage. Arbitrators have been known to look at what a policyholder paid for coverage in relation to the value of the claim to determine what the insurer intended as far as coverage. They may also be improperly swayed by insurance industry custom and practice regarding what insurance companies think critical language means, rather than following the legal standard of interpreting insurance policy language. These factors that arbitrators may be interested in considering cannot be considered in court, as they are legally and factually irrelevant to coverage.
Finally, some arbitrators are reluctant to apply standard rules of construction because these rules of law are designed to render black and white coverage determinations in favor of coverage. Applying these rules to most contested corporate insurance claims can lead to a ruling that the claim is covered.
To cloud the issue, insurance carriers typically raise as many possible defenses to coverage as possible, and push for devaluation of a claim, irrespective of the validity of their so-called defenses. Hence, even if the applicable legal rules mandate coverage, arbitrators can, either intentionally or unintentionally, open the door to legally invalid insurer defenses. Although this does not necessarily lead to an incorrect decision, it unnecessarily complicates the process.
2) Arbitrators May Ignore Insurance Carrier Bad Faith
Another problem with arbitration is that some arbitrators have been conditioned to give insurance carriers a pass on bad faith conduct, whereas courts and juries may be conditioned in the opposite direction. Insurance carriers have a fiduciary duty not to place their interests above those of their corporate policyholders. This is an exceptionally hard standard for insurance companies to meet. Pursuant to their responsibilities to shareholders. Insurance companies are also obligated to maximize shareholder value. One way for insurance companies to increase net income is to limit expenses, which includes limiting payments on claims. These two competing burdens, one to shareholders, and another to policyholders, puts insurance companies in a uniquely difficult place. All too often, it is just too enticing to deny claims for financial reasons, which results in a breach of their duty of good faith and fair dealing to corporate policyholders. In the corporate insurance context, these damages can be immense.
Insurance carriers commit bad faith because it is difficult for them to reconcile pursuit of their interests with the idea that they are not permitted to place their interests ahead of corporate policyholders.
One reason why arbitrators in an insurance coverage arbitration may not be inclined to award bad faith damages may be purely economic. If such a ruling is issued, and the insurers are upset by that ruling, the arbitrator will not be proposed by the insurers to handle future insurance coverage arbitrations.
3) Some Arbitrators May Find it Difficult to Side With Corporate Policyholders
Insurance companies hire arbitrators as part of their business. They are repeat consumers of arbitration services. They keep track of how arbitrators handle their insurance disputes. They know who is good for them, and who is not, and they are not about to take any chances by proposing an arbitrator who does not pass their internal results-oriented tests.
For this reason, arbitrators that routinely handle insurance coverage arbitrations are generally not the best choice for corporate policyholders. Future work drives any service oriented business and arbitration is no exception. Corporate policyholders should assume that experienced Insurance coverage arbitrators know that insurers can drive their future business. Arbitrators need future work to remain employed, and insurers may not be inclined to agree to use an arbitrator again if that arbitrator finds against them in a high-dollar insurance coverage arbitration.
This is not to say that arbitrators cannot see their way through this morass and find for corporate policyholders. Rather, it is one of many important issues for corporate policyholders to consider when selecting an arbitrator for an insurance coverage arbitration.
4) Some Insurance Arbitration Organizations are Mere Extensions of Insurance Companies
Insurance carriers are always concerned about the possibility that an arbitrator who they have not vetted properly will be appointed for an insurance coverage arbitration. To protect against this, insurers have formed specific trade associations disguised as arbitration tribunals. The most infamous of these is ARIAS. ARIAS arbitrators have experience working for insurers, and they translate this knowledge into finding for insurers in arbitration. An arbitration before ARIAS is like an arbitration with the insurance company claims adjuster who denied the claim acting as arbitrator. Policyholders should never agree to an arbitration with an ARIAS arbitrator.
