Policyholders

Subscribe to Policyholders

The U.S. Securities and Exchange Commission (“SEC”) implemented rules governing registrants’ disclosure requirements pertaining to cybersecurity risk management, governance, and incident reporting on July 26, 2023. These rules are likely to give rise to novel issues pertaining to public companies’ insurance portfolios, in particular, directors’ and officers’ liability (“D&O”) and cyber insurance policies. This post provides a short overview of the rules and some of the insurance issues likely to arise going forward.

The SEC’s cyber security disclosure rules and increased exposure

The new rules require registrants to disclose information in three categories: (1) cybersecurity risk management; (2) cybersecurity governance; and (3) cybersecurity incident reporting.

With regard to cybersecurity risk management and governance, public companies are now required to annually report their cybersecurity risk processes and governance of risks in Form 10-K SEC. Under the cybersecurity risk management disclosure rules, registrants have to describe how they assess, identify, and manage material cybersecurity risks and whether they have materially affected or are reasonably likely to materially affect their businesses. Similarly, under the cybersecurity governance disclosure rules, registrants have to describe board oversight of cybersecurity risks and the role management plays in assessing and managing material cybersecurity risks.

Continue Reading Insurance coverage implications of SEC’s cybersecurity disclosure rules

An indemnification provision is a legally binding agreement between two parties specifying that one party (indemnitor) will compensate the other party (indemnitee) for any losses or damages that may arise from a particular event or circumstance. This type of provision appears in nearly all commercial contracts and is an important tool to allocate risk between parties. As a result, indemnification is one of the most commonly and heavily negotiated contract provisions. 

For companies doing business across state lines, it is critical to consider differences in states’ laws regarding indemnification. This blog post highlights just a few differences between the laws of neighboring states—Pennsylvania, Delaware, and New Jersey—and the importance of drafting clear contractual indemnity provisions with reference to which state law governs.

Continue Reading The importance of drafting clear contractual indemnity provisions

In addition to insurance companies’ broad duty to defend all claims arising from complaints seeking damages potentially covered by their policies, Pennsylvania law provides an opportunity for policyholders to have their insurance companies pay for litigation costs associated with claims and/or suits that overlap or are intertwined with a suit the insurance company is already defending.  

The magic words are “inextricably intertwined”

Policyholders may seek defense costs for related litigation if those claims are made as: (1) counterclaims in suits the insurance company is already defending, or (2) separate, independent lawsuits with facts or defense work that overlap with a suit the insurance company is defending. The insurance company’s duty to defend such related claims is not automatic, however. Pennsylvania courts make it clear that in both instances, the cases or claims must be “inextricably intertwined” in order to trigger the insurance company’s obligation to pay litigation costs.

Continue Reading Insurers must foot the bill for “inextricably intertwined” counterclaims in Pennsylvania 

The U.S. Supreme Court’s ruling in Dobbs v. Jackson Women’s Health Organization and its progeny have sparked confusion and uncertainty for individuals, medical providers, and employers with respect to the consequences of providing, seeking, or facilitating abortion care. Moreover, for both medical providers and employers, questions arose as to whether and how liability insurance might help alleviate these risks.

Now that a year has passed since the Dobbs decision, it is worth revisiting the liability landscape, as well as the question of how insurance coverage might play a role in providing relief with respect to the ongoing risk of litigation.

Background

The Dobbs decision, which held that access to abortion care is no longer a constitutionally protected right, raised a host of questions as to whether medical providers and employers might face civil or criminal liability for facilitating access to abortions, particularly in states that responded by enacting a panoply of restrictions in response to Dobbs. This uncertainty was heightened by inevitable litigation concerning the viability of the new statutes and has led to widespread confusion in many states. This confusion has been exacerbated by the Centers for Medicare & Medicaid Services (“CMS”), which initiated investigations into hospitals in Missouri and Kansas, asserting that they were in violation of the law by failing to offer necessary, life-saving abortion services.

Continue Reading One year after Dobbs: Are medical providers and employers still at risk for lawsuits stemming from abortion access, and should they consider the role of liability coverage?

Cybercrime, including ransomware, is one of the top challenges facing organizations today. Businesses across the globe are suffering staggering cyber-related losses, losing around $60 billion on cyber crime annually.  

We are excited to launch our thought leadership campaign, “Cyber Insurance claims: Minimize risk, maximize recovery,” which provides a comprehensive look into the key issues relating to cyber insurance and ransomware claims and how clients can minimize their risk and maximize their recovery before and after a cyberattack.

Continue Reading Cyber insurance claims: Minimize risk, maximize recovery

In a world of uncertainty, few things in life are more guaranteed than liability insurers reflexively rejecting claims for pre-notice defense costs, even where there is no legitimate or principled basis to do so. In a perfect world, insureds would immediately notify their insurers as soon as a claim or suit arises to avoid insurers refusing to pay or credit pre-notice defense costs. But companies operating in the real world for various reasons sometimes investigate and defend claims or suits before formally notifying their insurers.  In that circumstance, insurers should not be permitted to avoid their coverage obligations for so-called “pre-tender” defense costs for each of the following reasons.

