Hunton Insurance Recovery Blog

While COVID-19 occupies most of the world’s attention, cyber-criminals continue to hone their trade. Consequently, with attention diverted and business-as-usual changing daily, the recent rise in cyber-related attacks comes as no surprise. Analysts have found that companies with an increased number of employees working remotely as a result of the coronavirus pandemic have witnessed a spike in malicious cyber-attacks. For example, the United States Health and Human Services Department experienced two separate cyber-attacks since the onset of COVID-19, with the attacks aimed at sowing panic and overloading the HHS servers.[1] These attacks, however, are not limited to the United States, as they have been reported across the globe. For instance, hackers launched a cyber-attack on a hospital in the Czech Republic, stalling dozens of coronavirus test results, only days after the government declared a national emergency.[2]

Social engineering attacks, particularly fraudulent transfers, are becoming one of the most utilized cyber scams.  As a result, there has been a flurry of litigation, and a patchwork of decisions, concerning coverage disputes over social engineering losses.  Most recently, the United States District Court for the Eastern District of Virginia found in Midlothian Enterprises, Inc. v. Owners Insurance Company, that a so-called “voluntary parting” exclusion provision in a crime policy should exclude coverage for a fraudulent transfer social engineering scheme.  The decision illustrates why policyholders must vigilantly analyze their insurance policies to ensure that their coverages keep pace with what has proven to be a rapidly evolving risk landscape.

Phishing has been around for decades.  But now, the long-lost ancestor claiming to be a foreign prince is stealing more than your grandmother’s savings.  Phishers are targeting corporations—small and big, private and public—stealing sensitive data and money.  When Policyholders take the bait, they had better have a tailored insurance policy to keep their insurers on the hook as well.

On November 4, Michael Levine and Matthew McLellan provided commentary for Westlaw about the Fifth Circuit’s recent decision in Apache Corp. v. Great American Insurance Co., No. 15-20499, 2016 WL 6090901 (5^th Cir. Oct. 18, 2016), on which Michael Levine had previously written a blog post. In the Westlaw Journal: Computer and Internet, Mike and Matt discussed a frustrating gap in coverage for “computer fraud” that may be found in some crime policies. They encourage policyholders to review their legacy and cyber policies to ensure that complex cyber risks are actually covered ...

In a seemingly illogical decision, the Fifth Circuit Court of Appeals ruled in Apache Corp. v. Great American Ins. Co., No 15-20499 (5th Cir. Oct. 18, 2016), that loss resulting from a fraudulent e-mail did not trigger coverage under a crime policy's "computer fraud" coverage because the loss was not the "direct result" of computer use.