by ~ James Kitces (Email) (Web Site)
In the second presentation at the 2014 MReBA Symposium, panelists led an engaging discussion of important issues emerging in the insurance and reinsurance of liability claims. John Harding, an attorney specializing in reinsurance and complex coverage litigation, acted as moderator for an experienced panel that included Randal Leffelman of Munich Re, Bill Perry of Carter Perry Bailey LLP (London), and Jason Verdone of The Hartford. The discussion focused on cyber risk liability and employer liability for injuries to workers.
The panelists began the program with a discussion of cyber liability and data breach issues. The panel discussed some of the recent, noteworthy data breaches that have been widely reported in the news. The recent breaches at Home Depot and Target alone involved 80 million customers. All agreed that cyber risks are not going away, that the risks presented are increasing due to the sophistication of hackers, and that insurers and reinsurers must understand cyber risks to enable them to address and respond appropriately to those risks. The panel emphasized that in today’s age it is not a question of if a company’s systems will be hacked, but when.
The panel also described how the cyber insurance market is growing. More than three-quarters of mid- to large-sized companies plan to purchase cyber insurance within the next year. Other policies such as D&O, E&O, and commercial crime can be implicated in cyber losses as well. Cyber liability policy forms vary greatly and cover a variety of first- and third-party risks. First-party coverage can include loss of income and costs incurred in connection with data loss, forensic investigations, crisis management, and cyber extortion. Third-party coverage can include liability arising from privacy breaches, infections of third party systems, and many other types of costs and expenses. Importantly, the panel noted that reinsurance policies are evolving to address these risks.
A discussion of cyber risk issues affecting insurers and reinsurers ensued. The limited case law involving cyber liability claims has primarily focused on coverage issues arising under general liability policies, but it was predicted that cases will begin to develop under other types of policies as well, such as first-party property policies. Issues such as the applicable date of loss and the applicability of sub-limits have not been standardized, and instead, are still developing because of the emerging nature of cyber risk. The panel engaged the audience in a dialogue about a host of coverage issues that may be implicated in cyber losses. The issues included, among others, whether there is coverage if personal data is stolen but not used, and how the date of loss is determined if the breach is not discovered for a long period of time.
The panel discussed recent cases, including the decision in a New York trial court case, Zurich American Insurance Co. v. Sony Corporation of America (N.Y. Sup. Ct. Feb. 21, 2014). In Sony, the court agreed with Zurich that in order for there to be coverage for “personal and advertising injury,” the insured must make an oral or written publication that violates a person’s right of privacy. In other words, the court held that the unauthorized use by a third party hacker does not constitute the required publication. However, the panel agreed that the Sony ruling would not end the debate on this issue and that, in general, the legal environment for cyber risk cases varies greatly among jurisdictions.
Finally, on the cyber risk front, the panel discussed how the market is trying to adapt to the growing threat of cyber loss. A primary concern for insurers and reinsurers is the ever expanding use of the internet and the greater potential it creates for disruption in the marketplace. Perhaps reflecting this concern, the 2014 ISO form contains an exclusion for “Access or Disclosure of Confidential or Personal Information.” The exclusion applies even if damages are claimed for notification costs, credit monitoring, public relations expenses, and other costs incurred arising out of access to or disclosure of any person or organization’s confidential or personal information.
Next, the panel switched gears and discussed employer liability claims, including recent cases involving claims by injured workers directly against employers. For example, the panel noted that earlier this year a court in Illinois ruled that the exclusivity provision of Illinois’ workers compensation act did not bar a claim against a former employer for asbestos-related diseases. Folta v. Ferro Eng., 14 N.E.3d 717 (Ill. App. 2014). The court found that because the former employee was diagnosed 41 years after his employment ended, he had no opportunity to seek compensation under the workers compensation act. Thus, the court found that an exception to the workers compensation exclusivity provision applied. In contrast, the Supreme Court of Washington held this year that the intentional act exception to the workers compensation bar did not apply in an asbestos case, as the court found that the employer did not have knowledge that an injury was certain to occur. Walston v. Boeing, 2014 WL 4648090 (Sept. 18, 2014).
The panel concluded the presentation by noting that administration of claims involving new exposures such as cyber liability and liability arising from social media requires more data than was typically needed in the past for other, more traditional types of claims. These newer types of claims result in increased pressures on insurers, including heightened scrutiny by reinsurers as well as increased pressure within insurance companies in terms of setting reserves and obtaining accurate claim data.
Mr. Kitces is an attorney in the Boston office of Robins, Kaplan, Miller & Ciresi L.L.P. He may be reached at firstname.lastname@example.org.
The 2014 MReBA symposium presentations were for educational purposes only. Views expressed by panelists at the symposium were their own and did not represent the views of their respective companies, law firms, or clients, nor do they represent the views of Robins, Kaplan, Miller & Ciresi L.L.P.
© 2014 Robins, Kaplan, Miller & Ciresi L.L.P. All rights reserved.
« Back to Articles