Many courts only require notice to the insurer – not “magic words” or a formal “tender” – to trigger an insurer’s defense obligations

Insurers often argue their defense obligations only arise after the insured formally “tenders” or specifically requests a defense of a claim or suit, even though many courts have flatly rejected this premise. E.g., White Mountain Cable Constr. Corp. v. Transamerica Ins. Co., 631 A.2d 907, 910 (N.H. 1993) (“in order for an insured to tender the defense to the insurer, it need only put the insurer on notice of the claim”). Indeed, many courts correctly have held that the insurer’s defense obligations are triggered upon receipt of “actual notice” from any source – even if not directly from the insured seeking coverage. E.g., Cincinnati Cos. v. West Am. Ins. Co., 701 N.E.2d 499, 505 (Ill. 1998) (“the insurer’s duty to defend is triggered by actual notice of the underlying suit”).  Absent specific policy language or legal precedent to the contrary, insureds should not be required to formally “tender” or request a defense to obtain the benefit of its coverage once the insurer is on notice of the claim or suit – particularly where the insurance policy delegates the duty to defend to the policyholder rather than the insurer.

Continue Reading Maximizing recovery of pre-notice defense costs: Considerations for policyholders

For insurance recovery attorneys, one of the more frustrating ways for a policyholder to lose coverage for a property loss is on the basis of late notice. Property insurance policies generally require the policyholder to give the insurance company “prompt notice” of claims and potential claims. Property policies may specify a timeframe in which the policyholder must give notice, but in many cases do not. New York courts routinely hold that short delays, even as little as one to two months, suffice as a basis to deny coverage where the policy has “prompt notice” requirements. Under New York law, however, an insurance company can waive its late notice defense by not raising it explicitly when it finally disclaims coverage. Indeed, recently, a federal court in New York court rejected the insurance company’s late notice defense, even where the policyholder conceded that it did not provide prompt notice as a matter of law, because the insurance company failed to explicitly deny coverage on that ground.

Summary of recent New York federal court decision

In Mave Hotel Investors LLC v. Certain Underwriters at Lloyd’s London, the plaintiffs (“Mave”) sought coverage for property damage at its hotel following the termination of its contract with a human services organization housing formerly homeless families with children at the hotel. No. 21-cv-08743 (JSR), 2023 U.S. Dist. LEXIS 62718 (S.D.N.Y. Apr. 10, 2023). Mave alleged that its rooms were damaged while the families were living there. The insurer, Certain Underwriters at Lloyd’s London (“Lloyds”), ultimately denied coverage the ground that any damage was caused by ordinary wear and tear, an excluded cause of loss. At trial, however, Lloyd’s moved for summary judgment, arguing among other things, late notice.

Continue Reading An insurance company’s generic reservation of right can lead to a Waiver of a Late Notice Defense

Courts continue grappling with the application of California insurance law to COVID-19 business interruption claims. After three years of insurance claims and litigation, the California Supreme Court has agreed to provide guidance as to whether the actual or potential presence of SARS-CoV-2 on insured property can qualify as physical loss of or damage to property in Another Planet Entertainment, LLC v. Vigilant Insurance Company.

District court proceedings

Another Planet operates and promotes concerts, events, and festivals in California and Nevada. After its insurer denied coverage for business income losses incurred, Another Planet filed suit in California federal court seeking coverage under its “all-risk” property insurance policy.

In its amended complaint, Another Planet alleged that the virus was present or would have been present had it not closed its venues in compliance with government orders. The insured further alleged that droplets of the COVID-19 virus physically altered the air and property surfaces, constituting physical loss or damage and rendering the property unusable for its intended purpose and function. The pleading further asserted that minimizing the spread of COVID-19 requires physical alterations, including physical distancing, regular disinfection, air filtration, and installation of physical barriers.      

Vigilant Insurance moved to dismiss on the basis that Another Planet had not sufficiently alleged direct physical loss or damage to property. On June 21, 2021, the District Court granted the insurer’s motion and dismissed the case with prejudice. 

Continue Reading California Supreme Court to offer guidance for COVID-19 coverage cases

Cyber incidents and attacks, whereby hackers target companies for ransom, to obtain sensitive information, or for other reasons, are a significant and growing threat. In 2021 alone, cyber incidents caused roughly $6 trillion in losses, and the consensus is that the threat of incidents will remain strong. Corporations are increasingly seeking insurance against this risk, but coverage for cyber incidents is still a relatively new and rapidly changing field. In this post, we focus on key considerations for general counsel, chief technology officers and cyber security officers when it comes to cyber insurance and protecting against cyber risk.

Does my company need cyber insurance?

Getting cyber insurance is a unique business decision for each company weighing a variety of factors, but virtually every company faces risks from cyber incidents. Although cyber breaches involving customer or consumer data tend to get the most attention, even companies that collect no sensitive customer or consumer information may fall prey. For one thing, companies may possess private, sensitive information about their employees, including medical or pension information. Moreover, companies may have proprietary information or trade secrets that hackers would want to get their hands on.

In fact, many dangerous and costly cyber incidents actually do not involve the theft of sensitive personal information, because the risk of disclosure of any data of value to a company may be used as extortion leverage. Ransomware can encrypt a company’s data and information systems, and attackers then demand a ransom from the company to restore access. Finally, companies may be targeted as a means of obtaining access to the systems of third parties doing business with the targeted company, which may expose the target to liability to those parties as well as its own incident response and data restoration costs. This explains why the risk is so widespread.

Continue Reading Key questions corporate tech, legal, and security officers need to ask when considering cyber coverage