Insurance — Do You Know What’s in Your Bank’s Policies?

There are many different types of insurance — directors and officers (D&O), employment practices liability (EPLI), and general liability, to name a few. Unfortunately, many clients do not know what is in their policy or policies, including what is covered, their deductibles or retention, or, in some unfortunate cases, that they have no policy at all.

This article attempts to help you answer some simple questions about what to look for when you are buying a policy and what to look for in a current policy when you need to use it. It is not an attempt to promote any particular policy, as each policy has to be read in light of the specific facts at issue.

Buying the cheapest — you may get what you pay for.

In too many cases, we find that clients have simply purchased the cheapest policy they can find. The reasons for this vary. Maybe the client asked for the cheapest policy, maybe the agent simply got the client the cheapest policy, or maybe there was no real conversation at all between the insured (client) and the agent except to “get some insurance.”

This is never an issue — until it is. By way of example, let’s say a lawsuit is filed against you that should kick in your D&O or EPLI policy. You then turn the lawsuit over to your agent for defense and coverage. And then, one of several increasingly common scenarios occurs. You discover that your deductible or retention is very high, e.g., the first $100,000 is on you. Or you discover that many employment cases could be resolved or dismissed for less than that, and that for a little more on the front end, you could have had a lower deductible. Or you discover that what you purchased does not cover alleged fiduciary breaches by your directors and officers, and you could have purchased that coverage if you had asked.

You also might discover that you could have purchased, for a small additional amount, wage and hour coverage that would have covered the overtime lawsuit you were just served, but no one ever specifically talked with the agent about that. You also might discover that the attorney you have worked with for years will not be able to handle the case because there is no “choice of counsel” in the policy. In many cases, spending 30 minutes with your agent (and probably an attorney who has experience working with you) could have resolved these issues — that now are out of your control.

The point is, spending the necessary time with your agent (and attorney) is something that should be done before any policy is purchased or renewed. This allows you to express what you want and consider the options available. It also allows you to avoid issues such as not being able to use the attorney of your choice.

Do you have a claims-made or an occurrence policy?

While each policy and case must be examined individually, generally, an occurrence policy covers claims arising from acts or incidents that occurred during the policy period. This means that if the incident occurred during the policy period and the policy was in effect and in good standing, the claim will be covered, even if you get sued over that incident after the policy has expired.

Claims-made policies are entirely different animals. Claims-made policies generally cover only claims made during the policy period. The claim must also be reported to the insurer as required by the policy.

Generally, claims-made policies are cheaper, as they usually provide coverage for a shorter period of time. Again, however, be aware of “going cheap.” Claims-made policies that are not renewed or are canceled — and for which tail coverage is not purchased — can create exposure for an incident that occurred during the policy period. This can happen, for example, if you simply let the policy lapse and a year or so later someone files a suit against you that would have been a “claim” under your claims-made policy but it was not reported when the policy was effective. It can also occur if you change insurers.

The above is a very general description, and any discussion about the type of policy you should buy or what to do when you renew is beyond the scope of this article, but you should absolutely consult with your agent (and likely your attorney) about any specific needs or concerns you know of prior to purchasing or renewing any policy.

Do you have coverage and defense, or just defense?

Be aware that some policies provide for attorney’s fees and costs to defend claims made against you as well as coverage for any settlement or judgment against you. Some policies, however, only provide for attorney’s fees and costs. Again, this goes to what type of policy you want, what you can afford, and knowing the risks of what you have versus what you do not have.

I have had the unfortunate situation where a client thought they had a policy providing coverage and defense, but the policy provided only defense. The matter involved multiple plaintiffs and conflicting witness testimony that made dismissal of the case prior to any trial impossible. While the resolution of the case was not substantially out of line for the average federal court employment case, the money came directly from the client’s pocket because the policy only provided for defense costs, not coverage for any settlement or verdict. When questions arose about why that type of policy was provided by the agent, it was clear the client had only told the agent to “get some insurance” and made no specific requests.

To sum up, it is unfortunately common that when purchasing insurance of any kind, insureds do not actively engage their agent (or ask for any advice from their attorney) about what types of policies and coverage they may need. This creates many issues (deductible, choice of counsel, lack of coverage, etc.) that likely could have been avoided. There is no guarantee that any issue could be avoided, as no one knows what type of claim or claims might be made in the future, but spending the necessary time on the front end could save many headaches on the back end if your agent gets as much specificity as possible from you.

Renewed Shutdowns/Restrictions Present Interesting Issues Regarding COVID-19 Business Interruption Claims

In recent weeks we have published multiple pieces on issues related to the calculation of damages under business interruption policies for losses associated with COVID-19 shutdowns/restrictions.  Unlike more conventional business interruption claims, such as losses associated with a hurricane, COVID-19 claims are likely to be more complicated regarding the end date for loss calculations, especially in instances where the policyholder was permitted to resume operations in a limited capacity, such as restaurants that initially were ordered closed but then were allowed to transition to a take-out/delivery model, outdoor seating only, or to operate at restricted capacities.

As many jurisdictions now face a resurgence in COVID-19 cases, another complicating issue is likely to arise.  In these jurisdictions that previously imposed restrictions on operations but lifted such restrictions, many policyholders have already submitted COVID-19-related business interruption claims to their insurance carriers.  Having thought that they had weathered the storm and were on the path to recovery, they now face the potential of new shutdowns/restrictions.

If renewed shutdowns/restrictions are imposed, a question is likely to arise as to whether these policyholders have one claim applicable to both sets of shutdowns/restrictions or two separate claims.  Does the policyholder need to provide additional notice related to the second set of shutdowns/restrictions?  Is it more beneficial for the policyholder to have one or multiple coverage triggering events (i.e., occurrences)?  What is the impact on available limits or deductibles/retentions?

These are just a few of the insurance issues potentially presented by the prospect of renewed shutdowns/restrictions.  Policyholders should review the terms of their policies carefully to understand their rights and their best path forward.


