At the end of 2018, the Supreme Court of Vermont held that the “False Pretense” exclusion in a business-owner insurance policy did not exclude losses from a phishing scam. The case is Chocolate v. Sentinel Ins. Co., 1028 VT 140.

In May 2016, a Rainforest Chocolate LLC employee received an email allegedly from his manager directing him to transfer $19,875 to a specified outside bank account through an electric fund transfer. The employee followed the instructions of the “manager”. Soon after, Rainforest realized that the manager had not sent the email. This scheme is a phishing attack where a third-party fraudster impersonates a trusted source to trick the recipient of the email into wiring money to them, and is called a “Business Email Compromise” or a BEC. As a result of the BEC, Rainforest contacted the bank and froze the account, limiting their losses to $10,261. Rainforest sought coverage for the loss from its insurer Sentinel Insurance Co. Ltd., which denied coverage based on the “false pretenses” exclusion in the insurance policy. The “false pretense” exclusion excludes coverage for “physical loss or physical damage” stemming from “voluntarily parting with any property.”

Rainforest subsequently filed suit against Sentinel. The state court ruled in Sentinel's favor, which Rainforest appealed.

In the case at hand Rainforest argued that the False Pretense Exclusion applies specifically to physical loss or damage, as stated in the policy, and their loss was not a physical loss at all.

The court decided in favor of Rainforest noting that the policy in question used inconsistent policy language, sometimes using the phrase “physical loss and physical damage” and other times using the phrase “loss and damage” in different sections of the policy, even occasionally switching between the two phrases from sentence to sentence. The court said that the fluidity of the usage of the two phrases would lead the average reader to assume there was no difference between them, and the policy does not include separate definitions or explanations of the differences of the two phrases. While the trial court said this was simply “sloppy drafting”, carelessness should not excuse an insurer from covering losses that an insured party reasonably expects to be covered based on the policy language.

The Vermont Supreme Court decided in Rainforest's favor, finding that “Although this court has not previously adopted one interpretation over another, we are convinced that the False Pretense Exclusion is subject to at least two reasonable interpretations, and thus is ambiguous. When a term in an insurance policy is found to be ambiguous, the decision is most often in favor of the insured, as the insurer is the party who writes the contract and thus controls the phrasing.

The court found in favor of Rainforest, determining that the loss suffered was not physical and coverage was not barred by the False Pretense Exclusion, but the question remains of whether “the loss is covered by any of the provisions covered in Rainforests policy, including Forgery, Money and Securities, and Computer Fraud. Now it is up to the trial court to determine if any of those provisions will provide coverage for Rainforest for its loss.

Editors Note: In the recent past BEC's have posed a serious risk to U.S. companies, and to the U.S. economy. In 2017 the FBI estimated that BEC's have caused over $5 billion in losses since 2013. Federal Bureau of Investigation, 2017 Internet Crime Report https://pdf.ic3.gov/2017_IC3Report.pdf. The same report concluded that the number of BEC complaints and losses has increased from year to year since 2013.

There are two approaches to cybersecurity, affirmative cybersecurity and silent cybersecurity. Affirmative cybersecurity is when coverage is expressly underwritten, while silent cybersecurity is when courts determine that coverage exists for risks that were not considered or underwritten at the outset of the policy.

In order to avoid “silent cybersecurity” and ensure there is specific coverage for all identifiable risks, insurers might want to review their policies through a cybersecurity lens and make appropriate revisions, and also identify and revise any accidental ambiguity.

Important Implications: cyber, phishing scams, false pretense exclusion, BEC's.

This premium content is locked for FC&S Coverage Interpretation Subscribers

Enjoy unlimited access to the trusted solution for successful interpretation and analyses of complex insurance policies.

  • Quality content from industry experts with over 60 years insurance experience, combined
  • Customizable alerts of changes in relevant policies and trends
  • Search and navigate Q&As to find answers to your specific questions
  • Filter by article, discussion, analysis and more to find the exact information you’re looking for
  • Continually updated to bring you the latest reports, trending topics, and coverage analysis