Category Archives: D&O Insurance

Please join me for “2014 Year in Review: A National Insurance Recovery Webinar”

free webinarAs noted previously here, at Barnes & Thornburg LLP‘s Policyholder Protection blog, I welcome you to mark your calendar and join us for a national insurance recovery webinar on Tuesday, Jan. 27 at 3 p.m. (Eastern). The Barnes & Thornburg insurance recovery attorneys will review 2014’s major legal developments and trends in insurance coverage and recovery. You will learn more about how the events of the past year affected:

  • Directors and Officers (D&O) coverage
  • Excess umbrella liability coverage
  • Coverage for business torts and consumer false advertising claims
  • Coverage for environmental contamination claims
  • Cyber liability and data breach

 

You won’t want to miss this lively discussion of some of 2014’s most important developments for policyholders. Webinar access and dial-in information will be delivered upon registration.

 

Register today!

 

2.0 General CLE Credits Pending for CA, GA, IL, IN, MD, MN, OH, PA

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2015.

Would your company’s insurance cover a cyberattack?

DDoSOn October 27, 2011, CNN.com posted:

A massive cyberattack that led to a vulnerability in RSA’s SecurID tags earlier this year also victimized Google, Facebook, Microsoft and many other big-named companies, according to a new analysis released this week.

The Krebs On Security blog posted:

Security experts have said that RSA wasn’t the only corporation victimized in the attack, and that dozens of other multinational companies were infiltrated using many of the same tools and Internet infrastructure.

This is in line with comments from others, including this quote from Digital Forensic Investigator News, that “2011 has quickly become the year of the cyber attack.”  Would your insurance policies cover those events?  Beyond the denial of service attacks that made news headlines, a shocking “80 percent of respondents” in a survey of “200 IT security execs” “have faced large scale denial of service attacks,” according to a ZDNet story.[1]  These attacks and threats do not appear to be on a downward trend.  They continue to be in the news after cyberattacks allegedly took place against “U.S. government Web sites – including those of the White House and the State Department –” over the July 4, 2009 holiday weekend.[2]  The alleged attacks were not only against government sites; they allegedly included, “according to a cyber-security specialist who has been tracking the incidents, . . . those run by the New York Stock Exchange, Nasdaq, The Washington Post, Amazon.com and MarketWatch.”[3]  The more recent ZDNet survey shows that a quarter of respondents faced denial of service attacks on a weekly or even daily basis, with cyberextortion threats being made as well.[4]

Denial of Service Attacks

The cyberattacks that have stolen recent headlines were denial of service incidents.  Personnel from “CERT® Program,” which “is part of the federally funded Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania,” have explained:

Denial of service attacks come in a variety of forms and aim at a variety of services. There are three basic types of attack:

  • consumption of scarce, limited, or non-renewable resources
  • destruction or alteration of configuration information
  • physical destruction or alteration of network components.[5]

Some attacks are comparable to “tak[ing] an ax to a piece of hardware” and are known as “so-called permanent denial-of-service (PDOS) attack[s].”[6]  If a system suffers such an attack, which also has been called “pure hardware sabotage,” it “requires replacement or reinstallation of hardware.”[7]

What Insurance Coverage Might Apply?

The first place to look for insurance coverage for a denial of service attack is a cybersecurity policy.  The market for cybersecurity policies has been called the Wild West of insurance marketplaces.  Cyber security and data breach policies, certain forms of which may be known as Network Risk, Cyber-Liability, Privacy and Security, or Media Liability insurance, are relatively new to the marketplace and are ever-changing.  The Insurance Services Office, Inc., which designs and seeks regulatory approval for many insurance policy forms and language, has a standard insurance form called the “Internet Liability and Network Protection Policy,” and insurance companies may base their coverages on this basic insuring agreement, or they may provide their own company-worded policy form.  Because of the variety of coverages being offered, a careful review of the policy form before a claim hits is critical to understand whether the cyberpolicy will provide coverage, and, if it will, how much coverage is available for the event.  If your company does make a claim under a cyberpolicy, engaging experienced coverage counsel who is familiar with coverage for cybersecurity claims will help get the claim covered properly and fight an insurance company’s attempt to deny the claim or otherwise improperly try to limit coverage that is due under the policy.

If your company faces a denial of service cyberattack and suffers losses as a result, but your company has not purchased a specialized suite of policies marketed as cyber security policies, coverage nonetheless may be available under other insurance policies.  In addition, other insurance policies may provide coverage that overlaps with a cyberinsurance policy.  Consider whether first party all risk or property coverage may apply.  First party all risk policies typically provide coverage for the policyholder’s losses due to property damage.  If the denial of service cyberattack caused physical damage to your company’s servers or hard drives, your company’s first party all risk insurer should not have a credible argument that there was no property damage.  Even if the damage is limited to data and software, however, it may be argued that the loss is covered under your company’s first party all risk policy, as some courts have found that damage to data and software consists of property damage.[8]

First party policies may also provide coverage for extra expense, business interruption, and contingent business interruption losses due to a cyberattack.  (Contingent business interruption losses may include losses that the policyholder faces arising out of a cyber security-based business interruption of another party, such as a cloud provider, network host, or others.)[9]

Look also to other first party coverages, such as crime and fidelity policies, to determine whether there may be coverage for losses due to a cyberattack.  In particular, crime policies may have endorsements, such as computer fraud endorsements, that may cover losses from a denial of service cyberattack.[10]

If, after a cyberattack, third parties seek to hold your company responsible for their alleged losses, consider whether your company’s liability policies would provide coverage.  More importantly, consider your company’s commercial general liability (CGL) insurance policy, if your company does not have a specialized cyber liability policy.  If your company did buy a cyberinsurance policy, there is coverage under a CGL policy (and others) that may overlap the coverage in a cyberinsurance policy, providing your company with additional limits of insurance coverage available for the claim.

The first coverage provided in a standard-form CGL insurance policy covers liability for property damage.  Similar to the analysis above for first party all risk policies, if there was damage to servers or hard drives, insurers should not be heard to argue that there was no property damage.  Courts are divided as to whether damage to data or software alone consists of property damage under insurance policies, with some courts recognizing that “the computer data in question ‘was physical, had an actual physical location, occupied space and was capable of being physically damaged and destroyed’” and that such lost data was covered under a CGL policy.[11]  Be aware, however, that the insurance industry has revised many CGL policies to include definitions giving insurers stronger arguments that damage to data and software will not be considered property damage.  But also note that your company’s CGL policy may have endorsements that provide coverage specifically for damage to data and software.[12]  Consider further whether a claim would fall within the property damage coverage for loss of use of tangible property—loss of use of servers and hard drives because of the cyberattack; loss of use of computers arising out of alleged software and data-based causes has been held sufficient to trigger a CGL policy’s property damage coverage.[13]

Keep in mind that if there is a claim for property damage under a CGL policy, there may be coverage for obligations that your company has under indemnity agreements.  Standard form CGL policies provide coverage for indemnity agreements.[14]

Depending on the types of claims asserted, other liability policies may be triggered as well.  For example, directors and officers liability policies may provide coverage for investigation costs,[15] and errors and omissions policies also may cover, if the cybersecurity claims may be considered to be within the definition of “wrongful act.”[16]  The takeaway for companies suffering from a cyberattack is that a careful review of all policies held by the insured is warranted to make certain that the most comprehensive coverage may be pursued.