© 2020 Gilbert LLP

For more on business interruption, see the National Law Review Insurance, Reinsurance & Surety law section.

Reasons for Communicating Clearly With Your Insurer Regarding the Scope of Coverage Before Purchasing Cyber Insurance

Purchasing cyber insurance is notoriously complex—standard form policies do not currently exist, many key terms setting the scope of coverage have not been analyzed by courts, and cyber risks are complicated and constantly evolving.  Given these complexities, prospective policyholders should consider, before purchasing a cyber policy, communicating their expectations for coverage in clear and specific terms to their insurer.  Such communications, which can be conducted through an insurance broker, can help a policyholder obtain policy terms that accurately reflect their desired coverage.  Additionally, these communications create a written record of the contracting parties’ understanding, which may prove useful should the insurer later contend that coverage is not available consistent with these discussions and the policyholder’s expectations.

Singling out a key policy provision and examining the coverage issues that provision can present helps illustrate the potential value of such communication.  Currently, the high-profile Mondelez International, Inc. v. Zurich American Insurance Co. litigation provides an excellent opportunity to examine the coverage issues that can arise from one such provision:  the so-called “war exclusion.”  This exclusion, a variant of which is included in almost every insurance policy by insurers seeking to limit their exposure to potentially catastrophic losses that might result from war, may sound straightforward but can be difficult to apply, as the line between war and other conflicts is often fuzzy and fact-specific.  Compare In re Sept. 11 Litig., 931 F. Supp. 2d 496, 508 (S.D.N.Y. 2013), aff’d, 751 F.3d 86 (2d Cir. 2014) (concluding that the September 11, 2001 attack by Al Qaeda was an “act of war”), with Pan Am. World Airways, Inc. v. Aetna Cas. & Sur. Co., 505 F.2d 989, 1015 (2d Cir. 1974) (holding that the hijacking of an airplane by the Popular Front for the Liberation of Palestine was not the result of “war”).  This is especially true in the cyber context, where understanding the precise nature and purpose of a cyber attack is often difficult.  While the Mondelez case does not involve a dedicated cyber insurance policy—it concerns a property insurance policy that includes coverage for “physical loss or damage to electronic data, programs, or software, including physical loss or damage caused by the malicious introduction of a machine code or instruction”—it is still instructive because the insured seeks coverage for a cyber attack and the insurer disputes coverage based on the war exclusion, which almost all cyber insurance policies contain in some fashion.

The dispute in Mondelez arose when the policyholder suffered over one hundred million dollars in losses due to network disruptions caused by the NotPetya ransomware attack and sought coverage under their property insurance policy for “physical loss or damage to electronic data, programs, or software . . . .”  See Complaint, Mondelez International, Inc. v. Zurich American Insurance Co., No. 2018L011008, 2018 WL 4941760 (Ill. Cir. Ct., Oct. 10, 2018).  In response, the insurer denied coverage based on the war exclusion that precluded coverage for “loss or damage directly or indirectly caused by or resulting from . . . hostile or warlike action in time of peace or war, including action in hindering, combatting or defending against an actual, impending or expected attack by any:  (i) government or sovereign power (de jure or de facto); (ii) military, naval, or air force; or (iii) agent or authority of any party specified in i or ii above.”  In short, the policyholder believed it bought broad coverage for ransomware attacks, but now must litigate whether the NotPetya attack was a “warlike action” by a government “agent,” under circumstances where numerous sources link the cyber attack to Russia and its armed forces (though Russia denies any involvement).  While the Mondelez case is still in the early stages, and details of any communications among the parties regarding the wording and meaning of the war exclusion are not publicly known, the mere existence of this litigation highlights the challenges that can face a policyholder who learns only after a substantial loss that their insurer reads a key policy provision to preclude coverage that the policyholder expected to be available.

As noted above, communication prior to policy placement can be a valuable tool to secure clear wording for key policy provisions and potentially avoid this kind of situation.  While this may seem obvious, such communication is often overlooked by policyholders more focused on other policy details like limits and premiums.  A close review of the war exclusion helps illustrate the potential benefits of these communications.  While the precise phrasing of the war exclusion at issue in Mondelez is more typical of property policies than cyber policies, war exclusions in many cyber policies arguably apply to conduct not only by state actors but also by quasi-state actors or groups with political motives.  For this reason, policyholders may want to seek language specifying that the exclusion only applies to acts by a military force or a sovereign nation, as many cyber attacks are attributed to quasi-state actors or non-state groups with political ends, or are the subject of debated attribution.  Similarly, some war exclusions apply not only to specified conflicts such as war, invasion, and mutiny, but also to more amorphous conduct like “warlike actions”—policyholders seeking greater certainty may wish to avoid such language.  Further, as with any exclusion, avoiding overbroad introductory language (like that excluding any loss “in any way related to or arising out of” war) is generally in a policyholder’s interest.  And even if a war exclusion is broadly worded, some insurers will include a carve-back creating an exception for losses due to attacks on computer systems or breaches of network security, thus preserving cyber coverage even when the war exclusion might otherwise apply.  Given the impact that small changes in wording can have on the scope of coverage, communicating clearly—with respect to the war exclusion or any other key policy provision—can play a crucial role in assuring that a policyholder secures wording that provides the coverage they desire.  Of course, an insurer may respond to a policyholder by refusing to revise a policy term or insisting that a desired coverage is unavailable, in which case the policyholder has the benefit of understanding a policy’s purported scope prior to purchase and the opportunity to investigate coverage from other insurers.