Insurance carriers favor insurance coverage arbitrations because insurance coverage arbitration is better at limiting insurer exposure than litigation. A number of important lessons can be learned from understanding this, including:
1) Policyholders should not agree to arbitration clauses in insurance policies;
2) Policyholders should resist insurance company efforts to arbitrate, unless adequate precautions have been taken to select a neutral arbitrator;
3) Arbitrators with extensive insurance coverage experience are likely not neutral; the fact that they have been repeatedly selected for insurance matters could mean that they have rendered numerous decisions favorable to insurers; and
4) Arbitrators with minimal insurance experience are more likely to provide policyholders with a fair arbitration.
A good friend who runs the arbitration group for a major multinational corporation once said to me, “if you get the wrong arbitrator, you lose your case upon selection of that arbitrator, but you will not know it until years later.” These are sound words to live by.
Cyber insurance for business interruption losses is of great importance to business This year business interruption ranked as the leading threat to companies globally, with cyber incidents acting as the primary trigger for associated losses. Domestically, cyber incidents, — cybercrime, data breaches and distributed delay of service attacks — surveyed as the single most critical risk to businesses. Commerce’s increased reliance on technology-driven solutions only compounds the detrimental impact of these disruptions.
An analysis of several recent high-profile cyber incidents demonstrates that business interruption and financial losses associated with cyber-attacks can be immense. Case in point, after a 2013 to 2014 cyber attack at Yahoo, Yahoo was forced to renegotiate its deal with Verizon at a loss of $350 million. Cyber insurance for business interruption losses and associated financial losses is certainly a timely issue.
What Are Insurers Doing to Provide Cyber Insurance for Business Interruption Losses?
The answer to this question is easy: very little. Mary Borja, giving the insurers’ perspective explained that cyber insurance has developed as a series of specific coverages, for very specific cyber issues. She describes cyber-coverage like this picture.
Her analogy is that cyber insurance, as currently structured is like a series of doors. Each door represents a different cyber insurance coverage grant. To find out what you have, you must open a door to see.
This door picture is a good analogy. But, with cyber insurance, no one knows exactly what an insurer will do with respect to coverage until a claim is made, or the door is opened. Make a claim, open a door, and see what the insurers will cover. This is not the best approach, but it is the current state of cyber-insurance.
What Can Businesses Do Now?
Even with the current state of cyber insurance, there are certain things that businesses can do no to maximize the value of their cyber insurance coverage.
1. Look Beyond Cyber Specific Coverage
Insurance company lawyers are not happy when a new court decision comes out finding coverage for a cyber attack under a non-cyber policy. Eric Stern addressed some of the insurance decisions addressing cyber-related losses, focusing predominantly on “all risk” property policies, which provide coverage for a wide variety of business interruption losses.
Representing insurers, Eric argued for a narrow reading of coverage, stating that the policies require “direct physical loss or damage to property” for coverage to be triggered. According to insurers, there must be direct physical loss to property for coverage to apply. The only problem with this argument is that this is not what the policies provide. All risk property policies expressly cover both direct physical loss of property, and damage to property. Accordingly, if a cyber-incident renders property, or a computer system, unusable for the purposes intended, business interruption coverage should be provided. There is simply no requirement of physical injury to the computer system in order for coverage to be triggered.
In the cyber context, Eric noted a number of decisions finding coverage for cyber-related losses under all risk property policies. See Am. Guarantee v. Ingram, 2000 U.S. Dist. LEXIS 7299 (D. Ariz. 2000) (holding that physical damage is not limited to physical destruction or harm but includes “lack fo access, loss of use, and loss of functionality”); Lambrecht v. State Farm Lloyds, 119 S.W.3d 16 (Tex. App. 2003) (alternatively finding that hard drives were physically damaged because they could no longer hold or store information); NMS Services, Inc. v. The Hartford, 62 Fed. Appx. 511 (4th Cir. 2003) (holding that there was coverage under a business property policy for an insured’s loss of business and costs to restore records lost when a former employee hacked into the insured’s network); Southeast Mental Health Center Inc. v. Pacific Ins. Co. Ltd., 439 F. Supp. 2d 831 (W.D. Tenn. 2006) (insured proved necessary direct physical loss where the insured’s pharmacy computer data was corrupted due to a power outage).