[1] Larry Dignan, Cyberattacks on Critical Infrastructure Intensify, ZDNet, http://m.zdnet.com/blog/btl/cyberattacks-on-critical-infrastructure-intensify/47455 (Apr. 19, 2011).

[2] U.S. Government Sites Among Those Hit by Cyberattack, CNN, http://www.cnn.com/2009/TECH/07/08/government.hacking/index.html (July 8, 2009).

[3] Siobhan Gorman & Evan Ramstad, Cyber Blitz Hits U.S., Korea, Wall St. J., http://online.wsj.com/article/SB124701806176209691.html (July 9, 2009).

[4] Larry Dignan, Cyberattacks on Critical Infrastructure Intensify, ZDNet, http://m.zdnet.com/blog/btl/cyberattacks-on-critical-infrastructure-intensify/47455 (Apr. 19, 2011).

[5] Denial of Service Attacks, CERT, http://www.cert.org/tech_tips/denial_of_service.html (last visited July 9, 2009); About CERT, CERT, http://www.cert.org/meet_cert/ (last visited July 10, 2009).

[6] Kelly Jackson Higgins, Permanent Denial-of-Service Attack Sabotages Hardware, Security Dark Reading, http://www.darkreading.com/security/management/showArticle.jhtml?articleID=211201088 (May 19, 2008).

[7] Id.

[8] See, e.g., Lambrecht & Assocs., Inc. v. State Farm Lloyds, 119 S.W.3d 16 (Tex. App. 2003) (first party property coverage for data damaged because of hacker attack or computer virus); Am. Guar. & Liab. Ins. Co. v. Ingram Micro, Inc., No. 99-185 TUC ACM, 2000 U.S. Dist. LEXIS 7299, at *6 (D. Ariz. Apr. 18, 2000) (construing “physical damage” beyond “harm of computer circuitry” to encompass “loss of access, loss of use, and loss of functionality”).

[9] Se. Mental Health Ctr., Inc. v. Pac. Ins. Co., 439 F. Supp. 2d 831, 837-39 (W.D. Tenn. 2006) (finding coverage under business interruption policy for computer corruption); see also Scott N. Godes, Ensuring Contingent Business Interruption Coverage, Law360 (Apr. 8, 2009), http://insurance.law360.com/articles/94765 (discussing coverage under first party policies resulting from third party interruptions).

[10] For example, in Retail Ventures, Inc. v. National Union Fire Insurance Co., No. 06-443, slip op. (S.D. Ohio Mar. 30, 2009), the court held that a crime policy provided coverage for a data breach and hacking attack.

[11] See, e.g., Computer Corner, Inc. v. Fireman’s Fund Ins. Co., 46 P.3d 1264, 1266 (N.M. Ct. App. 2002).

[12] See, e.g., Claire Wilkinson, Is Your Company Prepared for a Data Breach?, Ins. Info. Inst., at 20 (Mar. 2006), http://www.iii.org/assets/docs/pdf/informationsecurity.pdf (discussing the Insurance Services Office, Inc.’s endorsement for “electronic data liability”).

[13] See Eyeblaster, Inc. v. Fed. Ins. Co., 613 F.3d 797 (8th Cir. 2010).

[14] See, e.g., Harsco Corp. v. Scottsdale Ins. Co., No. 49D12-1001-PL-002227, slip op. (Ind. Super. Ct. Apr. 26, 2011).

[15] See MBIA Inc. v. Fed. Ins. Co., 652 F.3d 152, 160 (2d Cir. 2011).

[16] See Eyeblaster, 613 F.3d at 804.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2011.

Podcast on D&O insurance, cybersecurity, cyber liabilities, privacy class actions, and insurance: “Executive Summary Webinar Series: What You Need to Know Before You Walk Into the Boardroom (July 2011)”

I recently joined Priya Cherian Huskins and Lauri Floresca of Woodruff Sawyer & Co. to discuss D&O insurance, cyberinsurance, and insurance coverage for privacy issues, data breaches, cyberattacks, denial-of-service attacks and more.   Lauri and Priya gave an overview of the D&O insurance marketplace, including changes in pricing, availability of limits, and new insurance policies and insurance products.  Then we shifted gears and talked about cybersecurity, cyber liability, and insurance coverage for cybersecurity risks.  We touched on the latest data breaches, privacy claims and class actions, and other cyber incidents to have hit the news and discussed the related insurance coverage issues.  The audio and supporting materials (that Woodruff Sawyer prepared) have been put online as a podcast and supporting PDF, so that you listen, in case you missed the live presentation.

To listen to this podcast, click here.

To view a pdf of the presentation, click here.

Date and Time


 

Tuesday, July 19, 2011


Webinar

11:00 AM – 11:30 AM PST


This webinar is offered free of charge.


Visit Us At:

LinkedIn   Facebook   Twitter


Woodruff-Sawyer & Co.

50 California St., 12th Fl.

San Francisco, CA 94111

Before you walk into your next board meeting, what do you need to know when it comes to current D&O liability issues? The “Executive Summary” is Woodruff-Sawyer’s webinar series for CFOs, GCs, Controllers and others who work with boards of directors.  The upcoming session will feature a conversation with Woodruff-Sawyer’s Priya Cherian Huskins and Lauri Floresca, both nationally-recognized insurance experts, and Scott Godes [formerly] of Dickstein Shapiro.Scott [was] the co-leader of Dickstein Shapiro’s Cyber Security Coverage Initiative. Areas of Discussion

  • D&O Market Update
  • D&O Litigation Update

– Newest numbers on D&O suits
– Latest on Supreme Court rulings

  • Lessons from Sony & Citi: What boards should be asking about cyber liability

– Updates on the recent high-profile data security breaches
– Understanding the impact of California’s recent Supreme Court zip code decision
– What should boards do to mitigate cyber risks?

Click here to register for this webinar.

For questions, please email seminar@wsandco.com


Woodruff-Sawyer is one of the largest independent insurance brokerage firms in the nation, and is an active partner of International Benefits Network and Assurex Global. For over 90 years, Woodruff-Sawyer has been partnering with clients to implement and manage cost-effective and innovative insurance, employee benefits and risk management solutions, both nationally and abroad. Headquartered in San Francisco, Woodruff-Sawyer has offices throughout California and in Portland, Oregon. For more information, call 415.391.2141 or visit www.wsandco.com.


Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2011.

myspace profile views counter

Join me for a free webinar about D&O and cyberinsurance: “Executive Summary”: What You Need to Know Before You Walk into the Boardroom

Please join me on July 19, 2011, at 2:00 pm Eastern, for a free webinar hosted by Woodruff Sawyer & Co. Priya Cherian Huskins, Lauri Floresca, and I will discuss D&O insurance, cyberinsurance, and insurance coverage for privacy issues, data breaches, cyberattacks, denial-of-service attacks and more. Here are the details from Woodruff Sawyer‘s announcement:

 

Date and Time


 

Tuesday, July 19, 2011


Webinar

11:00 AM – 11:30 AM PST


This webinar is offered free of charge.


Visit Us At:

LinkedIn   Facebook   Twitter


Woodruff-Sawyer & Co.

50 California St., 12th Fl.

San Francisco, CA 94111

Before you walk into your next board meeting, what do you need to know when it comes to current D&O liability issues? The “Executive Summary” is Woodruff-Sawyer’s webinar series for CFOs, GCs, Controllers and others who work with boards of directors.  The upcoming session will feature a conversation with Woodruff-Sawyer’s Priya Cherian Huskins and Lauri Floresca, both nationally-recognized insurance experts, and Scott Godes [formerly] of Dickstein Shapiro.Scott [was] the co-leader of Dickstein Shapiro’s Cyber Security Coverage Initiative. Areas of Discussion

  • D&O Market Update
  • D&O Litigation Update

– Newest numbers on D&O suits
– Latest on Supreme Court rulings

  • Lessons from Sony & Citi: What boards should be asking about cyber liability

– Updates on the recent high-profile data security breaches
– Understanding the impact of California’s recent Supreme Court zip code decision
– What should boards do to mitigate cyber risks?

Click here to register for this webinar.

For questions, please email seminar@wsandco.com


Woodruff-Sawyer is one of the largest independent insurance brokerage firms in the nation, and is an active partner of International Benefits Network and Assurex Global. For over 90 years, Woodruff-Sawyer has been partnering with clients to implement and manage cost-effective and innovative insurance, employee benefits and risk management solutions, both nationally and abroad. Headquartered in San Francisco, Woodruff-Sawyer has offices throughout California and in Portland, Oregon. For more information, call 415.391.2141 or visit www.wsandco.com.

 

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2011.

myspace profile views counter

Independent Directors Liability insurance discussed in, “Do directors need separate liability coverage?”

In her article, Do Directors Need Separate Liability Coverage, Corporate Secretary magazine, author Elizabeth Judd writes about Independent Director Liability insurance policies.  The article opens:

IDL insurance protects directors outside the limits of D&O coverage and record increase in securities suits makes IDL a good option.

Almost all public companies buy directors and officers liability (D&O) insurance, providing officers and boards with protection against claims not indemnified by the company. But when companies unravel, they often do so spectacularly– and given how a typical D&O policy is structured, directors may not be as well protected in the event of a complete corporate meltdown as they might like.

That’s where independent director liability (IDL) insurance comes in. A specialized form of D&O that’s sold separately, IDL protects only the directors and would pay out even if all limits within a company’s D&O policy were exhausted.

There is a really nice discussion about IDL insurance coverage in the article.  Elizabeth quotes Kevin LaCroix, of The D&O Diary, and other  well-known sources on the issue of insurance coverage for directors and officers.  Elizabeth also interviewed and quoted me in the article, writing:

Scott Godes, [formerly] counsel at Dickstein Shapiro and author of the Corporate Insurance Blog, says the beauty of IDL is that the policies are marketed as nonrescindable.

‘When D&O claims get messy or expensive, insurance firms have remarkably creative lawyers who can find ways to deny coverage or rescind the policy,’ he points out. ‘I saw one advertisement stating that IDL is insurance for insurance – if the insurance company is marketing these policies as rescission-proof, that should be a good sign.’

If you deal with insurance coverage issues, directors and officers issues, or securities issues, the article is worth a read.  IDL insurance is a pretty interesting product, and Elizabeth does a nice job of outlining the coverages and the pros and cons of buying such a policy.  So click on over to Do Directors Need Separate Liability Coverage
and read the whole thing.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2011.

Insurance Coverage for Denial-of-Service Attacks

DDoS

It seems that 2011 has been the year of cyberattacks – denial of service attacks, data breaches, and more.  Would your insurance policies cover those events?  Beyond the denial of service attacks that made news headlines, a shocking “80 percent of respondents” in a survey of “200 IT security execs” “have faced large scale denial of service attacks,” according to a ZDNet story.[1]  These attacks and threats do not appear to be on a downward trend.  They continue to be in the news after cyberattacks allegedly took place against “U.S. government Web sites – including those of the White House and the State Department –” over the July 4, 2009 holiday weekend.[2]  The alleged attacks were not only against government sites; they allegedly included, “according to a cyber-security specialist who has been tracking the incidents, . . . those run by the New York Stock Exchange, Nasdaq, The Washington Post, Amazon.com and MarketWatch.”[3]  The more recent ZDNet survey shows that a quarter of respondents faced denial of service attacks on a weekly or even daily basis, with cyberextortion threats being made as well.[4]

Denial of Service Attacks

The cyberattacks that have stolen recent headlines were denial of service incidents.  Personnel from “CERT® Program,” which “is part of the federally funded Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania,” have explained:

Denial of service attacks come in a variety of forms and aim at a variety of services. There are three basic types of attack:

  • consumption of scarce, limited, or non-renewable resources
  • destruction or alteration of configuration information
  • physical destruction or alteration of network components.[5]

Some attacks are comparable to “tak[ing] an ax to a piece of hardware” and are known as “so-called permanent denial-of-service (PDOS) attack[s].”[6]  If a system suffers such an attack, which also has been called “pure hardware sabotage,” it “requires replacement or reinstallation of hardware.”[7]

What Insurance Coverage Might Apply?

The first place to look for insurance coverage for a denial of service attack is a cybersecurity policy.  The market for cybersecurity policies has been called the Wild West of insurance marketplaces.  Cyber security and data breach policies, certain forms of which may be known as Network Risk, Cyber-Liability, Privacy and Security, or Media Liability insurance, are relatively new to the marketplace and are ever-changing.  The Insurance Services Office, Inc., which designs and seeks regulatory approval for many insurance policy forms and language, has a standard insurance form called the “Internet Liability and Network Protection Policy,” and insurance companies may base their coverages on this basic insuring agreement, or they may provide their own company-worded policy form.  Because of the variety of coverages being offered, a careful review of the policy form before a claim hits is critical to understand whether the cyberpolicy will provide coverage, and, if it will, how much coverage is available for the event.  If your company does make a claim under a cyberpolicy, engaging experienced coverage counsel who is familiar with coverage for cybersecurity claims will help get the claim covered properly and fight an insurance company’s attempt to deny the claim or otherwise improperly try to limit coverage that is due under the policy.

