Loss Of Data Seen As Hot Property Issue

Are the business interruptions that result from viruses, denial-of-service attacks, and other computer outages covered under standard property policies?

Buoyed by victories in insurance coverage lawsuits relating to Y2K claims, defense lawyers at a recent conference supported potential first-party coverage denials for such claims by advancing the same arguments they used to prepare for the Y2K cases.

But even as they delivered the arguments, the lawyers readily admitted that the only truly applicable court ruling to address the question came down on the side of policyholders. They also acknowledged that the pre-Y2K denial-of-coverage arguments theyre dusting off for new uses werent actually needed to win the few Y2K cases that have been decided (on issues like late notice).

The “hottest issue” is the question of whether the inability to retrieve data can qualify as “direct physical loss or damage,” said Laura Foggan, a partner with the law firm of Wiley, Rein, & Fielding in Washington. “Direct physical loss of, or damage to, covered property” is whats generally covered under the standard commercial property insurance policy, she noted during a presentation at the American Conference Institutes Fifth Annual Online Liability Conference in New York.

Covered property is traditionally understood to mean real or “tangible” property–”bricks and mortar plant facilities, not information or know-how,” she added.

But the U.S. District Court for the District of Arizona said that “loss of data” can trigger coverage in the only applicable case, American Guarantee & Liability Insurance Company v. Ingram Micro, Inc., last year, she reported, noting that the case is now on appeal.

The business interruption situation described in the case resulted from a temporary loss of programming data during a power outage at a data processing center. Ingram Micros computer network, which tracks customers and processes orders, also remained inoperable for some time after the outage because the equipment had a default setting which overrode a customized one that the company usually used. The setting had to be reprogrammed to restore communications with an outlying network to other company locations.

The insurer said there was no “physical damage” because the outage did not affect the capability of the system to function. (It just had to be reset.) But the court said that view was “archaic,” finding that “physical damage” includes “loss of access, loss of use, loss of functionality” and that when a computers service, software or network is altered, “there is damage.”

“The court tried to morph traditional policies into something covering New Economy technology claims,” Ms. Foggan said at the conference. “Isnt it just the courts responsibility to enforce the policy thats written, rather than trying to create some sort of alleged societal good by finding coverage for New Economy claims? And isnt that what new [specialty cyberinsurance] policies in the marketplace are designed to do?

Interestingly, one insurance company representative said there could be coverage for some limited situations under his companys standard policies, when he was asked to address the intent of new policies at a later session. “As the specialty segments emerge, we, by all means, want to point out to our clients–and be very clear on the forms–that there is coverage on some of your standardforms,” said Jon Farber, senior underwriting director for The St. Paul Technology group.

Going on to describe “where it is and where it isnt,” he said, “on the property side, clearly [its] hanging on the direct physical loss or damage. But it would honestly be our intent to pay a loss [caused by] a specific individual” who launched a “specified attack” against a company. “As we look at the aggregation issues and the random, broader denial-of-service type of stuff, were moving it over to a specialty coverage,” he said.

(Earlier in the session, Mr. Farber described St. Pauls “Networker” policy, launched in January. “Where the property policy excludes or only addresses direct physical loss or damage,” he said, with Networker there would not need to be direct physical loss or damage, adding that Networker would address virus and denial-of-service attacks as well as hacking events.)

“I have a mantra when I deal with any insurance in the high-tech area–If information becomes insured property thats subject to physical damage, then traditional insurance companies will go out of business,” said Nicholas Pasciullo of White & Williams in Pittsburgh.

Mr. Pasciullos role at the online liability conference was to present a catalog of liability claims that might be presented under standard commercial general liability policies, and to explain why they might not be covered. But before he went on to discuss the limitations of CGL language, the attorney seized the opportunity to expound his views on Ingram Micro.

Disclosing that he was more focused on property issues in his own practice, Mr. Pasciullo admonished brokers who he said are trying to push the concept of “lost opportunity value” into the coverage grant of standard property policies. “Basically, thats what the Ingram case was all about. They lost opportunity and they put a value on the lost opportunity,” he said. “Beware. Its dangerous. Its not something anybody really wants.”

“If brokers really think it through, if risk managers think it through, and certainly if traditional insurance companies think it through, it doesnt serve anybodys purpose to be a stop-gap for things that can, and will, and are designed to occur,” he said.

During her presentation, Ms. Foggan revived the “fortuity” argument that lawyers presented pre-Y2K, applying it to computer virus and power outage situations. “Do policyholders have an obligation to maintain their computers with appropriate firewalls? If they dont, then is it expected, anticipated, foreseeable that a loss might occur?” Such issues will likely be litigated, she said.

She also suggested that policyholders might try to use the “sue and labor” clauses of property policies, as they did for Y2K remediation efforts, to try to recoup expenses of putting firewalls in place or preparing for power outages.


Reproduced from National Underwriter Property & Casualty/Risk & Benefits Management Edition, September 10, 2001. Copyright 2001 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.


Contact Webmaster

Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader

Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.