Hunton Insurance Recovery Blog

Last week, we published a client alert discussing the importance of cyber and directors and officers liability insurance for companies and their executives to guard against cyber-related exposures.  In today’s ever-changing threat landscape, all organizations are at risk of damaging cyber incidents, and resulting investigations and lawsuits, underscoring the importance of utilizing all tools in a company’s risk mitigation toolkit, including insurance, to address these exposures. 

Hardly a day passes without hearing about another major cyber incident. Recent studies show that cybersecurity incidents are becoming more common, but they are also costly, with some reports estimating an average cost of $9.44 million for breaches in the US. In recognition of this mounting problem, government agencies continue to ramp up enforcement and issue new rules, regulations and other guidance aimed at curbing cyber risks. Last week, the SEC adopted final rules requiring registered entities to periodically disclose material cybersecurity incidents and annually disclose their cybersecurity risk management, strategy and governance plans. In announcing the new rules, the SEC specifically noted that “an ever-increasing share of economic activity is dependent on electronic systems.” According to SEC Chair Gary Gensler, “Whether a company loses a factory in a fire—or millions of files in a cybersecurity incident—it may be material to investors.” 

2022 has kicked off with several new whistleblower awards, as the SEC announced earlier this week that it had awarded more than $4 million to whistleblowers who provided information and assistance in two government actions—one for misconduct occurring overseas and a second where the whistleblower’s assistance directly led to the success of the covered action.

Real estate investment trust VERIET, Inc. (formerly known as American Realty Capital Properties) announced this week that it agreed to a $765.5 million settlement to resolve shareholder class action and related lawsuits arising from a host of alleged securities violations and accounting fraud at ARCP since the company went public in 2011. Defendants in the class action settlement have agreed to pay more than $1 billion in compensation, including millions from ARCP’s former manager and principals, chief financial officer, and former auditor.

Hunton & Williams insurance partner, Syed Ahmad, was quoted twice in Law360 concerning significant insurance cases to watch in 2018.  On January 1, 2018, Ahmad noted that Pitzer College v. Indian Harbor Insurance Co., pending in the California Supreme Court, “can be significant for coverage disputes in California because the California rule could override the law of the state that would apply otherwise, even if the parties agreed to another state’s law governing,"  On January 9, 2018,  Ahmad was again asked by Law360 to comment on key D&O cases that will likely be decided in 2018.  Ahmad noted that in Patriarch Partners LLC v. Axis Insurance Co., pending in the Second Circuit Court of Appeals, Patriarch's appeal presents an unusual situation in which a policyholder is arguing that various developments in an ongoing SEC investigation don't constitute a claim under a D&O policy, in order to avoid the application of an exclusion.  In other circumstances, it may be favorable for a policyholder to assert that a preliminary step in an SEC probe is a claim, so as to maximize coverage.   According to Ahmad, the district court didn't fully address how, in the context of the specific policy language at issue, a non-public order by the SEC could qualify as a claim.   "As Patriarch argues, 'until an agency makes a demand upon the target under legal compulsion, there may be no way for a policyholder to even know that it is being investigated, that an order authorizing investigation has been issued against it or what the order of investigation says,'" Ahmad said, quoting from Patriarch's appellate brief.

The frequency and magnitude of Foreign Corrupt Practices Act of 1977 (FCPA) (15 U.S.C. § 78dd-1, et seq.) investigations and claims continue to grow. Last month, the U.S. Securities and Exchange Commission announced that Halliburton Co. had agreed to pay $29.2 million in fines and penalties to settle allegations that its operations in Angola and Iraq violated the FCPA's books and records and internal accounting controls provisions. In its press release, Halliburton vowed that it had "continuously enhanced its global ethics and compliance program" since first receiving an anonymous tip in December 2010, but the recent settlement serves as a reminder that even the most robust compliance program cannot guarantee that FCPA violations will not occur.

Bear Stearns' insurers were recently dealt a fatal blow, when the trial court granted Bear Stearns' motion for summary judgment and denied all insurers' motions (and defenses). See J.P. Morgan Sec. Inc. v. Vigilant Ins. Co., 2017 N.Y. Slip Op. 27127, 11 (N.Y. Sup. Ct. 2017). The court found that the documentary and testamentary evidence presented by Bear Sterns overwhelmingly demonstrated that Bear Stearns' misconduct profited their customers instead of resulting in Bear Stearns' own "ill-gotten gains." The court also found the settlement amounts reached by Bear Stearns in the SEC action and the private civil suits to be reasonable.