If your company faces a denial of service cyberattack and suffers losses as a result, but your company has not purchased a specialized suite of policies marketed as cyber security policies, coverage nonetheless may be available under other insurance policies.  In addition, other insurance policies may provide coverage that overlaps with a cyberinsurance policy.  Consider whether first party all risk or property coverage may apply.  First party all risk policies typically provide coverage for the policyholder’s losses due to property damage.  If the denial of service cyberattack caused physical damage to your company’s servers or hard drives, your company’s first party all risk insurer should not have a credible argument that there was no property damage.  Even if the damage is limited to data and software, however, it may be argued that the loss is covered under your company’s first party all risk policy, as some courts have found that damage to data and software consists of property damage.[8]

First party policies may also provide coverage for extra expense, business interruption, and contingent business interruption losses due to a cyberattack.  (Contingent business interruption losses may include losses that the policyholder faces arising out of a cyber security-based business interruption of another party, such as a cloud provider, network host, or others.)[9]

Look also to other first party coverages, such as crime and fidelity policies, to determine whether there may be coverage for losses due to a cyberattack.  In particular, crime policies may have endorsements, such as computer fraud endorsements, that may cover losses from a denial of service cyberattack.[10]

If, after a cyberattack, third parties seek to hold your company responsible for their alleged losses, consider whether your company’s liability policies would provide coverage.  More importantly, consider your company’s commercial general liability (CGL) insurance policy, if your company does not have a specialized cyber liability policy.  If your company did buy a cyberinsurance policy, there is coverage under a CGL policy (and others) that may overlap the coverage in a cyberinsurance policy, providing your company with additional limits of insurance coverage available for the claim.

The first coverage provided in a standard-form CGL insurance policy covers liability for property damage.  Similar to the analysis above for first party all risk policies, if there was damage to servers or hard drives, insurers should not be heard to argue that there was no property damage.  Courts are divided as to whether damage to data or software alone consists of property damage under insurance policies, with some courts recognizing that “the computer data in question ‘was physical, had an actual physical location, occupied space and was capable of being physically damaged and destroyed’” and that such lost data was covered under a CGL policy.[11]  Be aware, however, that the insurance industry has revised many CGL policies to include definitions giving insurers stronger arguments that damage to data and software will not be considered property damage.  But also note that your company’s CGL policy may have endorsements that provide coverage specifically for damage to data and software.[12]  Consider further whether a claim would fall within the property damage coverage for loss of use of tangible property—loss of use of servers and hard drives because of the cyberattack; loss of use of computers arising out of alleged software and data-based causes has been held sufficient to trigger a CGL policy’s property damage coverage.[13]

Keep in mind that if there is a claim for property damage under a CGL policy, there may be coverage for obligations that your company has under indemnity agreements.  Standard form CGL policies provide coverage for indemnity agreements.[14]

Depending on the types of claims asserted, other liability policies may be triggered as well.  For example, directors and officers liability policies may provide coverage for investigation costs,[15] and errors and omissions policies also may cover, if the cybersecurity claims may be considered to be within the definition of “wrongful act.”[16]  The takeaway for companies suffering from a cyberattack is that a careful review of all policies held by the insured is warranted to make certain that the most comprehensive coverage may be pursued.

Scott Godes [was] counsel with Dickstein Shapiro’s Insurance Coverage Practice in the firm’s Washington, D.C. office.  Mr. Godes is the co-head of the firm’s Cyber Security Insurance Coverage Initiative and co-chair of the American Bar Association Computer Technology Subcommittee of the Insurance Coverage Committee of the Section of Litigation.  He frequently represents corporate policyholders in insurance coverage disputes.

[1] Larry Dignan, Cyberattacks on Critical Infrastructure Intensify, ZDNet, http://m.zdnet.com/blog/btl/cyberattacks-on-critical-infrastructure-intensify/47455 (Apr. 19, 2011).

[2] U.S. Government Sites Among Those Hit by Cyberattack, CNN, http://www.cnn.com/2009/TECH/07/08/government.hacking/index.html (July 8, 2009).

[3] Siobhan Gorman & Evan Ramstad, Cyber Blitz Hits U.S., Korea, Wall St. J., http://online.wsj.com/article/SB124701806176209691.html (July 9, 2009).

[4] Larry Dignan, Cyberattacks on Critical Infrastructure Intensify, ZDNet, http://m.zdnet.com/blog/btl/cyberattacks-on-critical-infrastructure-intensify/47455 (Apr. 19, 2011).

[5] Denial of Service Attacks, CERT, http://www.cert.org/tech_tips/denial_of_service.html (last visited July 9, 2009); About CERT, CERT, http://www.cert.org/meet_cert/ (last visited July 10, 2009).

[6] Kelly Jackson Higgins, Permanent Denial-of-Service Attack Sabotages Hardware, Security Dark Reading, http://www.darkreading.com/security/management/showArticle.jhtml?articleID=211201088 (May 19, 2008).

[7] Id.

[8] See, e.g., Lambrecht & Assocs., Inc. v. State Farm Lloyds, 119 S.W.3d 16 (Tex. App. 2003) (first party property coverage for data damaged because of hacker attack or computer virus); Am. Guar. & Liab. Ins. Co. v. Ingram Micro, Inc., No. 99-185 TUC ACM, 2000 U.S. Dist. LEXIS 7299, at *6 (D. Ariz. Apr. 18, 2000) (construing “physical damage” beyond “harm of computer circuitry” to encompass “loss of access, loss of use, and loss of functionality”).

[9] Se. Mental Health Ctr., Inc. v. Pac. Ins. Co., 439 F. Supp. 2d 831, 837-39 (W.D. Tenn. 2006) (finding coverage under business interruption policy for computer corruption); see also Scott N. Godes, Ensuring Contingent Business Interruption Coverage, Law360 (Apr. 8, 2009), http://insurance.law360.com/articles/94765 (discussing coverage under first party policies resulting from third party interruptions).

[10] For example, in Retail Ventures, Inc. v. National Union Fire Insurance Co., No. 06-443, slip op. (S.D. Ohio Mar. 30, 2009), the court held that a crime policy provided coverage for a data breach and hacking attack.

[11] See, e.g., Computer Corner, Inc. v. Fireman’s Fund Ins. Co., 46 P.3d 1264, 1266 (N.M. Ct. App. 2002).

[12] See, e.g., Claire Wilkinson, Is Your Company Prepared for a Data Breach?, Ins. Info. Inst., at 20 (Mar. 2006), http://www.iii.org/assets/docs/pdf/informationsecurity.pdf (discussing the Insurance Services Office, Inc.’s endorsement for “electronic data liability”).

[13] See Eyeblaster, Inc. v. Fed. Ins. Co., 613 F.3d 797 (8th Cir. 2010).

[14] See, e.g., Harsco Corp. v. Scottsdale Ins. Co., No. 49D12-1001-PL-002227, slip op. (Ind. Super. Ct. Apr. 26, 2011).

