Corporate officers and directors should be able to lead confidently and sleep at night without worrying that their personal assets may be at risk because of personal liability. D&O insurance provides such “sleep at night” coverage for claims alleging breach of their duties. However, there are a few key issues to consider when purchasing a D&O policy that can maximize coverage.
The Midwest is experiencing record-breaking flooding this year, bringing back memories of the devastating and costly floods of 1993. Without a doubt, business losses and business interruption claims will be substantial. This post explores when an insured might have coverage for business interruption even if it does not incur significant flood-damage to its own property. As with any coverage claim, the merits will depend on the specific language in the policy and the specific circumstances of the claimed loss. But, here’s a rundown of some common policy provisions and issues to keep in mind.
In an Opinion dated May 29, 2019, the U.S. Court of Appeals, Fifth Circuit, ruled in Travelers Indemnity Co. v. Ethel Mitchell that multiple insurers must provide coverage to a defendant county and its officials sued in a §1983 wrongful imprisonment lawsuit, including certain insurers who issued policies in post-conviction years.
For several years, Lathrop Gage’s Insurance Recovery and Counseling team has been front-and-center at RIMS’ annual conference. This year’s event – taking place April 28-May 1 in Boston – is no exception! We will have a team onsite at booth #549 on the tradeshow (please come by and see us if you’re there), and we have several speaking engagements lined up.
This month, when many are working with inspiration towards their New Year’s resolutions, we urge each business policyholder to set a goal fitting of our modern high-tech age: checking its cyber insurance.
Cyber insurance is something of a fluid catch-all term, but insureds generally seek it to provide coverage for computer-based perils, such as those arising from unauthorized computer access (“hacking”), malicious software (“malware”), email fraud (“phishing” or “spoofing”), network failure or inaccessibility (“ransomware”), and the resulting breach or disclosure of protected data. Such insurance can be either first-party (covering the insured’s own losses arising from, say, a computer system malfunction, a disgruntled employee, or a cyber criminal) or third-party (covering the insured’s liability to, say, its consumers for a data breach or the government for regulatory fines).
Lathrop Gage Partners Bill Beck and Mike Abrams were recently profiled by Super Lawyers for their success in securing compensation for individuals who have been wrongfully convicted, individuals who have often spent decades in prison for crimes they did not commit. Lathrop Gage’s Civil Rights Insurance Recovery Practice group leads the nation in securing insurance proceeds for wrongfully convicted persons, recovering over $150 million for wrongfully convicted individuals and their families since 2004. Additionally, the firm has partnered with the Midwest Innocence Project to help exonerate individuals who are currently in prison for crimes they did not commit and helped to facilitate the recent release of Laquanda “Faye” Jacobs, who spent 26 years in prison after being wrongfully convicted of capital murder at the age of 16.
Interviewed by Alana McMullin and David Scheidemantle of Lathrop Gage’s Insurance Recovery & Counseling Group.
In a recent decision, the United States Court of Appeals for the Sixth Circuit considered whether a “criminal acts” exclusion in a first-party commercial insurance policy barred coverage for damage to leased property caused by the insured’s tenant in the operation of a marijuana cultivation business. K.V.G. Properties, Inc. v. Westfield Insurance Co., 2018 U.S. App. LEXIS 232296, 2018 FED App. 0178P, 2018 WL 3978211 (6th Cir. Aug. 21, 2018). Marijuana remains illegal as a Schedule 1 drug under federal law but is protected in certain circumstances under the law of Michigan, where the insured property was located. Fatal to the insured’s case, it had pleaded in an eviction proceeding that the tenant’s activities were illegal, which the Sixth Circuit took as an admission that the tenant’s conduct was illegal under Michigan as well as federal law, landing the claim within the confines of the criminal acts exclusion. While paying lip service to black letter law that the insurer bears the burden of establishing the applicability of an exclusion, the court nevertheless ruled against the insured because it had provided no evidence that the tenant had complied with Michigan’s marijuana laws. The court left open whether the exclusion still would have applied had the insured made such a showing (and hinted the outcome might have been different had the insured done so).
The CDC estimates that 1 in 6 Americans get sick from contaminated foods or beverage each year, and that 3,000 people die, resulting in total food-borne illness costs of more than $15.6 billion dollars each year. Those numbers are not surprising when food recalls seem to be an almost weekly occurrence, with salmonella-tainted foods prominently featured in multiple large-scale outbreaks in 2018. Although food contamination seems to be on the rise, experts suggest that frequency is up – not due to an actual increase in outbreaks – but, instead because we are better equipped to identify and track outbreaks. Thanks to genome sequencing, we can look at food’s DNA fingerprint to better identify its source. Even so, it is still difficult to identify precisely where in the food supply chain the contamination began. As a result, every entity in the supply chain can be, and often is, affected when contamination is discovered.
