The U.S. District Court for the Central District of California granted a motion to dismiss in favor of a global insurer in a matter that stemmed from a phishing/social engineering loss.
The employee of the insured wired over $200,000 to an unknown account per instructions from a party the employee believed was the managing broker of the company. When the employee received a third email requesting transfer of an additional $470,000 she forwarded the email to the real managing broker, who subsequently discovered the prior losses. The investigation revealed that the employee breached protocol because the company never remitted payments via wire for vendor invoices. Despite evidence to the contrary, the insured insisted that their system was not hacked and that the email received was different from the real email address. The insured had policies with our client from 2012–20. Our client investigated the loss and denied the claim under its commercial fidelity insurance policies.
Suing for breach of contract and bad faith, the plaintiff accused Hiscox of unfair business practices, asserting the coverage offered in 2012 was broader than the coverage in the 2019 renewal, and that it had not provided notice of the reduction. The plaintiff’s claims of bad faith and unfair business practices posed a risk of punitive damages and attorney’s fees totalling in excess of $2 million.
Defense draws on California statutes and Ninth Circuit caselaw regarding “direct loss” and purported reductions in coverage during renewals
Manhattan-based partner Joseph A. Oliva, an authority on coverage issues involving crime, cyber incidents, and social engineering, served as lead counsel, with assistance from Los Angeles-based Albert K. Alikin, leader of the firm’s GIS California team, and associate Kent V. Grover. We took the position that no coverage exists under either the 2012 or 2019 policies, and that any alleged reduction in coverage argument is meritless because fidelity policies are exempt from notice requirements and notice was, in actuality, provided anyways. In fact, we noted to the court, coverage could have been afforded under the 2019 policy, but the plaintiff failed to purchase the “social engineering coverage” available, and therefore, this claim clearly did not trigger coverage under the policy. We filed a motion to dismiss and argued that California law is clear in that under these circumstances this loss was not covered by the policies as the loss did not result from a “direct loss.” Under California law, the analysis of whether coverage exists for claims arising from “computer fraud” or “funds transfer fraud” under crime policies centers on what is a “direct loss” from a causation perspective.
In advancing our argument that the subject loss was not a “direct loss,” our team relied on several Ninth Circuit cases, including Sanderina v. Great American Insurance Company, which established that there is no funds transfer coverage in a social engineering case when a fraudulent wire funds transfer instruction causes an employee to transfer funds. We also referred to Pestmaster Servs. v. Travelers Cas. & Sur. Co. of Am., which established no computer fraud coverage when an authorized person enters fraudulent data into a computer system.
On November 6, 2020, the court agreed and adopted our arguments under the policy and under the prevailing California statutes.
MORE ABOUT GOLDBERG SEGALLA’S GLOBAL INSURANCE SERVICES GROUP:
Goldberg Segalla is one of the premier law firms advising and representing the global insurance and reinsurance industry. Our 75-lawyer Global Insurance Services practice, which Law360 ranks among the largest in the United States, exists to serve insurers, reinsurers, and all others operating in the insurance arena. The firm’s practice earned a National Tier 1 placement for Insurance Law for 2021 in the annual U.S. News—Best Lawyers® “Best Law Firms” survey, for the second consecutive year. Beyond its national recognition, the practice picked up 10 regional placements, recognized for Insurance Law and Litigation in Buffalo, Rochester, Philadelphia, Baltimore, Chicago, Raleigh, Greensboro/Triad, and Miami.