The takeaway for policyholders is that “all risk” property policies can and oftentimes do provide coverage for cyber-related business interruption losses.
2. Pay Attention to Cyber Coverage Grants and Exclusions
The participants agreed that there is no standard cyber-policy form, so a review of applicable policy language is critical.
Mark Miller noted six specific limitations to coverage that are particularly important with respect to financially related losses, including: (1) scope of coverage grants, (2) time limitations to coverage, (3) the fraud exclusion, (4) the profit or advantage exclusions, (5) prior notice exclusions, and (6) conditions to coverage.
To find out more about the steps that policyholders need to take with respect to cyber-related claims and policies, please feel free to contact us.
Providing notice for governmental investigations is fraught with difficulty. D&O and E&O insurance policies can provide coverage for the costs of responding to subpoenas, civil investigation demands, and defending against regulatory actions. Yet, notice of these claims is often an issue. The reasons for this are threefold. First, some companies are advised by defense counsel not to provide notice. Second, some policyholders simply don’t realize that coverage is provided. And third, in some cases, the governmental agency directs the policyholder not to disclose the non-public investigation, because doing so could make the investigation public.
The first two of these notice for governmental investigation issues typically resolve themselves once the policyholder becomes aware of coverage. It is difficult dealing with insurers, but the defense of government investigations is expensive, and most companies elect not to waive coverage. The final one, dealing with a governmental directive to keep quiet, is more difficult.
What if a Governmental Agency Directs the Policyholder Not to Disclose an Investigation?
One particularly tricky insurance issue for corporate policyholders seeking to provide notice for governmental investigations is providing notice in connection with “non-public” or “informal” governmental inquiries and investigations. The Department of Justice (“DOJ”) and a whole host of other government agencies have the power to issue a subpoena or direct an informal request to a company seeking information and documents. It may be a simple issue to tender such a demand to the insurance carrier, but doing so is more difficult if the policyholder is expressly directed not to disclose the existence of the subpoena, inquiry or investigation. Here is a real-world example:
Company receives a DOJ subpoena and related Qui Tam action during Policy Period 1. The DOJ letter accompanying the subpoena includes prohibitions against discussing the subpoena until the DOJ’s investigation is complete, with an admonition that “Premature disclosure could impede the investigation and interfere with the enforcement of the law.” Company does not provide notice to its D&O insurer at that time during Policy Period 1. Company then receives a letter from the DOJ that its investigation is complete during Policy Period 2, at which time company promptly provides written notice to its D&O insurers under both Policy Periods 1 and 2 (claims-made and reported policies). Both insurers deny coverage – the Policy Period 1 D&O insurer denied coverage for late notice, and the Policy Period 2 D&O insurer denied coverage pursuant to the policy’s known loss exclusion.
Unfair, yes. Unlawful, perhaps. But her is the good news. There are at least three ways to address this issue.
1. Ignore the Government’s Directive
Under certain circumstances, and subject to certain applicable laws, a policyholder may be able to provide notice of an investigation, even if the governmental agency directs them to keep the investigation private. Case law in other contexts suggests that a government request not to disclose a subpoena because it may impede an investigation is improper. Fed. R. Crim. P. 6(d)(2) (“No obligation of secrecy may be imposed on any person except in accordance with Rule 6(e)(2)(B),” which does not include subpoena recipients); U.S. v. Bryant, 655 F.3d 232, 237-38 (3d Cir. 2011) (finding a Rule 6(e) violation where government issued subpoenas that contained language requesting that the witnesses not disclose the existence of the subpoena, and ordering the government to notify all such witnesses by letter that they are under no obligation to keep the subpoena secret); In re Grand Jury Proceedings (Diamante), 814 F.2d 61, 68, 70 (1st Cir. 1987) (finding violation of Fed. R. Crim. P. 6(e) where cover letter accompanying a grand jury subpoena stated, “[y]ou are not to disclose the existence of this subpoena or the fact of your compliance for a period of 90 days,” and ordering the government to advise subpoenaed witnesses by letter that they are under no obligation to keep the existence of the subpoena or their compliance with it a secret); U.S. v. Blumberg, No. 3:97-CR-119(EBB), 1998 WL 136174, at *1-2 (D. Conn. Mar. 11, 1998) (same). Thus, and subject to appropriate legal review, a company may be able to provide its insurer with notice of a subpoena despite any admonition or instruction from the government not to disclose the subpoena.