In addition, communication allows a policyholder to make a record of their expectations as to the scope of coverage, which may prove useful if an insurer later refuses to provide coverage consistent with the expectations that the policyholder conveyed.  Many courts interpreting disputed policy language put substantial weight on an insured’s reasonable expectations and often rely on communications between policyholders and insurers to support a policyholder’s reading.  See, e.g., Monsanto Co. v. Int’l Ins. Co. (EIL), 652 A.2d 36, 39 (Del. 1994); Celley v. Mut. Benefit Health & Acc. Ass’n, 324 A.2d 430, 435 (Pa. Super. 1974); Ponder v. State Farm Mut. Auto. Ins. Co., 12 P.3d 960, 962 (N.M. 2000); Michigan Mutual Liability Co. v. Hoover Bros., Inc., 237 N.E.2d 754, 756 (Ill. App. 1968).  As the recently-issued Restatement of The Law of Liability Insurance observes, where “extrinsic evidence shows that a reasonable person in the policyholder’s position would give the term a different meaning” than the one advanced by the insurer, the policyholder’s proposed meaning will often control.  Another recent case addressing a war exclusion (completely outside the cyber context) demonstrates the role such communications may play in interpreting disputed policy provisions, as the court’s analysis of the exclusion included a review of the communications during the underwriting process between the insured, the broker, and the insurer and an examination of what those communications indicated about the parties’ intent for the exclusion’s application.  Universal Cable Prods., LLC v. Atl. Specialty Ins. Co., 929 F.3d 1143 (9th Cir. 2019).  While contested coverage provisions should generally be read in an insured’s favor so long as that reading is reasonable—even in the absence of favorable underwriting communications—the cases above underscore the potential value in establishing during the underwriting process a record of the insured’s expectations as to the scope of coverage (especially in an area such as cyber insurance, where guidance like prior court decisions is limited).

For these reasons, policyholders should consider clearly communicating their intentions to their insurer when purchasing cyber insurance—this may include communicating not just questions about the scope of coverage and requests for modifications to the policy, but also the concerns animating those questions and the goals behind those requested modifications.  When having such communications with cyber insurers, policyholders will generally want to work closely with an insurance broker knowledgeable about cyber insurance, and may also want to consult experienced coverage counsel.  Clear communication during the underwriting process can play an important role in helping policyholders obtain cyber coverage that will meet their expectations should they one day confront a cyber event.


© 2020 Gilbert LLP

Legislation Enabling Policyholders to Obtain Insurance Coverage for Coronavirus Claims is Constitutional Part 1

On top of its human toll, the coronavirus pandemic has had massive economic effects.  Stay-at-home orders, which remain in place in much of the United States, have resulted in massive layoffs, spiraling claims for unemployment compensation, and unprecedented federal aid.

Many businesses affected by the pandemic have turned to their insurers seeking “business interruption” coverage.  As its name suggests, this coverage typically reimburses the policyholder for costs incurred when the business is unable to open.  Insurers have denied policyholders’ pandemic-related claims, contending that they only have to cover business interruption that results from a “physical injury” and that the damage that results from infestation with the coronavirus or a governmental shutdown order does not constitute “physical injury.”  Insurers have also cited the exclusions in many of their policies that purport to bar coverage for virus-related injuries.

Legislative Responses to the Crisis

One response to the insurance industry’s position has been introduction of legislation voiding virus exclusions and/or defining physical injury to include coronavirus.  New Jersey, Massachusetts, Ohio, New York, Pennsylvania, and South Carolina are all considering such legislation.  The proposed bills generally provide that, notwithstanding any other law or policy language to the contrary, every insurance policy that insures against loss or damage to property which includes the loss of use and occupancy and business interruption shall be construed to include coverage for business interruption resulting from COVID-19.  The bills typically provide mechanisms for insurers to seek reimbursement from a state established and managed fund for losses paid related to COVID-19.

Insurance Industry Responses to the Proposed Legislation

Predictably, the insurance industry has objected to this legislation.  For example, in a recent interview, Evan Greenberg, CEO of Chubb, said in an interview on CNBC state governments can’t force insurance companies to cover incidents not included in the policy.  “You can’t just retroactively change a contract. That is plainly unconstitutional,” Greenberg told “Mad Money” host Jim Cramer.  See https://www.cnbc.com/2020/04/16/chubb-ceo-making-insurers-cover-pandemic-losses-is-unconstitutional.html.

Law firms that defend insurers have similarly argued that “This proposed legislation …., is unfair and is likely unconstitutional, as it appears to run afoul of the Contracts Clause of the Constitution.”   That Clause prohibits States from “pass[ing] any . . .  Law impairing the Obligation of Contracts . . . .”  U. S. Const., Art. I, Sec. 10.  The insurer lawyers contend that “the proposed legislation would substantially impair insurance policies, as [it] would operate to rewrite policies to cause them to cover a risk they do not currently cover.…”   While acknowledging that the Supreme Court has upheld state laws that impair contracts, so long as they are reasonably tailored to fulfill a legitimate interest, insurer counsel contend that such laws are still unconstitutional.  Counsel claim that the proposed laws do not fulfill a legitimate interest because they “arguably benefit[] only a narrow class of businesses; the public at-large is only an indirect beneficiary.”  Id.  And counsel assert that the proposed laws are not “appropriate and reasonable” because they “attempt[] to shift the responsibility of providing financial assistance to small businesses from the government to certain insurance companies. . . .” Id.

Why the Insurance Industry Is Wrong about the Contracts Clause

This analysis is simply mistaken.  The case law interpreting the Contracts Clause demonstrates that legislation designed to provide relief to policyholders is constitutional.

As discussed below, under the cases, courts have established a balancing test that weighs the extent to which the challenged legislation contravenes contractual expectations against the purpose of the legislation and the means used to achieve that purpose.  Under that test, the proposed legislation is constitutional.

Basic Principles

The range of state legislative actions that can affect contractual relationships is broad. For instance, a state statute may render a contract wholly illegal.  See Stone v. Mississippi, 101 U.S. 814, 819 (1879) (upholding state statute outlawing lottery against claim that it violated contract rights of lottery company).  Or a statute may directly change the term of a contract.  E.g., United States Trust Co. v. New Jersey, 431 U.S. 1, 3 (1977) (state law abrogated covenant in contract with holders of state bonds); Home Bldg. & Loan Ass’n v. Blaisdell, 290 U.S. 398, 416 (1934) (state law modified foreclosure provisions in mortgages).  Even a law that has nothing to do with either the express terms of the contract or its subject matter can affect the parties’ allocation of risk, such as a law that changes the statute of limitations for contract actions.  See J. Ely, Jr., Whatever Happened to the Contract Clause?, 4 Charleston L. Rev. 371, 377 & n.48 (2010) (discussing Contracts Clause cases involving statutes of limitations).

