Remember the “good” ol’ days when the run-of-the-mill theft involved someone physically taking something tangible? That is so 20th century. Now, thieves and fraudsters are able to use computers and the internet to carry out much more complex schemes. The insurance industry has attempted to keep up with the technological evolution in the coverage it provides, but insurers have also used unclear policy language and the complexity and individualized nature of today’s fraudulent schemes to avoid covering the resulting losses. A slew of courts over the past few years have decided whether crime policies—particularly those with a computer fraud coverage component—cover complex, technology-related fraudulent schemes. The Eleventh Circuit recently joined the fray and ruled that computer fraud coverage did not apply to a policyholder’s $11 million loss.
Third-party intervention may now prove unnecessary when interpreting and enforcing contract provisions—at least this is what proponents of smart contracts believe. The overall goal, they argue, is to provide security unattainable through traditional contract law, and to reduce additional transaction costs that come with the traditional process. Will insurance policies become the laboratory to test their thesis?
First imagined by computer scientist Nick Szabo in 1996, smart contracts are computer protocols meant to facilitate a contract’s implementation and performance. They can carry out only the specific instructions given to them, and all transactions are traceable and irreversible. Regarding functionality, experts have likened smart contracts to a vending machine; contract terms are first coded and placed within the block of a blockchain (the same technology Bitcoin uses). Once the triggering event occurs, the contract is performed consistent with all designated terms. Continuing the analogy, the individual inserting money in the vending machine sets off a chain of events, unable to be undone or halted midway. (Granted, this last part isn’t like the traditional vending machines we know.) The machine keeps the money and dispenses the item. The contract has been fully performed.
Cyber insurance continues to be one of the hottest topics in the insurance industry. In the last several years it has evolved from a little-known specialty product to a standard purchase for some corporate risk departments. By now, most companies generally are aware that cyber attacks present substantial risks. Many unfortunately have first-hand experience as victims of an attack. But many companies still do not necessarily view cyber insurance as a “must-have” type of insurance, like general liability or property insurance. Some companies may believe their potential cyber exposure is minimal or simply think that cyber coverage is cost prohibitive. A recent D.C. Circuit decision is a sobering reminder that cyber insurance should at least be considered in connection with a company’s risk management plan, and is probably a “must-have” for companies that maintain records containing a substantial amount of personal information.
While our brains may feel like they are fused with the computers, smart phones, and other devices we use on a constant basis, a direct connection between these machines and our brains is still (mostly) a thing of the future. So, even as companies continue to strengthen and refine their network security systems against cybercrime, the human brain can remain a weak link for criminals to exploit. Unfortunately for some policyholders, this time-honored tactic of targeting the human element involved with a technology may actually fall right into a gap in companies’ insurance coverage, as highlighted in the Fifth Circuit’s decision this month in Apache Corporation v. Great American Insurance Company.
The era of the self-driving car has arrived, with the shiny promise of fewer auto collisions—and the inevitable potholes of a transformative technology. Despite the significant concerns raised by a recent accident involving a driver’s reliance on a partially autonomous automatic braking and steering system on the Tesla Model S—one of 70,000 such vehicles now on the roads—the auto industry is roaring ahead with autonomous vehicles (AVs). Google is testing its driverless cars extensively on U.S. roads; General Motors has teamed up with car-sharing company Lyft to develop a driverless taxi service; and most major automakers will be releasing fully or partially autonomous vehicles in the next five years.
As more and more companies ranging across a wide spectrum of industries have been exposed to network and data security breaches, the market for insurance products to cover cyber risks has grown just as fast. With policies sold under names like “cyberinsurance,” “privacy breach insurance,” “media liability insurance” and “network security insurance,” the market is chaotic. Premiums and terms vary dramatically from one insurer to the next. And because cyber policies are far from uniform, it’s crucial to understand not only what you’re being offered, but also how to negotiate coverage for the risks inherent in your business. This post contains five of my top ten recommendations. (The remaining five tips are in Part 2.) Continue reading →