A decision to disregard the governments directive, however, should not be considered without the advice of defense counsel. Nonetheless, it is an option worthy of discussion. This is certainly the case because the insurers may be considered part of the defense, so disclosure may not in fact be prohibited disclosure to a third party.
2. Cooperate and Educate
In an effort to remain cooperative with the government, a company may not want to simply disclose the existence of an investigation without the government’s input, particularly where such an investigation is under seal. Thus, for example, in claims dealing with a Qui Tam (or whistleblower) action, which are filed under seal, prior to expiration of the policy period during which the company learns of the investigation, the policyholder, through counsel, should approach the governmental agency to obtain permission to share the existence of the investigation with its insurer on a confidential (and, if necessary, redacted) basis. Indeed, providing such information will be more than sufficient to trigger an insurer’s duty to defend. See, e.g., CNA Cas. of Cal. v. Seaboard Sur. Co., 176 Cal. App. 3d 598, 606 (1986) (“[T]he insurer must furnish a defense when it learns of facts from any source that create the potential of liability under its policy”). This approach ensures that the company maintains a cooperative relationship with the regulatory or governmental agency while protecting its ability to recover under its insurance.
3. Fix the Problem Before It Starts
Finally, a company can negotiate a “no prejudice” provision into its D&O and/or E&O liability policy, which essentially provides that “if a governmental or law enforcement agency prohibits the Insured from providing notice as required by this section, the Policy shall not be prejudiced.” This, however, is not an option after an investigation has commenced, but it is worthy of consideration for policyholders prior to the commencement of a governmental investigation.
With such a provision in the Policy’s notice clause, if a company is unable to provide notice to its insurer based on an agency’s instruction not to, a company’s rights to coverage would be protected. We have successfully negotiated such language into D&O and E&O notice provisions in the past. But, it appears that many policyholders still do not know what needs to be requested.
Providing notice for governmental investigations is one of the most important issues policyholders face when confronted with a governmental action against them. That is because late notice is one of the primary reasons insurance carriers use to deny coverage for governmental investigation claims. The only way to prevent such denials is to thoroughly investigate insurance as soon as counsel is hired to handle a governmental investigation. Given the intricacies and variability of the law in this area, most insurance brokers rightly shy away from providing advice in this area. Here, perhaps more than in any other area of insurance, the correct course of action is dictated by the law. Coverage counsel should be retained to determine the best course of action. Otherwise, an insurance carrier may later claim that coverage was waived.
If you have any questions, please feel free to give us a call.
Insurance Coverage litigation may be, by some, considered a last resort. That is, a process to enter into when all other avenues of settlement have failed. In certain situations, however, insurers file early declaratory judgment actions. In others, policyholders sue soon after receipt of a denial of coverage letter. There appear to be other considerations at play.
The stakes can be high for both insurers and policyholders, and the perspectives on litigation from both the insurer and policyholder perspectives are seldom discussed together. Here, two insurance coverage litigation adversaries candidly discuss what factors and considerations should go into insurance coverage litigation.
Pre-Litigation – what goes on prior to filing suit;
Filing a Complaint – what drives the decision;
Motions to Dismiss – valuable to both sides;
Discovery – using it effectively;
Summary Judgement – a critical juncture;
Trial – best practices and perspectives.
At the risk of oversimplifying, here are some of the highlights on the competing policyholder / insurer perspectives on insurance coverage litigation:
1. Pre-Litigation – what goes on prior to filing suit
Correspond with policyholder;
Evaluate dispute, jurisdiction, timing of claim issues.
