Over the past few years, ransomware attacks have increased in frequency and demand size. And, increasingly, those attacks have targeted businesses and critical infrastructure organizations from across the globe. This trend is likely to continue. The Cybersecurity & Infrastructure Security Agency noted that cybersecurity authorities in the United States, Australia and the United Kingdom assess that “if the ransomware criminal business model continues to yield financial returns for ransomware actors, ransomware incidents will become more frequent. Every time a ransom is paid, it confirms the viability and financial attractiveness of the ransomware criminal business model.”
After hitting the shores of Louisiana with winds of up to 172mph in late August, Hurricane Ida’s remnants barreled up to the northeastern United States, leaving waves of destruction in its wake. The deluge of rain—more than half-a-foot fell in just a few hours—turned streets and subway platforms into rivers. The catastrophic flooding caused by the record-breaking rainfall killed several dozen people, left thousands without power, and damaged countless homes and businesses. All told, Ida is said to have caused more than $50 billion in damage. And scientists predict that, because of climate change, heavy rainfall-producing storms like Ida will only become more and more frequent.
If 2020 was the year of the pandemic, 2021 appears to be shaping up to be the year of “returning to normal.” So far, most coverage disputes related to COVID-19 have been reactions to direct losses caused by the virus and related measures (i.e., relating to business interruption or event cancellation). In the upcoming months and years, however, many businesses will have to make proactive decisions on how to return to work. It is important for businesses to understand how those decisions may impact a variety of potential insurance coverages, including possible D&O coverage, as this post will discuss. Additionally, now that insurance companies have a better understanding of the types of risks involved with COVID-19, coverage terms and exclusions in policies issued after the pandemic may become drastically different.
Almost four months have passed since the World Health Organization declared COVID‑19 a global pandemic on March 11, 2020. Continued social distancing and other precautionary measures have driven many organizations to expand work-from-home protocols for the foreseeable future or even permanently—in turn prompting many organizations to review their cyber insurance policies in addition to the rest of their insurance portfolios. While cyber risk policies are not widely standardized, there are several common traps that are found in many cyber risk policies, and early awareness of them can be the difference between a covered claim and a hard-fought coverage battle. While these traps are not specific to COVID-19 concerns, they may become increasingly important as organizational cyber exposures increase. Three of the more salient pitfalls are discussed in this post.
In January, we were among the first to post on the insurance implications of coronavirus. Since then, the epidemic has landed on our shores, dragged down the stock market, and become a political football. It has affected supply chains originating in China, with significant results for companies like Apple. And it threatens business continuity in the U.S. It is important to remember that the threat to the economic cycle does not originate from financial forces like a tightening of credit, but in nuts-and-bolts workings of the manufacturing and service economy, where both bottlenecks in supply and a pullback in demand threaten markets. Some of these losses are insurable. This post reviews recent coverage developments and notes practical coverage considerations that companies might overlook.
There has been a drumbeat of news reports about Wuhan, China, a city more populous than any in the United States, which is in effective lock-down because of the coronavirus. Foreign nationals are being evacuated, travel has been restricted, and business is at a standstill. At a time like this, preserving public health is the highest priority. But businesses, both local and global, are also affected by shut-down orders, disruptions to their supply chains, mass sick days, and loss of business. Many, especially providers of hospitality or health care, may face elevated liability risks for exposing others to a contagion. It is important to remember that insurance may be available to meet these risks.
Hub City Enterprises Inc. and Wall St. Enterprises of Orlando Inc. ran an event called “Rum Fest 2017” in Orlando, Fla. Sounds like fun, doesn’t it? But one of the partygoers, who apparently paid to attend the festival, was not amused. In the middle of the party, Robert Hunt saw an oversized beach ball barreling towards his head. When he reached out to deflect the projectile, he ended up suffering injuries to the ligaments in his arms. Mr. Hunt sued Hub City and Wall St. Enterprises, who tendered the claim to Princeton Excess and Surplus Lines Insurance Co., their liability carrier, for a defense. Princeton initially assumed defense of the claim, but it soon repaired to federal court seeking a declaration that it had no duty to defend the suit. In Princeton Excess & Surplus Lines Ins. Co. v. Hub City Enterprises, Inc., the Southern District of Florida ruled in favor of the insurer.
Imagine your organization has suffered significant property damage and interruption to your business as a result. The cause could be anything—a natural disaster, severe mechanical breakdown or a cyberattack. You notify your property insurance carrier and adjust the claim, submitting calculations of your losses based on the policy’s coverages and other terms. But in response, your carrier only agrees to pay a fraction of the losses, claiming that otherwise your organization would be better off than before the damage—“unjustly enriched”—and that insurance is not meant for gain, but only to put the insured in the position it would have been without the damage.
In two posts earlier this year—South Carolina May No Longer Hold Insurers’ Reservations and The Insurer’s Mixed-Coverage Burden—we told you about an important decision issued by the South Carolina Supreme Court in Harleysville Group Insurance v. Heritage Communities, Inc. Those posts were written shortly after the court issued its original opinion on January 11, 2017. But on July 26, 2017, the court issued a new opinion replacing the original. So what has changed? Not much … and that’s a good thing for policyholders.
The Flint, Mich., water crisis returned to the news recently as criminal charges were brought against additional government employees resulting from the crisis. Meanwhile, a federal court in Pennsylvania recently issued a ruling in an insurance case that, like Flint, related to alleged contamination in drinking water stemming from corroded pipes. The decision rejects two insurers’ attempts to avoid coverage and serves as a good reminder of some fundamental insurance law principles—the duty to defend is broad, ambiguous policy language usually is construed against the insurer, and policies should be interpreted in favor of their purpose to provide coverage. It is also a reminder that the pollution exclusion is not nearly as all-encompassing as insurers like to think it is.