Hunton Insurance Recovery Blog

This week, SEC Chairman Jay Clayton issued a statement on Initial Coin Offerings (ICO) addressing the legality, fairness, and risks associated with those offerings. Although the agency’s bulletin was one of many recent public statements by federal agencies on ICOs and cryptocurrencies generally, this new warning highlights additional issues and concerns with the ICO phenomenon that are particularly relevant to insurance coverage.

In what has been described as a “watershed” cyber incident, hackers recently used sophisticated malware—dubbed Triton—to take control of a key safety device installed at a power plant in Saudi Arabia. One of the few confirmed hacking tools designed to manipulate industrial control systems, this new breach is part of a growing trend in hacking attempts on utilities, production facilities, and other critical infrastructure in the oil and gas industry. The Triton malware attack targeted the Triconex industrial safety technology made by Schneider Electric SE. The attack underscores the importance of mitigating this and other similar risks through cyber and other traditional liability insurance as part of a comprehensive cybersecurity program.

Earlier this month, the California Supreme Court agreed to review Montrose Chemical Corporation’s appeal from a September appellate court ruling that rejected Montrose’s preferred “vertical exhaustion” method of exhausting excess-layer policies in favor of a policy-by-policy review to determine which policies are triggered. The California high court’s grant of Montrose’s petition for review is potentially significant in clarifying the appropriate excess policy exhaustion trigger under California law, not to mention in addressing a significant insurer defense in Montrose’s longstanding coverage dispute over environmental insurance coverage, which has been winding its way through California courts for more than 25 years.

The Fifth Circuit recently upheld the dismissal on summary judgment of a policyholder’s claim under a commercial crime insurance policy, affirming the trial court’s narrow interpretation of the terms “owned” and “loss,” concluding that the policyholder did not “own” the funds at issue or suffer a “loss” when it loaned those funds to the fraudsters. In so holding, the court ignored state court precedent concerning construction of those same terms.

In Cooper Industries, Ltd. v. National Union Fire Insurance Co. of Pittsburgh, Pa., No. 16-20539 (5th Cir. Nov. 20, 2017), Cooper invested its pension-plan assets into what proved to be a multimillion-dollar Ponzi scheme. Over the course of many years, Cooper invested more than $175 million into various equity and bond investments managed by fraudsters who used the investment funds in furtherance of the Ponzi scheme. After discovering the fraud, Cooper recouped a large portion of its investment and sought coverage from its commercial crime insurer for the unrecovered $35 million. The policy limited coverage to “loss” of property that Cooper “owned.” Neither term was defined in the policy.

Last week, Golden Bear Insurance Company became the first admitted insurer approved by the California Department of Insurance to provide insurance coverage for marijuana companies. Golden Bear will now begin offering first- and third-party insurance coverage specifically targeting marijuana companies in the state.

Earlier this week, Canada’s transport minister announced that a drone had collided with a commercial aircraft, the first confirmed collision of its kind in North America. Thankfully, the aircraft sustained only minor damage and was able to land safely. But this recent incident, which many commentators believed was inevitable given the proliferation of consumer and commercial drones, highlights the potential risks associated with drone operations.

Corporate policyholders should carefully consider insurance coverage implications when structuring mergers, acquisitions, or other transactions that may impact available insurance assets. A New Jersey federal court recently granted summary judgment for a surviving bank asserting coverage rights under a D&O policy issued to an entity that dissolved in a statutory merger, based in part on the wording of the parties' merger agreement structuring the transaction in accordance with the New Jersey Business Corporation Act ("NJBCA").

Corporate policyholders should carefully consider insurance coverage implications when structuring mergers, acquisitions, or other transactions that may impact available insurance assets. A New Jersey federal court recently granted summary judgment for a surviving bank asserting coverage rights under a D&O policy issued to an entity that dissolved in a statutory merger, based in part on the wording of the parties' merger agreement structuring the transaction in accordance with the New Jersey Business Corporation Act ("NJBCA").

Does the term "wrongful act" always require that the conduct at issue be "wrongful"? In at least one D&O insurance policy, the answer may not be as clear as it seems. A federal district court in Texas recently denied an insurer's motion to dismiss a company's coverage claim for nearly $5 million in costs the company incurred defending a statutory appraisal lawsuit filed by disgruntled shareholders, citing the D&O policy's "terribly" written definition of "wrongful act," which may have been written so broadly that it provides coverage for "acts" that are not actually "wrongful."