[15] See MBIA, Inc. v. Fed. Ins. Co., No. 08 Civ. 4313, 2009 WL 6635307 (S.D.N.Y. Dec. 30, 2009).

[16] See Eyeblaster, 613 F.3d at 804.

Update:  This post also has been put online over at DoS-Attacks.com.  You can see the post by clicking here.

Second update:  This post also has been put online at the Lexis Insurance Law Community.  You can see the post by clicking here.

Third update:  This post also has been put online on the Blog Notions insurance blog.  You can see the post by clicking here.

Fourth update:  This post also has been put online on Core Compass.  You can see the post by clicking here (registration required).

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2011.

AgentsOfAmerica.ORG features my post: “Insurance Coverage for Cyberattacks and Denial-of-Service Incidents”

If your business suffered losses from a cybersecurity incident, a denial-of-service attack, or some other computer-, network-, or internet-related event, would you know whether your insurance would cover the losses?  If your insurance company denied your claim, would you know whether the insurance company had done so properly?

Well, if you’d like some additional thoughts on these issues, check out my post at the AgentsOfAmerica.ORG website.  They posted my piece titled, “Insurance Coverage for Cyberattacks and Denial-of-Service Incidents” and also featured it in their newsletter.  In my post, I discuss insurance coverage for cyberattacks, cybersecurity events, denial-of-service (DDoS) attacks, and more.  I note a couple of recent cases finding in favor of insurance for these sorts of events under commercial general liability (CGL) insurance policies as well as new cyber insurance policies.

So head over to the AgentsOfAmerica.ORG site and check out my post to see more!

 

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2010.

Directors and officers insurance coverage for Stanford Financial Group losses.

The Bureau of National Affairs recently wrote an article about a new court decision discussing directors and officers insurance coverage for officers of Stanford Financial Group.   In the BNA Corporate Accountability Report, reporters Tom Edmondson and Tina Chi discussed the decision Pendergest-Holt v.
Certain Underwriters at Lloyd’s of London
, No. 10-20069 (5th Cir. Mar. 15, 2010).  (BNA has made the full text of the decision available here.)  In the lede, Mr. Edmondson and Ms. Chi explained:

The Fifth Circuit’s recent ruling in Pendergest-Holt v. Certain Underwriters at Lloyd’s of London underscores the importance of the wording of the prerequisite provisions in the conduct exclusions in directors and officers insurance policies, corporate insurance attorneys told BNA in recent interviews.

The decision discussed the advancement of defense costs under a directors and officers insurance policy that the London insurance market (referred to as Lloyd’s of London in the story).  The story discussed how the court interpreted policy exclusions and limitations, and that the court rejected the insurance company’s interpretation of how the money laundering exclusion applied.

The article also quotes me at the end, providing some pointers and best practices that I gave for policyholders in D&O and other insurance claim disputes.  For example, the article states:

Insureds should also keep in mind that when they want to make a claim under an insurance policy, any
“high-dollar” potential loss, claim, or actual claim will likely cause the insurance company to seek opinions
from sophisticated coverage counsel that represent insurance companies, Godes said. “These insurance
attorneys will advise in terms of what provisions and exclusions may apply,” he said.
Thus, “insureds and policyholders are well advised to take the same approach as these insurance
companies and have counsel involved early so that they can better protect their own rights,” Godes said.

For the rest of my advice, you’ll have to check out the full article.  My firm is hosting a copy of the article online, which can be found here.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2010.

myspace profile views counter

Check out my article, “At Risk: Insurance Coverage for Cyber Security and Data Breaches” in Strategize Magazine.

The fine folks at Strategize Magazine have published an article that I wrote, along with my colleague, Ken Trotter.  The article is titled, “At Risk:  Insurance Coverage for Cyber Security and Data Breaches.”  It’s in the January/February 2010 edition of the magazine.

Strategize is a magazine that promises:

in each issue of Strategize, we’ll clear out the clutter to reveal what’s really relevant. Our aim is to be your one-stop information source that brings the reader to the boardroom, following the national trends that affect business today, and the innovations of our most provocative business leaders.

Our article gives a clear and easy to read overview of insurance coverage for cyber security and data breach claims.  We give real world examples of data breaches and cyber security incidents, and how they affect businesses today.  We also discuss coverage for those types of claims under commercial general liability insurance policies, first party insurance policies, crime policies, directors and officers policies, and more.  Interested?*  Then aim your mouse here to readAt Risk:  Insurance Coverage for Cyber Security and Data Breaches.”

* Even if you’re not that interested in the topic, it’s worth the click to see the cool online magazine format and graphic that they put with the article.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2010.

myspace profile views counter

“Data Breaches Are Not Going Away Will Your Company Be Covered for Those Risks?”

In the December 2009 edition of e-Commerce Law & Strategy, you’ll find my new article:

Data Breaches Are Not Going Away

Will Your Company Be Covered for Those Risks?

By Scott Godes

Because the costs of data breaches can be so astronomically high, the importance of ensuring that e-commerce and other types of firms have insurance to cover such claims cannot be overstated.

I don’t want to give away the entire article…but, as you might imagine, I discuss the availability of insurance coverage for data breaches within the piece.  The article analyzes coverage under Commercial General Liability, Business Owners Policies, and other sources of insurance coverage for data breaches.  Click on over for the full version of the article.

Update: A reprint of the full article now is available here.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2009.
myspace profile views counter

Presentation on Your Cyber Security Strategy — How to Capitalize on New Opportunities & Mitigate Risks

Interested in cyber security issues?  Please join me for the following program (now archived here), live or via webinar, presented by the Washington Metropolitan Area Corporate Counsel Association:

WMACCA Government Contractors Forum: Your Cyber Security Strategy — How to Capitalize on New Opportunities & Mitigate Risks

Dec 9, 2009
8:00 AM – 10:00 AM
LIVE at Gannett Co., Inc., 7950 Jones Branch Drive, McLean, Virginia OR by WEBCAST from your desk.

Overview

As the corporate world becomes more and more virtual, the need for cyber and data security has never been greater. Understanding the Administration’s new cyber security initiatives and changes on the legislative front can give companies a competitive advantage in developing comprehensive cyber security programs. If your business is grappling with emerging threats, limited funds, and slow procurement processes, you are not alone.  Find out how to capitalize on the opportunities available through the Safety Act and other mechanisms to protect your company, and how your insurance coverage policies may cover potential liabilities. This program will address what you need to know, what you need to do, and how to “just do it.”

Speakers

Presented by Scott N. Godes, [formerly] of Dickstein Shapiro LLP; David Kessler, Senior Corporate Counsel, Symantec Corporation; Kenneth A. Mendelson, Managing Director, Stroz Friedberg. Moderated by Brian E. Finch of Dickstein Shapiro LLP.

Notes

Breakfast will be provided on-site from 8:00 – 8:30 a.m.  The program and webcast will begin at 8:30 a.m.