Yet, as the Supreme Court has made clear, “it is not every modification of a contractual promise that impairs the obligation of contract under federal law.”  City of El Paso v. Simmons, 379 U.S. 497, 506–07 (1965).  Even though the language of the Contracts Clause is  “facially absolute,” Energy Reserves Group v. Kansas Power & Light Co., 459 U.S. 400, 410 (1983), “the prohibition against impairing the obligation of contracts is not to be read literally,” Keystone Bituminous Coal Ass’n v. DeBenedictis, 480 U.S. at 502.  Rather, “[t]he States must possess broad power to adopt general regulatory measures without being concerned the private contracts will be impaired, or even destroyed, as a result.”  United States Trust Co. v. New Jersey, 431 U.S. at 22.  In other words, the ban on impairment of contracts “must be accommodated to the inherent police power of the State ‘to safeguard the vital interests of its people.’’’  Energy Reserves Group, 459 U.S. at 410, quoting Home Bldg. & Loan Ass’n v. Blaisdell, 290 U.S. at 434.

Though not specifically referenced in the Constitution, the “police power” gives state legislatures broad leeway to pass laws to protect the public health, safety, and welfare.  The classic case is Stone v. Mississippi, 101 U.S. 814 (1879).  There, a state statute outlawing lotteries was challenged by a company that had previously obtained a charter from the state to run a lottery.  Rejecting the challenge, the Court held that the state’s power to shield the public from the evils of gambling trumped the contract rights of the lottery company.  Id. at 819.  Over time, the definition of the police power expanded to include a wide variety of laws designed to protect the public.  See, e.g., Home Building & Loan Association v. Blaisdell, 290 U.S. 398, 444 (1934) (Great Depression “furnished a proper occasion for the exercise of the reserved power of the State to protect the vital interests of the community” by providing for mortgage relief for financially strapped homeowners); Manigault v. Springs, 199 U.S. 473, 480 (1905) (even if contract for sale of alcohol was permissible when made, state could later prohibit such sales without violating Contracts Clause).

As we’ll discuss in the next part of this post, since the New Deal, the Supreme Court has generally applied these principles to uphold state legislation against challenges brought under the Contracts Clause.  We’ll also discuss how these basic principles have been applied by lower courts in insurance coverage cases and why we think the proposed legislation passes muster under the Constitution.


© 2020 Gilbert LLP

For more business policies & the coronavirus, see the National Law Review Insurance, Reinsurance, and Surety law section.

Department of Banking and Insurance Mandates Insurance Premium Refunds

On May 12, 2020, the New Jersey Department of Banking and Insurance issued Bulletin No. 20-22.  As a result of the COVID-19 pandemic and the resulting reduction in loss exposure for insurers, the Department has ordered insurers to make an initial premium refund or other adjustment for certain specified lines of insurance.  Premium refunds are required for the following types of insurance: (1) medical malpractice insurance; (2) commercial liability insurance; (3) commercial multiple-peril insurance; (4) workers compensation insurance; (5) commercial automobile insurance; (6) private passenger automobile insurance; and (7) any other line of coverage where the measures of risk have become substantially overstated as a result of the COVID-19 pandemic.

The premium refund may be provided as a premium credit, a reduction in premium, a return of premium, dividend, or other appropriate premium adjustment.  The premium refunds must be implemented “as quickly as practicable,” but in no event later than June 15, 2020.

Insurers may also provide additional premium relief to individual policyholders on a case-by-case basis for recent, current, and upcoming policy periods or any portion thereof.  Examples of reclassifications set forth in the Bulletin include, but are not limited to: (1) reclassifying a personal automobile exposure from “commute use” to “pleasure use”; (2) reclassifying a physician practice to part-time status; or (3) excluding payroll for employees who are being paid but not actively working.

Insurers are required to notify each affected policyholder no later than June 15, 2020 regarding the amount of the refund or adjustment.  In addition, insurers are required to provide an explanation of the basis for the adjustment, including a description of the policy period that was the basis of the premium refund and any changes to the classification or exposure basis of the affected policyholder.

While the across the board initial premium refunds referenced above will not require any action by individual policyholders, businesses and individuals should review their current and projected activities and reach out to their insurer to see if there is an opportunity for an additional “case-by-case” premium reduction.  For example, if a physician practice has reduced hours for its physicians so that all physicians are working part-time, this may provide the opportunity for a further reduction in medical malpractice premiums.

The text of the bulletin can be found here.

 


© 2020 Giordano, Halleran & Ciesla, P.C. All Rights Reserved
For more on COVID-19s effects on Insurance, see the Insurance Reinsurance and Surety section of the National Law Review

COVID-19 Insurance Impacts

In the throes of the COVID-19 pandemic, businesses have been significantly impacted and, whenever possible, should turn to their insurance carriers for coverage to mitigate the fallout from this virus.  As an initial step, policyholders should consider the insurance coverages listed below that may be triggered by COVID-19 losses or claims:

  • Business Interruption Coverage
  • General Liability Coverage
  • Workers Compensation Coverage
  • Directors and Officers Coverage

Policyholders should keep in mind that each situation is unique, based on the policy language, factual circumstances and applicable state law. As a starting point, policyholders should examine their policy language carefully to determine whether coverage may exist for COVID-19 related losses or claims.

