Hunton Insurance Recovery Blog

In today’s digital world, data breaches due to vendor failures are becoming increasingly common, often resulting in costly fallout. While insurance can provide a safety net, the interaction between cyber insurance and vendor contracts is crucial for effective recovery and risk management. Vendor contracts should not be treated as mere formalities but as vital frameworks that contain specific, detailed provisions regarding data security obligations to ensure accountability and minimize vulnerabilities.

In a recent opinion, the Northern District Court of Illinois reaffirmed the bedrock principle that an insurer’s duty to defend is broad and triggered by any allegations in a complaint that potentially fall within a policy’s coverage grant.  In Harleysville Pref. Ins. Co. v. Dude Products Inc., et. al., Case No. 21-c-5249 (N.D. Ill. Dec. 21, 2022), the insured, Dude Products, Inc., sought coverage from its insurer, Harleysville Preferred Insurance Company, against a class action lawsuit that alleged Dude Products intentionally and falsely marketed its wipes as “flushable” even though the product allegedly did not break apart and caused “clogs and other sewage damage.” 

On November 23, 2022, a federal court in Minnesota highlighted the importance of strategically approaching product liability claims, both in terms of their underlying defense and their insurability. In Federal Insurance Company v. 3M Company, No. 21-2093 (JRT/DTS), 2022 WL 17176889 (D. Minn. Nov. 23, 2022), the court rejected the insurer’s attempt to treat each underlying lawsuit as a separate occurrence, thereby maximizing per-occurrence deductibles, and instead found that the manufacture of the allegedly defective medical devices was the sole occurrence responsible for each of the lawsuits. 3M, therefore, was only required to pay a single deductible.