Full evaluation of the claim – law, facts;
Send well-drafted letters to insurers refuting denials;
Compliance with policy conditions, even if waived;
Develop strategy to maximize recovery.
2. Filing a Complaint – what drives the decision
Issue of first impression;
How clean are facts and law;
Duty to defend law;
Duty to indemnify law;
Coverage issues vs. valuation issues;
Key question – will filing suit maximize legal recovery. Look at:
a) Choice of law;
b) Law of jurisdiction
c) Risk of being sued first
d) Insurer reputation
e) Insurer conduct / bad faith
f) Reasons for denial (potentially legitimate vs. industry custom and practice;
g) Overall case strategy.
3. Motions to Dismiss – valuable to both sides
Case specific – be selective in filing;
Possible filings for:
a) Jurisdictional and standing issues;
b) Whether claimant is an insured;
c) Timing of injury (outside of period);
d) Undisputed law and facts;
e) Bad faith;
f) Statutory claims handling causes of action.
File if insurer filed suit in wrong jurisdiction;
Care taken so complaints cannot be dismissed.
4. Discovery – using it effectively
Build your defenses and themes from the discovery you produce and obtain, but don’t force a story;
Document Requests – think about types of documents you need; request further documents in depositions;
Interrogatories – Use strategically (identification of documents, witnesses, facts); untargeted interrogatories not helpful;
RFAs – look for discrete admissions; use for authentication;
Depositions – usually the most effective tool; prepare, prepare, prepare; remember that you are still discovering.
Focus Discovery on elements of proof at trial;
Offensive Discovery – use it to build the story of improper denial; don’t waste time taking 30(b)(6) depositions;
Defensive Discovery – this is where cases are lost; prepare witnesses properly, as insurance issues are too complex to understand without preparation; pay extra attention to those that know about insurance (risk managers and brokers);
Know the rules; be prepared;
Recognize that no document has ever spoken for itself;
Think about what documents you need authenticated, and what documents you don’t.
5. Summary Judgement – a critical juncture
Frame issues wisely;
Consider purpose: resolve dispute, avoid trial; knock out claims; obtain direction from court;
Evaluate facts and law;
Know undisputed facts necessary for motion;
Be true to record; don’t overreach.
Overall goal is to get to trial;
Consider proactive motions such as duty to defend motions;
Motions and responses need to be drafted so the Court comes to the conclusion that you are right;
Insurance jargon and insurance complexities are not your friend.
6. Trial – best practices and perspectives
“Your trial presentation wasn’t complicated enough,” said no one ever;
Keep it simple;
Know elements and evidence; consider burdens;
Prepare order of proof;
Remember the big picture;
Humanize witnesses; don’t be over-technical and don’t stretch;
Don’t overuse documents.
Trial preparation starts on day one, as everything that is done is for the purpose of trial;
Develop case theme based on discovery;
Simplify case to its essential elements and tell your story;
Be likable, interesting, and nice;
You are painting a picture. You decide what to put on the canvas. Opponent will try and mess up your beautiful painting. Don’t let this happen.
Although there is enough material on any one of these topics to fill an entire CLE course, this CLE is a good start for in house counsel faced with the task of managing either insurance coverage litigation or an insurance claim. Moreover, policyholders seldom get the insurance company counsel perspective, which is always valuable when assessing a claim. All that and more can be found in this course.
The most important information I got from presenting this course is:
Claim denials can be reversed, but sending a nasty letter will not do the trick.
Rather, well-crafted letters rebutting each and every error made in an insurer’s denial letter is the way to go. This requires mastery of the facts and law.
Prepare for trial from the moment you become aware of the claim.
Letters are drafted for the Court.
There are ample opportunities to make mistakes, and policyholder self-inflicted wounds are the most common way that insurance coverage cases are lost.
Develop your story, and refine that story through discovery.
Push for trial. If an insurer wants to settle, they know who to call.
When preparing for trial, think about painting a picture for the judge and jury. You decide what colors to use, and what to put into the record. Insurers will try and mess up your painting. Don’t let them.