Property Policies-Business Interruption Coverage

Business interruption coverage in general

Some policyholders might benefit from claims under business interruption coverage in their Property Policy in the wake of COVID-19, even though this kind of coverage is generally triggered where there is physical loss or damage. Courts vary on whether contamination rendering a building uninhabitable or unusable constitutes physical damage. Given that COVID-19 rendered buildings uninhabitable and unusable, the issue that may arise is whether COVID-19 contamination constitutes physical damage. We are aware of at least one case where a policyholder is suing its insurance carrier for business interruption coverage arguing that COVID-19 constitutes physical damage because the virus contaminates surfaces.

Policy exclusions must also be taken into consideration when determining coverage. After epidemics such as SARS, MERS, Zika, and Ebola, many insurance companies wrote in exclusions for infectious diseases. However, state legislatures might intervene and forbid these types of exclusions as a matter of public policy. For example, recently the New Jersey state legislature introduced a bill that would require insurance companies to cover business interruption losses as a result of COVID-19 despite the presence of these types of exclusions.

Given the level of uncertainty resulting from the pandemic, and the significant adverse financial impacts many businesses are facing as a result, the New York State Department of Financial Services (NYSDFS) issued a letter instructing insurance companies to provide policyholders and NYSDFS with an explanation of benefits letter to provide clarity around business interruption coverage under the policies at issue.

Contingent business interruption coverage

Some policyholders might benefit from contingent business interruption coverage in their Property policy, which is triggered when someone in your supply chain cannot perform due to a covered loss which in turn interrupts your business. In the case of the COVID-19 pandemic, businesses have certainly been impacted as a result of supply chain interruptions of third parties. Whether contingent business interruption coverage is available depends on policy language.

Off-premises business interruption coverage

This type of coverage is triggered where a service, such as electricity, water, sewage, communications, or gas, is disrupted leading to business interruption. We may see these essential services heavily challenged by COVID-19 impacts on the workforce and there may be adverse effects that have not yet reached businesses, but may be coming soon.

“Civil Authority” coverage

Some Property policies include “civil authority” coverage which covers losses as a result of a government or civil authority restricting access to the policyholder’s premises. Policies differ as to the terms of coverage including duration of coverage, whether the premises has to be damaged by a covered cause, and whether coverage extends broadly, such as when the civil authority restricts, hinders, impairs access, or narrowly, such as when the civil authority “prohibits” or “denies” access. Generally, civil authority coverage applies when there is a direct link between the civil authority’s order and the policyholder’s loss. For policy holders in localities where the state or local government has ordered a shutdown or curtailment of businesses to curb the spread of COVID-19 policyholders might recover under civil authority coverage.

General Liability Coverage

Businesses with general liability policies might be covered against third-party claims arising out of COVID-19. General liability policies typically cover third-party claims for “bodily injury” and “property damage” under “Coverage A,” and personal injuries, such as false imprisonment, under “Coverage B.” “Property Damage” is typically defined to include both physical injury to tangible property and loss of use of tangible property that is not physically injured.

Under Coverage A, businesses may be at risk for claims alleging that the business did not take proper precautions to mitigate the spread of COVID-19, thus resulting in bodily injuries. Princess Cruise Lines recently was sued by two of its passengers after the ship was quarantined because of a COVID-19 outbreak, alleging that the company did not take proper precautions to prevent the spread of the virus despite knowing that some passengers were infected. The occurrence giving rise to the claim must be “accidental” and there may ultimately be an inquiry whether companies knew and ignored risks, or whether the circumstances amount to an accident. Coverage claims will also have to address any potentially applicable exclusions to coverage under general liability policies.

In terms of liability under Coverage B, companies may be sued for false imprisonment as a result of improper or unwarranted quarantines.

Workers Compensation Coverage

Businesses that face claims from their employees who contracted COVID-19 in the course of employment should turn to workers compensation policies for coverage. Generally, workers compensation provides coverage for employees who were injured by accident or contracted a disease in the course of their employment. Many state statutes carve out coverage exceptions for “ordinary diseases of life,” meaning diseases that can be contracted by the general public. Whether insurers cover workers compensation claims for employees who contract COVID-19 through the course of employment is yet to be determined.

Directors and Officers Coverage

Businesses are also at risk of shareholder and securities suits, particularly in the context of disclosing the impacts of COVID-19 on business. The U.S. Securities and Exchange Commission (SEC) has been active in monitoring the impact of COVID-19 on publicly-traded companies, investors, and the market. On March 4, 2020, the SEC issued a press release, through which the SEC Chairman encouraged companies to provide investors with as much information as possible regarding COVID-19 impacts, plans, and risks. A class action lawsuit has already been filed against Norwegian Cruise Line alleging deceptive practices by the company in hiding the impacts of COVID-19 on the business, and subsequent stock losses.

If you have paid your premiums, you are entitled to all of the benefits your policies provide. In these challenging times, be sure to check all of your insurance policies for potential coverage.


© 2020 Van Ness Feldman LLP

Coronavirus and Commerce: Possible Insurance Implications

The coronavirus pandemic and its consequences are spreading throughout the world at an alarming rate.  Governments at all levels and the private sector are scrambling desperately to mitigate these consequences even as new closures, stricter quarantines, and fresh fears develop on an hourly basis.

While some industries are more directly impacted than others (e.g., airlines and hospitality), the economic losses associated with coronavirus cut across sectors and are reverberating throughout the economy.  As companies look to mitigate coronavirus-related losses, they should carefully review their insurance policies to determine whether they provide coverage for losses associated with the disease.  While coverage will ultimately turn on the specific terms of the relevant insurance policies and the precise nature of the losses, a number of insurance lines may provide relief.

First-Party Property Insurance – Business Interruption Insurance

Business interruption insurance is a common component of commercial property insurance policies.  In general, business interruption insurance covers loss of income that a business suffers after an interruption of their business operations.  Often, business interruption coverage is triggered as a result of “direct physical loss of or damage to” insured property as a result of an otherwise covered peril.  Depending on the specifics of the claim, a dispute may ensue as to whether “physical loss” occurred as a result of the coronavirus.  The term “physical loss” has been the subject of litigation in many jurisdictions and the outcome of such disputes is not uniform.  Property that becomes unusable or uninhabitable as a result of the coronavirus may be sufficient to satisfy the requirement of “physical loss.”