Webcast Log-In Instructions:
1. Go to http://www.ec.commpartners.com
2. In the middle of the page where it says Meeting Number, type the following number –340258
3. Click Enter
4. Type your full name and e-mail address when prompted

CLE

Credits: 1.5 hour pending
State: Virginia
Category: General

Contact

Robin Hayutin
Phone: 703-242-8773
E-mail: robin.hayutin@wmacca.com

Location

LIVE at Gannett Co., Inc., 7950 Jones Branch Drive, McLean, Virginia OR by WEBCAST from your desk.

703-854-6000

Sign Up

Cost

Free of charge

View All Events

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2009.
myspace profile views counter

Steve Goldberg: “Insurers Too Often Want to Weasel Out of the D&O Insurance They Sold.”

WeaselShould this be the new corporate mascot for insurance companies?  The weasel?  Maybe so, based on the title of my colleague, Steve Goldberg’s post:  “Insurers Too Often Want to Weasel Out of the D&O Insurance They Sold.”

Steve explains over at the Catastrophic Insurance Coverage blog that “Fortunately, [insurance companies] don’t always succeed, as evidenced by the recent decision discussed below.”

In his post, Steve gives a nice analysis about some of the arguments that insurance companies make when trying to deny coverage for D&O claims.  Steve starts out by explaining:

One of the many ways that some insurance companies try to avoid honoring their obligations under D&O insurance policies is to claim that one of the many insureds included within the coverage of the policy took some action that assisted the plaintiffs in the lawsuit against the company and its directors and officers. In doing so, they rely upon the insured vs. insured exclusion. That exclusion is frequently called by way of shorthand the IVI exclusion.

The line from Steve’s post that struck me as most important for corporate policyholders, directors, and officers to keep in mind is:

The moral of these two cases is simple: when the stakes are high, as they most always are in these types of D&O coverage disputes, an insured needs to be ever vigilant and perhaps aggressive when dealing with its carriers as the carriers will often themselves be quite aggressive in seeking to deny coverage.

Steve goes on to discuss recent authority in which courts refused to let insurance companies weasel out of their D&O policy obligations.  It’s worth clicking over to Steve’s blog, the Catastrophic Insurance Blog, and giving the piece a read.

rssAnd if you haven’t already added Steve’s feed to your newsreader, here’s the link to do so.  I added the feed to my Google Reader subscription list as soon as I saw the blog go live.  You can also add the feed for the Corporate Insurance Blog to your newsreader by clicking here.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2009.
myspace profile views counter

Lexis’ Insurance Law Blog Features My Post Regarding Independent Director Liability Insurance Policies

This month, the featured topic over at the Lexis Insurance Law Center is “Current Topics are Misrepresentation and D&O/Professional Liability/Financial Crisis.”  Karen Yotis, who does a terrific job running the ILC, has been kind enough to feature one of my pieces, Extra Insurance Coverage for Outside Directors in Times of Financial Uncertainty: An Overview of Independent Director Liability Policies, which you can find by clicking here.

In the introduction of the piece, I give an overview of Individual Director Liability insurance policies, and explain that:

In these times of financial uncertainty, outside directors on corporate boards of directors may request that the companies’ boards companies purchase Individual Director Liability (IDL) insurance for them. Generally speaking, IDL insurance is just for outside or independent directors of a company and, depending on the form in which it is written, may offer independent directors additional insurance protection if the corporate policyholder’s insurers were to attempt to deny or rescind coverage under the policyholder’s directors and officers insurance policy.
I also note that:
There is a dearth of case law on this issue, but commentary on Delaware corporate law, for example, suggests that it would be appropriate for a corporation to buy IDL policies for its outside directors; the intent of the drafters of Section 145(g) of the Delaware Corporation Law appears to recognize that Delaware corporations may purchase insurance for their executives’ benefits, allowing “corporation[s] to do directly what [they] had been doing indirectly for years: reimbursing directors for premiums they paid personally to maintain such insurance.” E. Norman Veasey, Jesse A. Finkelstein & C. Stephen Bigler, Delaware Supports Directors with a Three-Legged Stool of Limited Liability, Indemnification, and Insurance, 42 Bus. Law. 399, 419 (1987). Thus, if a policyholder chose to purchase IDL policies for its independent directors, a policyholder could argue that it was replicating what independent directors could have done previously under Delaware law (i.e., purchase their own individual policies).
I advise independent directors and officers and corporate policyholders that:
A policyholder should consider whether the proposed policy forms, whether individual or group, provide natural person-specific or position-specific coverage. IDL insurance may be flexible on this issue, possibly tailored to the insured’s requests to provide coverage for all independent directors, board committee members, or even individual board members. For example, National Union (an AIG insurance company) stated in a 2004 article that when writing its “IDL Premier” policy, which usually “insure[d] all non-executive directors,” “the definition of ‘insured’ can be amended to include only a limited number of individuals (such as the audit committee) or even only one individual (such as the financial expert).” D&O Insurance in 2003/2004, Briefing Paper, 1449 PLI/Corp 439, 456 (2004).

For additional analysis and advice, click on over to the original post at the Insurance Law Center.

myspace profile views counter

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2009.

Should Outside Directors Request the Purchase of Independent Director Liability Policies?

Scott N. Godes [formerly] is counsel in Dickstein Shapiro’s Insurance Coverage Practice.

Should outside directors on corporate boards of directors request that the companies’ boards companies purchase Individual Director Liability (IDL) insurance for them?  Generally speaking, IDL insurance is just for outside or independent directors of a company and, depending on the form in which it is written, may offer independent directors additional insurance protection if the corporate policyholder’s insurers were to attempt to deny or rescind coverage under the policyholder’s directors and officers insurance policy.

Read the rest of the post here, at Securities Docket.

myspace profile views counter

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2009.

New York Court Affirms D&O Coverage for Derivative Claims and Requires Advancement of Defense Costs

Scott N. Godes [formerly] is counsel in Dickstein Shapiro’s Insurance Coverage Practice.

Should a directors and officers (D&O) insurance policy cover derivative claims? And should a D&O insurance policy advance defense costs? A recent decision from New York’s Appellate Division, First Department, reaffirmed that the answer is “yes” to both questions, and rejected an insurance company’s arguments to the contrary. In Trustees of Princeton University v. National Union Fire Insurance Co. of Pittsburgh, Pa., 15 Misc. 3d 1118A (Table), 839 N.Y.S.2d 437 (Table), 2007 N.Y. Misc. LEXIS 2350, (Sup. Ct. Apr. 10, 2007), aff’d, 52 A.D.3d 247, 859 N.Y.S.2d 174 (1st Dep’t 2008) (“Trustees of Princeton”), an insurance coverage dispute, AIG, through its insurer National Union, tried to escape from providing D&O insurance coverage for direct and derivative claims under its D&O policy and had refused to advance defense costs.

Read the rest of the post here, at Securities Docket.

myspace profile views counter

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2009.