Does the term "wrongful act" always require that the conduct at issue be "wrongful"? In at least one D&O insurance policy, the answer may not be as clear as it seems. A federal district court in Texas recently denied an insurer's motion to dismiss a company's coverage claim for nearly $5 million in costs the company incurred defending a statutory appraisal lawsuit filed by disgruntled shareholders, citing the D&O policy's "terribly" written definition of "wrongful act," which may have been written so broadly that it provides coverage for "acts" that are not actually "wrongful."

Consulting firm Ernst & Young recently announced that it is collaborating with Microsoft, data security firm Guardtime, and shipping and logistics conglomerate Maersk to create a marine insurance platform based on blockchain technology. The companies anticipate that their blockchain-based product—to be implemented globally beginning in early 2018—will connect clients, brokers, insurers, and third parties to "distributed common ledgers that capture data about identities, risk and exposures" and integrate this information with insurance contracts. The platform's capabilities include: "the ability to create and maintain asset data from multiple parties; to link data to policy contracts; to receive and act upon information that results in a pricing or a business process change; to connect client assets, transactions and payments; and to capture and validate up-to-date first notification or loss data."

Earlier this month, the Washington Supreme Court reaffirmed coverage for injuries for carbon monoxide, holding that an insurer acted in bad faith when it improperly relied on an absolute pollution exclusion to deny coverage for a lawsuit involving alleged release of carbon monoxide gas inside a home.

A Colorado district court held last week that a general liability insurer must defend a product disparagement claim despite a broadly-worded intellectual property exclusion in the policy. The court reached its ruling even though the alleged disparagement involved representations about patent infringement. In so holding, the court rejected the insurer’s attempt to deny coverage where the “crux of the dispute” fell within the policy’s personal injury coverage part and the insurer had failed to show that the underlying allegations “unequivocally” fell within the ambiguously worded exclusion.

Highlighting the continued problems faced by policyholders in obtaining coverage for "computer fraud," a Michigan district court recently held that a manufacturer could not recover $800,000 in funds lost after an employee mistakenly wired payment for legitimate vendor invoices into a fraudster's bank account after receiving a spoofed e-mail requesting payment. In American Tooling Center, Inc. v. Travelers Casualty and Surety Company of America, No. 16-12108 (E.D. Mich. Aug. 1, 2017), the district court applied state law favoring a narrow interpretation of the crime policy's computer fraud provision to hold that the policyholder had not suffered a "direct" loss that was "directly caused" by the use of any computer.

Last month's post summarized key findings from the recent emerging risk report issued by Lloyd's of London and risk-modeling firm Cyence, highlighting several key findings about cyber risks and the cyber insurance market more generally. In this post, we provide a closer look at some of the more significant cyber coverage issues discussed in the report, a full copy of which can be found here.

Earlier this week, HBO announced that it had suffered a "cyber-incident" involving the compromise of "proprietary information" that reportedly includes forthcoming episodes and scripts from popular HBO shows such as Game of Thrones. The HBO breach is the most recent in a growing list of cybersecurity issues faced by Hollywood studios this year. In an e-mail to HBO employees, CEO Richard Plepler called the cyber attack "disruptive, unsettling and disturbing."

A Georgia district court recently denied an insurer's attempt to recoup defense costs, holding that even where the court previously determined that coverage was barred under the policy's pollution exclusion, the insurer could not "rewrite the record" or clarify its "defective" reservation of rights letters to show that it fairly informed the policyholder of its coverage position, which is a prerequisite to recoupment of defense costs.

As discussed in prior posts, recent cyber events, such as the “Wanna Cry” ransomware attack, serve as important reminders to policyholders that cyber insurance should remain a priority for any business facing potential exposure from a cyber event. A recent report further underscores the potential impact of a major global cyber event, estimating that the resulting loss could exceed $53 billion worldwide, on par with the damage caused by catastrophic natural disasters such as hurricanes.

Earlier this week, Lloyd’s of London issued an emerging risk report, co-authored with risk-modeling firm Cyence, that examines several plausible cyber-risk scenarios to help insurers and policyholders understand cyber liability and risk exposures in an area that the report concludes is relatively underdeveloped compared with other classes of insurance.