Some property insurance policies also include contingent business interruption coverage.  Contingent business interruption insurance provides insurance for lost earnings resulting from a third-party supplier or distributor shutdown directly impacting the policyholder’s operations.  Typically, contingent business interruption insurance requires that the type of damage sustained by the third party be a covered type of loss for the policyholder.  Contingent business interruption insurance is often marketed to businesses such as hotels, restaurants, or food vendors that derive business from nearby properties that draw large crowds (e.g., sports stadiums).  Given cancellation of sporting events and conferences, this coverage could potentially be significant.

Specialized Insurance Policies

There are many types of insurance that provide specialized coverages.  For example, trade disruption insurance is political risk insurance that covers loss of gross earnings and extra expenses resulting from delay or failure of materials to arrive due to actions or inactions of a foreign government.  As the coronavirus and the response thereto continue to evolve, potential governmental restrictions on travel and trade will continue to be fluid.  This is just one example of more specialized insurance that could come into play.  Companies should be sure to evaluate all potentially applicable policies (or sublimits within policies) that may respond to coronavirus-related losses.

Commercial General Liability Policies

Commercial general liability insurance typically provides coverage for “all sums that the insured becomes legally obligated to pay as damages because of ‘bodily injury’ or ‘property damage’ to which th[e] insurance applies.”  This is coverage for third-party claims against the company.  Although causation may be difficult for plaintiffs to prove based on the specific facts, an important aspect of commercial general liability insurance is that it provides defense for third-party claims and the insurer’s duty to defend is broader than the insurer’s duty to indemnify.

Given the nature of coronavirus, it is not difficult to envision scenarios in which individuals assert claims against companies alleging that they were exposed to coronavirus as a result of negligent behavior by company employees.  Companies should turn to their commercial general liability insurer for both defense and, if ultimately necessary, indemnity of such claims.

Conclusion

The coronavirus pandemic is an evolving threat with catastrophic human and economic consequences.  While the first priority of companies should be the safety of their employees and customers, they should also look to mitigate the economic impact of the disease, including utilizing insurance tools as applicable.  While coverage will ultimately depend on the specific facts associated with the loss and the relevant policy language, companies would be well served to review all of their potentially applicable coverages, including but not limited to those discussed above.


© 2020 Gilbert LLP

Important Differences Between Federal and Private Student Loans

Student loan borrowers commonly wonder whether they should refinance federal loans into private loans. There are many factors to consider in the case of federal loans, such as interest subsidies and possible forgiveness (but often with income tax consequences) paired with interest rates that are often lower in the case of private loans. Knowing the differences between federal and private student loans is imperative when making this decision.

Most notably, federal student loans are generally forgiven upon death whereas private lenders will pursue an estate for amounts owed by deceased borrowers.

Before refinancing your federal student loans into private ones, consider the cost of the extra life insurance you will need to purchase to cover the debt and, if you have already refinanced, be sure that your insurance coverage is adequate so that amounts intended for your family do not instead pay back creditors. When planning for federal student loan forgiveness, do not forget to account for any associated cancellation of debt income and purchase adequate insurance to cover the anticipated tax burden. The income tax on cancellation of debt income regarding federal student loans forgiven due to death was eliminated by the 2017 Tax Cuts and Jobs Act but this change is set to expire at the end of 2025 unless extended by Congress.

Similarly, consider any federal interest subsidies that may be available before refinancing. In some cases, the offset of the federal interest subsidy combined with the cost of the additional life insurance needed to cover the private loan debt makes refinancing a disadvantageous move.

In all cases, be sure to discuss the extent and type of your student loan debt and your repayment plan with your estate planning attorney. Planning for federal student loans is notoriously difficult because they are a moving target. The rules surrounding forgiveness, associated income tax consequences, repayment plans and interest subsidies can be changed at any time by any administration. Until a borrower’s loans are actually forgiven or paid off, the rules may be changed in the middle of the game which can make planning very dynamic. It is imperative to monitor the laws surrounding student loans and how they may affect repayment options, forgiveness options and associated income tax consequences.


© 2019 Varnum LLP

ARTICLE BY Rebecca K. Wrock of Varnum LLP.

War of the Words: Ninth Circuit Reverses Judgment for the Insurer in Rare War Exclusion Case

In Universal Cable Prods. LLC v. Atlantic Specialty Ins. Co., 2:16 cv-04435 PA, (9th Cir. July 12, 2019), the Ninth Circuit reversed the district court’s determinations as it relates to the application of two war exclusions.

In the summer of 2014, Universal Cable Productions wasfilming a television series, Dig, in Jerusalem.  During filming, hostilities arose in the region as Hamas, a Palestinian political movement, began firing rockets from Gaza into Israel.  The ongoing and escalating Israeli-Palestinian strife caused Universal to halt production, and ultimately move it out of the area.  Not surprisingly, the move resulted in significant expenses, prompting Universal to file a claim under its television production policy in order to cover the costs.

The insurer denied coverage for the claim, relying, for apparently the first time, on the applicability of the policy’s war exclusions.  The exclusions, which the insurer argued were triggered by Hamas’ firing of rockets, barred coverage for expenses resulting from: war, warlike action by a military force, or insurrection, rebellion, or revolution.  Universal countered that the exclusions are not applicable because the terms in the exclusions had a specialized meaning in the insurance context, and the Hamas action did not comport with that meaning.  The district court, refusing to apply any specialized meaning and instead using the plain meaning of the terms, sided with the insurer and found that Hamas’ actions clearly constituted war or warlike action which triggered the application of the exclusions.  Universal appealed.