Extra Insurance Coverage For Outside Directors In Times Of Financial Uncertainty: An Overview Of Independent Director Liability Policies

In these times of financial uncertainty, outside directors on corporate boards of directors may request that the companies’ boards companies purchase Individual Director Liability (IDL) insurance for them. Generally speaking, IDL insurance is just for outside or independent directors of a company and, depending on the form in which it is written, may offer independent directors additional insurance protection if the corporate policyholder’s insurers were to attempt to deny or rescind coverage under the policyholder’s directors and officers insurance policy.

In 2004, John Keogh, now the CEO of ACE Overseas General and formerly AIG’s Senior Vice President, Domestic General Insurance and President and CEO of AIG’s insurance subsidiary, National Union, gave a presentation regarding AIG’s IDL coverage at a Practising Law Institute seminar during which he expounded on AIG’s marketing points for its IDL coverage:
National Union recognizes that non-employee directors have unique and distinct needs, especially in the post-SOX environment. They deserve to have the option of a D&O policy that exists exclusively for their benefit. IDL Premier is the insurance product to satisfy this demand.
IDL Premier cannot, under any circumstance, be rescinded. It is structured as an A-side excess policy that will cover non-employee directors in the event that the traditional, underlying D&O program has been exhausted. It also responds during four specific circumstances where the personal assets of directors are put at risk because their traditional D&O policy does not cover them. These circumstances are:
1.         The traditional D&O program has been rescinded;
2.         The claim has been excluded due to a breach of a non-severable warranty in the traditional D&O policy’s application;
3.         The claim has been excluded due to a restatement exclusion; or
4.         Access to the proceeds of the traditional D&O program has been blocked because the D&O program is deemed a part of the bankrupt corporation’s estate.
If any of these four events occur, IDL Premier will pay on behalf of non-employee directors immediately for both indemnifiable and non-indemnifiable loss and with no retention. IDL Premier can be amended in three fundamental ways. Although it is defined to insure all non-executive directors, the definition of “insured” can be amended to include only a limited number of individuals (such as the audit committee) or even only one individual (such as the financial expert).
The policy can also be amended to provide cover for only the four triggers – as opposed to also being an A-side excess policy. Because National Union views the likelihood of one of the four events occurring as slim, National Union will be aggressive in pricing this option competitively. The third option will include a Difference in Conditions feature and will be the broadest form of cover available exclusively for non-employee directors.
John Keogh, D&O Insurance in 2003/2004, Briefing Paper, 1449 PLI/Corp 439, 456 (2004).
An article regarding an early Aetna Casualty & Surety IDL policy similarly explained that IDL coverage is designed “to provide supplementary coverage to a company’s basic D&O coverage.” Edward Yodowitz, Protecting Officers And Directors Through Effective Use Of Insurance, Indemnification, And Statutory Limitations On Liability, Securities Litigation 1988: Prosecution and Defense Strategies, 351 PLI/Lit 601, 632 (1988).
There is a dearth of case law on this issue, but commentary on Delaware corporate law, for example, suggests that it would be appropriate for a corporation to buy IDL policies for its outside directors; the intent of the drafters of Section 145(g) of the Delaware Corporation Law appears to recognize that Delaware corporations may purchase insurance for their executives’ benefits, allowing “corporation[s] to do directly what [they] had been doing indirectly for years: reimbursing directors for premiums they paid personally to maintain such insurance.” E. Norman Veasey, Jesse A. Finkelstein & C. Stephen Bigler, Delaware Supports Directors with a Three-Legged Stool of Limited Liability, Indemnification, and Insurance, 42 Bus. Law. 399, 419 (1987). Thus, if a policyholder chose to purchase IDL policies for its independent directors, a policyholder could argue that it was replicating what independent directors could have done previously under Delaware law (i.e., purchase their own individual policies).
A policyholder should consider whether the proposed policy forms, whether individual or group, provide natural person-specific or position-specific coverage. IDL insurance may be flexible on this issue, possibly tailored to the insured’s requests to provide coverage for all independent directors, board committee members, or even individual board members. For example, National Union (an AIG insurance company) stated in a 2004 article that when writing its “IDL Premier” policy, which usually “insure[d] all non-executive directors,” “the definition of ‘insured’ can be amended to include only a limited number of individuals (such as the audit committee) or even only one individual (such as the financial expert).” D&O Insurance in 2003/2004, Briefing Paper, 1449 PLI/Corp 439, 456 (2004).
Even if a policyholder purchases IDL policies for each individual outside director, the directors should be advised that such policies, generally speaking, often are limited to a director’s service for one company’s board. If a director serves on more than one board, that director might need a separate policy for each board.
When considering the purchase of additional insurance coverage for a policyholder’s independent directors, a policyholder should note the variety of policies potentially available and the additional features that they may offer when compared to D&O policies that include Side B or Side C coverages. For example, one notable feature included in certain IDL and similar types of policies is the insurers’ agreement to not rescind the coverage, whereas rescission is an often-raised tactic in D&O insurance coverage litigation. Thus, even if the insurers writing a policyholder’s other D&O policies attempted to rescind a policyholder’s policies that contain entity coverage, the insurers should not be able to attempt to rescind these IDL and similar policies.
In conclusion, IDL policies likely will be of interest to outside directors. In uncertain financial times, insurance policies are more of a valuable asset than ever, and policyholders should take all steps possible to request the best possible forms and coverage terms for the insureds under the policies.
This was posted originally at Lexis’ Insurance Law Center.

myspace profile views counter

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2009.

Delaware Court Refuses to Apply Pro Rata Allocation to Directors and Officers Insurance Policy and Rejects Excess Insurers’ Attempts to Deny Coverage Because There Were Settlements of Lower Layers of Coverage

In HLTH Corp. v. Agricultural Excess & Surplus Insurance Co., No. 07C-09-102-RRC, 2008 Del. Super. LEXIS 280 (Del. Super. Ct. July 31, 2008), the insurance companies that sold HTLH Corp. multiple directors and officers insurance policies tried to limit their obligation to pay defense costs by asking the Delaware Superior Court to apply a pro rata allocation of defense costs. The excess insurers tried to avoid paying at all, asserting that because there were settlements of the lower layers of coverage for less than the full policy limits, the excess insurers did not have to pay at all. The court correctly rejected both arguments.

Access a full copy of the opinion on Lexis.com.

The court decided properly that the insurers could not rely on a pro rata allocation of defense costs.

The corporate entity insureds under the directors and officers insurance policies in question went through various corporate transactions, including name changes and acquisitions, and there were multiple towers of coverage at issue in HLTH Corp. See 2008 Del. Super. LEXIS 280, at *5-*9. The underlying actions at issue were indictments against certain former directors and officers, with allegations of improper inflation of the earnings of the corporate insured entities. See generally id. at *10-*12. The plaintiff corporate insured entity HLTH Corp. (HLTH) indemnified the former directors and officers for the defense costs that they incurred in defending the underlying actions. See id. At *9-*10 HTLH “assert[ed] claims for coverage only” under two out of the three triggered towers of coverage; the third tower contained a $10 million deductible, and HTLH did not seek coverage under that tower. Id. at *13. Of those two towers under which HTLH asserted claims for coverage, “[t]he limits of the policies” in one of the two towers “[we]re no longer available as a result of” multiple coverage settlements. Id.