This reality can present numerous insurance coverage challenges, and all companies ranging from ingredient suppliers to processors and retailers should consider what coverage best fits their needs based on their most likely exposure given their position in the food supply chain. In reviewing coverage options, it is important to realize that not all product recall and/or contamination coverage is the same (and some policies may be triggered only by contamination, while others are triggered only by a mandatory recall).
Further, it bears noting that general liability coverage is still a relevant potential source of coverage. Bodily injury claims are the classic case for invoking a general liability policy, but even certain third-party property damage in a contamination/recall situation may also enjoy coverage under a traditional general liability policy. See, e.g., Neth. Ins. Co. v. Main St. Ingredients, Ltd. Liab. Co., 745 F.3d 909, 911 (8th Cir. 2014) (insurer had duty to defend and indemnify insured that inadvertently sold salmonella-contaminated dried milk to Malt-O-Meal, which then incorporated the milk into its instant oatmeal products).
For more information about recovering insurance in the event of a recall, continue reading here.
Hurricane Florence has caused devastation throughout the Carolinas, including as-yet-unknown property damage, business interruption, environmental contamination, and most tragically, loss of life.
When a disaster like Florence occurs, corporate policyholders enter crisis mode, doing everything they can to make sure business losses are mitigated to the extent possible, providing workarounds for customers, and generally making every effort to salvage what they can and assess the losses incurred. What might not be on any policyholder’s radar screen, however, are the steps that can be taken now to maximize insurance coverage and recovery once the immediate crisis is over.
Remember those spam emails from Nigerian royal family members needing to transfer millions of dollars out of Nigeria, requesting the recipients provide banking and personal information to “hold” the funds or otherwise front money to the fraudster to pay taxes and fees? While most people have (hopefully) wised up to that scheme, a more insidious and devastating fraud has taken hold in the corporate world – the “social engineering” scheme.
“Social engineering” schemes are shades of the Nigerian letter scams, except the fraudster pretends to be someone affiliated with your company, such as a contractor or vendor. The emails are convincing even to sophisticated employees, often instructing the recipient to follow “corporate procedures” to complete the money transfer.
Typically, this is how the scheme works:
(i) Your employee receives a phishing email from a spoofed address where the fraudster pretends to be affiliated with your company and requests a transfer of an (often substantial) amount of money;
(ii) Your spoofed employee follows in-house protocols with respect to the requested transfer, sometimes even getting approval from more senior level management;
(iii) Your employee makes the transfer to the fraudster’s account; and
(iv) Your company discovers the fraud only after the transfer.
Many companies are shocked to find only after the fact that their insurance carriers do not cover these losses. Unfortunately, not having appropriate cyber coverage can be a devastating mistake. The National Cyber Security Alliance found that as much as 60 percent of hacked small and medium-sized businesses go out of business within six months after being hit with a cyber-attack.
Businesses can greatly reduce the threat by mitigating cyber risks through managerial and technical processes, including implementing security measures such as firewalls, duo layer computer access, limiting employee access to sensitive data information, analysis of third party vendor’s security procedures, and regular and thorough training of employees. However, even the best measurers cannot fully neutralize cyber threats. Businesses remain vulnerable because of the “human factor” associated with these schemes; a skilled fraudster executes a social engineering scheme with the (unwitting) help of an innocent employee.
Recent court decisions highlight the importance of closely reviewing cyber policies to ensure that “social engineering” scams are fully covered. In Apache Corporation v. Great American Insurance Company, 662 F. App’x 252 (5th Cir. 2016), for example, the court held that the policyholder was not covered for social engineering attack despite having “computer fraud” coverage providing coverage for “loss of … money … resulting directly from the use of any computer to fraudulently cause a transfer of that property….” The Apache employee received a spoofed email with a signed letter on the vendor’s letterhead, instructing the employee to change the vendor’s account information and submit future payments to the new (fraudulent) account. The employee even called the telephone number provided on the (forged) letterhead and verified the request, while still another employee approved the transaction. Apache thereafter submitted payments to the new account. The Fifth Circuit held that the $2.4 million loss was not covered because the computer use was not the direct result of the loss, but “merely incidental” to the fraud.
This case highlights how critical it is to companies to transfer the risk of all cyber-attacks through comprehensive cyber coverage, particularly to cover risks that cannot be fully mitigated by security measures because of the “human factor.” For this reason, it is important to review policy terms to assess the scope of coverage with your broker before your company is attacked.