On appeal, the Ninth Circuit disagreed with the district court’s analysis—namely the district court’s refusal to apply the alleged specialized meaning of the exclusions’ terms—finding that a provision of the California Civil Code required the application of specialized meaning when the meaning has been developed from customary usage.  The appellate court first found that the principal construing any ambiguity in favor of the insured was not applicable.  In doing so, the court noted that “the typical concerns animating [that principle] do not exist here.”  Next, the court found that because the terms “war” and “warlike action by a military force” had acquired a special meaning via usage, that special meaning must be followed and failure to do so “is reversible error.”  The court determined that in the insurance context, “war” and “warlike action by a military force” required the existence of “de jure” or “de facto” governments and because the court found that Hamas is neither, the exclusions did not work to bar coverage. Consequently, the court reversed the district court’s ruling in favor of the insured.


©2011-2019 Carlton Fields, P.A.

Article by Roben West of Carlton Fields.
For more insurance law, see the National Law Review Insurance Reinsurance & Surety law page.

Transferring Cybersecurity Risk: Considerations When Obtaining Cyber Insurance

While procuring cyber insurance is an increasingly important business decision, choosing cyber insurance is not a simple process of merely identifying the amount of coverage desired and then paying for the corresponding premium.  Instead, as set forth below, it presents a matrix of considerations to be explored to ensure receipt of appropriate coverage when needed.

The Importance of Cyber Insurance

In the face of continued and more destructive cyber threats and the advent of more demanding statutory and regulatory requirements, it is critical for a company not only to mitigate risk through comprehensive cybersecurity management but also to transfer that risk by obtaining tailored cyber insurance.  Indeed, more rigorous regulations, along with their attendant financial penalties for noncompliance (such as the EU’s General Data Protection Regulation (“GDPR”), which became effective May 25, 2018, or the NY Department of Financial Services (“NYDFS”) cybersecurity regulation, which was instituted in 2017) are likely to become the norm, not the exception.  Violation of these more recent rules and requirements (and potential expenses and related fines) also do not apply only when data is lost through an actual breach, but also when data is destroyed or cannot be accessed (ransomware) and when data is improperly collected.  Moreover, cyber risks and costs are indiscriminate and affect all industries.

To offset these serious risks, cyber insurance usually is necessary.  Third-party cyber liability claims are not covered under most general liability policies including the Insurance Service Organization’s industry standard GL form.  Director & Officer liability policies usually exclude cyber liability claims.  Property policies, including the ISO “All Risk” form, typically exclude first party cyber claims.  Limited first party cyber coverage may be available through crime policies, and some Information Technology Industry Errors & Omissions policies afford third party cyber coverage.  In most cases, however, only a cyber policy can assure a company of the desired coverage.  A company has a much better chance for coverage and a prompt resolution of its claim under a cyber policy without the need to resort to litigation.

While cyber insurance has been available since the late 1990’s, it is rapidly expanding because of the continued need for a holistic approach to cybersecurity protection.  Indeed, insurance companies expect a surge of business as companies rush to purchase cyber insurance following the arrival of tougher regulations like the GDPR.

Cyber security and liability risks also often involve highly-technical, rapidly evolving information technology issues.  A prospective insured should inquire regarding the cyber experience of its broker, particularly if it is not using a large multi-line producer who has access to an IT consultant or cyber specialist.  Some brokers specialize in cyber insurance, and an insured should consider using a broker who possesses cyber experience.  While “bare bones” cyber coverage is available from authorized or “admitted” insurers, more comprehensive niche cyber coverage often is available only in the surplus lines or “non-admitted” market and can be brokered only by surplus lines producers.

The selection of an insurer is even more important.  In addition to issues of Best’s Financial Quality and Size Ratings, many insurers offer low cost, bares bones thirdparty coverage, while other insurers offer broader, albeit more expensive, coverage, and better claim service.

Cost-wise, premiums will be lower for those companies with comprehensive cyber-risk management plans in place with demonstrated levels of security and internal controls, i.e., better security equals lower risk, which equals more competitive pricing.  A company therefore is further incentivized to ensure it has adequate procedures in place to prevent, detect, investigate, and report data breaches.

The Level of Coverage Needed: Initial Considerations

One of the most important steps in the process of obtaining cyber insurance is to determine what type of coverage a company needs based on reasonably anticipated cyber risks inherent to a company’s business and position in the marketplace.  There are multiple considerations a company should undertake in assessing the kind and amount of coverage needed.

What type of company are you?

A company should consider:

>> its industry and the type of services it offers;

>> the type of data it handles (e.g., financial information, health information, credit information);

>> the makeup of its customers (e.g., whether they include EU citizens); and

>> what regulations it must follow.

Depending upon the kind of data it collects and handles, the company will be subject to a different array of regulations, which should inform the company regarding the type of cyber insurance coverage to be sought.  If a company is a financial institution, it must comply with the privacy rules of the Gramm Leach Bliley Act.  If the company handles personal health information, it will be subject to the privacy requirements of the Health Insurance Portability and Accountability Act, HIPAA.  If the company handles the data of EU citizens, it will be subject to the privacy restrictions (and severe potential penalties) of the GDPR.

First-Party and Third-Party Costs

The company also should think about the kinds of costs it may incur to manage a cyber incident/breach and whether cyber insurance coverage to defer or recoup all of those costs is necessary or prudent.  Such first-party costs can include:

>> forensic investigation costs to determine the source of the cyber incident/ breach and the extent of harm caused

>> remediation costs to rectify any network problem or software deficiencies

>> notification costs to customers whose data was compromised

>> data restoration costs of data stolen, lost, or altered

>> business interruption costs to help restore business functions and to maintain business capabilities while responding to a cyber incident

>> legal costs to evaluate regulatory obligations and assess any liability

>> public relation costs to help maintain and/or restore confidence in the company

Considering these first-party costs, however, is not as straightforward as it may seem.  For instance, assuming a company wants a policy to cover notification costs to advise its customers of a data breach, a company still needs to determine the type of notification it envisions.  Does it merely want to comply with statutory notification requirements or might it want to take a more aggressive approach to notification for customer relation purposes?  And how is the company going to notify its customers?  Email?  Regular mail?  First Class mail?  Similarly, when assessing remediation costs, the company also needs to determine if it wants to provide credit monitoring to its customers and have those costs covered under a cyber policy.  A company must think through these issues to help ensure the right cyber insurance coverage is obtained.