As they have sought to do in other cases involving general liability policies, the insurers asked the court to invent a pro rata allocation scheme that was found nowhere in the policies. See id. at *21-*22; see also, e.g., Rich Scislowski, Allocating Losses under a 1973 CGL, Int’l Risk Mgmt. Inst., Inc., Sept. 2007, http://www.irmi.com/expert/Articles /2007/Scislowski09.aspx (“pro rata allocation is a theory that ‘was invented out of whole cloth by the federal courts as a mere judicial convenience.’”); cf. Consol. Edison Co. of N.Y., Inc. v. Allstate Ins. Co., 774 N.E.2d 687, 695 (N.Y. 2002) (admitting that courts have created various methods to implement the insurers’ pro rata theory). The insurers sought to allocate 77 percent of the defense costs to the towers that were unavailable because of settlement and had a large deductible, suggesting that they had reached the percentages by considering “the alleged dates of their occurrences as set forth in the indictment” and assigning them “to each tower’s coverage period and then dividing by the total.” HLTH Corp., 2008 Del. Super. LEXIS 280, at *31-*32.

The court explained that, although the insurers had conceded that each of the three towers of coverage was obligated to pay defense costs independently, the insurers nonetheless argued that each policy’s promise to pay should be limited because the insured had settled some coverage and had a high deductible for other coverage. See id. at *29-*34. The court rejected the insurers’ requests, looking to Delaware and New Jersey law. See id. at *32-*35. The court explained that the proposed pro rata allocation was not found in “any contract provision or case that would specifically require it.” Id. at *32. The court explained further that had the insurers wished to limit their obligations, they “could have explicitly included an allocation requirement in their contracts that would require the very allocation that they now ask this Court to order, but they did not.” It is a well-accepted concept in insurance coverage law that if an insurer could have included restrictive language in a policy, but did not, it cannot then enforce this restriction in litigation. Id. at *37-*38; see, e.g., Hercules, Inc. v. AIU Ins. Co., 784 A.2d 481, 491 n.28 (Del. 2001) (Refusing to grant insurers’ requests for pro rata limitation of CGL because “the policies could have contained proration provisions, but did not.”) In addition to the strict construction reason for rejecting the insurers’ arguments, the court noted that the insurers’ requests to limit artificially their coverage obligations would be “unfair to” the insureds. HLTH Corp., 2008 Del. Super. LEXIS 280, at *32.

The court decided properly that the lower layers of coverage were exhausted as a matter of law.

The insurers also raised a “supplementary argument” that, because the insureds could not demonstrate “exhaustion of the underlying policies,” due to their decisions to settle lower layers of coverage for less than the full policy limits, the remaining insurers would never be obligated to pay under their policies. Id. at *42-*43. The insurers relied on the following clause to support their argument:

Only in the event of exhaustion of the Underlying Limit by reason of the insurers of the Underlying Insurance, or the insureds in the event of financial impairment or insolvency of an insurer of the Underlying Insurance, paying in legal currency, loss which, except for the amount thereof, would have been covered hereunder, this policy shall continue in force as primary insurance, subject to its terms and conditions and any retention applicable to the Primary Policy, which retention shall be applied to any subsequent loss in the same manner as specified in the Primary Policy. The risk of uncollectability of any Underlying Insurance, whether because of financial impairment of insolvency of art [sic] underlying insurer [sic] other reason, is expressly retained by the Insureds and is not in any way insured or assumed by the Company.

Id. at *43.

The court held that under New Jersey and Delaware law, the excess layer policies are responsible for covered amounts in excess of the lower layer policy limits. See id. at *44. It was irrelevant whether the insured collected the full amount of the lower layers’ coverage limits; as long as the underlying liability reached the upper layers’ attachment point, the upper layers were obligated to respond. See id. at *45. The court explained it rejected the argument that the upper layers would not attach if the insured had settled the lower layers of coverage for less than their policy limits, because “the excess insurance company could not possibly claim to have a stake in whether the insured actually received all of the underlying insurance limits.” Id. In so ruling, the court rejected Qualcomm, Inc. v. Certain Underwriters at Lloyd’s, London, 161 Cal. App. 4th 184; 73 Cal. Rptr. 3d 770 (2008), review denied, 2008 Cal. LEXIS 6969 (Cal. June 11, 2008) and Comerica Inc. v. Zurich American Insurance Co., 498 F. Supp. 2d 1019 (E.D. Mich. 2007), two decisions on which the insurers relied on to support their argument that the lower layer settlements would vitiate the upper layers’ coverage obligations. See id. at *46. The court explained that those decisions are “contrary to the established case law of New Jersey and Delaware.” Id. The court concluded by holding that “to the extent that [the insureds’] defense costs exceed any loss they may have imposed on themselves by accepting settlements with underlying insurers for less than the policy limit, . . . those underlying policies have been exhausted as a matter of law.” Id. at *47.

Conclusion

The HLTH Corp. decision correctly rejected the insurers’ attempt to create a pro rata allocation of defense costs that is not supported by policy language, case law, or fairness, thereby ensuring that the insureds could recover their full defense costs. The decision also correctly rejected the insurers’ attempts to use the insureds’ decisions to settle its lower layer coverages as a sword against the insureds, and ruled that the lower layers of coverage were exhausted as a matter of law.

Scott Godes [formerly] is counsel in Dickstein Shapiro’s Insurance Coverage Practice. Mr. Godes focuses on representing corporate policyholders in insurance coverage disputes. He is an experienced litigator who has an extensive background trying complex insurance coverage disputes, including class actions, in state, federal, bankruptcy, and appellate courts, as well as in commercial arbitrations.

This was posted originally at Lexis’ Insurance Law Center.

myspace profile views counter

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2009.

Scott N. Godes on Sun-Times Media Group, Inc. v. Royal & SunAlliance Insurance Co.: The Superior Court of Delaware’s Decision Requiring the Advancement of Defense Costs Under Directors and Officers Insurance Policies

Scott N. Godes [formerly] is counsel in Dickstein Shapiro’s Insurance Coverage Practice.

In Sun-Times Media Group, Inc. v. Royal & SunAlliance Ins. Co. of Canada, the Delaware Superior Court considered insurers’ usual arguments as to why they should be able to refuse to advance defense costs, as they promised to do in their policies. The Sun-Times decision considered, and rejected, arguments that the insurers did not have to advance defense costs because of personal conduct exclusions, consent to settle and cooperation clauses, and the priority-of-payments clauses.

Read the rest of the post here, at Lexis’ Insurance Law Center.

myspace profile views counter

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2009.