Furthermore, a company may also incur third-party costs as a result of a cyber-event, such as defending against a litigation or regulatory action.  Contemplating cyber coverage for these types of third-party costs also compels additional considerations regarding the extent of coverage desired.  For example, legal fees in defending a claim often can approach or even exceed the ultimate cost of settling the claim.  A company should decide if it wants its litigation costs to erode the policy’s limit of liability, sometimes referred to as being “cost-inclusive,” or whether defense costs should be in addition to the limit of liability.  With regard to a regulatory inquiry, while payment of fines and penalties is unlawful in some jurisdictions and is often excluded from coverage, the company must determine if it wants coverage to include investigatory costs in responding to the governmental inquiry.  Some policies cover up to half of the investigatory costs of responding to a governmental inquiry or subpoena, usually subject to a sublimit on liability.

Do the Provisions of the Policy Ensure the Desired Coverage?

Once a company identifies the coverage it hopes to purchase, it then is essential to carefully consider the specific provisions of a cyber policy to ensure receipt of the level of coverage sought for the cyber risk possibilities reasonably envisioned.  Among the questions when analyzing the policy’s provisions are:

>> When is coverage triggered?

>— Is the policy written on an “occurrence” basis, i.e., the breach must occur during the policy period to be covered, or is it written on a claimsmade basis, i.e., the claim must be made and reported during the policy period in order for coverage to be available?

>— If the policy is written on a claims-made basis, does the breach nevertheless have to occur during the policy period, does it merely have to be discovered in the policy period, or both?

— Is intentional conduct required (by a third-party or malicious company insider) or can coverage be triggered by the negligence of an employee?

>— Is the conduct of a malicious insider to the company covered or must the cyber incident be caused by an outside third-party?

>— Must data have been disseminated outside the company (a breach) or will the policy also cover situations where data is destroyed or cannot be accessed (e.g., ransomware)?

>> What kind of information is covered?

>— How is “personal information” defined?

>— Is “confidential corporate information” covered?

>> Does the policy require minimum security requirements be maintained to protect the company’s computer network and data?

>> What devices are covered?

>— Are only the company’s servers and computers covered?

>— How are mobile devices (laptops, mobile phone, thumb drives) treated?

>— If the company allows employees to use personal devices or work remotely (BYOD – Bring Your Own Device policies), are cyber incidents originating on an employee’s personal device covered?

>> Are cyber breaches or incidents caused by vendors assisting the company (e.g., HVAC, data processors, cloud providers) covered?

>— Would coverage only extend to breaches caused by a vendor on the company’s network?

>— Would coverage extend to a breach of a vendor’s network housing the company’s data?

>> What are the policy provisions regarding notice and defense of a claim?

>— How quickly does the policy require a claim to be reported to the carrier?

>— Whose knowledge of a breach is imputed to the company for the purpose of determining whether a claim has been reported late and whether an exclusion applies?

>— Does the definition of “claim” include responding to a subpoena?

— Is the defense obligation of the policy a “duty to defend” where the insurer controls the defense and settlement of a claim or does the policy have a duty to advance defense costs, which permits the policyholder to control the defense and settlement of the claim at the cost of the insurer?

>— If the policy has a duty to advance costs, are there limitations on who the company can retain as outside counsel or as a forensic expert?

>— Are regulatory investigations covered?

>— Does the policy cover investigatory costs in responding to a governmental inquiry?

>— Are fines covered?  If so, is the company domiciled in a jurisdiction where indemnification against fines and penalties is not against public policy?

>— How is regulator defined?  Does it cover EU regulators?

To be sure, disputes between policyholders and insurance carriers are inevitable, and insurers will attempt to strictly construe policies against coverage.  Courts are just beginning to interpret cyber insurance policy provisions, sometimes coming out on opposite sides of the same issue depending upon the jurisdiction.

For instance, courts have disagreed whether cyber insurance policies cover losses resulting from social engineering, i.e., when a company employee is falsely manipulated to wire out company funds based on what is believed to be a legitimate email authorizing the transfer but what is actually an email initiated by a fraudster.  Insurers may assert that a loss caused by social engineering (also known as business email compromise) is not a direct loss under the computer fraud provisions of a cyber insurance policy.  Carriers attempt to distinguish between fraudulently causing a transfer (via social engineering) and causing a fraudulent transfer (via hacking into a company’s computer network to wire out funds).

Insurers also have sought to disclaim coverage by invoking exclusions for a company’s failure to maintain agreed-upon levels of cybersecurity to protect the company’s network and data.  Courts have been asked to construe cyber policy provisions to determine whether the insured satisfied the policy’s security requirements.  Considering that industry cybersecurity measures are constantly updated, a company should attempt to avoid a situation where a court’s interpretation of policy language and evaluation of a company’s cybersecurity efforts will determine whether it can recoup losses from a cyber event.

Conclusion

As criminals find new and more inventive ways to attack computer systems or fraudulently cause the theft of company funds, a company faces the increased risk of loss, which can result from a combination of illegal activity, imperfect network security, and employee negligence.  As such, a company should undertake a complete strategy to combat cybersecurity-related threats, which includes procuring appropriate insurance coverage to manage reasonably anticipated cyber risks.  Carriers may attempt to dispute claims, so a company must give special attention to cyber policy language to avoid the possibility of coverage being denied.  To help negotiate policy provisions to avoid ambiguities and potential grounds for disputes, a company should explore using an insurance professional to help negotiate a policy with the desired coverage, including identifying additional policy endorsements that may be available to cover certain specific cyber threats.  When procuring cyber insurance, considering the questions and issues outlined above may make the difference between receiving expected cyber coverage and not.

 

© Copyright 2018 Sills Cummis & Gross P.C.
This post was written by Joseph B. Shumofsky and Thomas S. Novak from Sills Cummis & Gross P.C.