In a first-of-its-kind finding, the U.S. District Court for the District of Maryland has ruled that lost data and the compromised operability of a computer system resulting from a cyberattack, both qualify as "direct physical loss" under a businessowners policy. The case is National Ink & Stitch, LLC v. State Auto Property & Casualty Insurance Co. No. SAG-18-2138, 2020 U.S. Dist. LEXIS 11411 (D. Md. Jan. 23, 2020)

National Ink & Stitch, LLC (National Ink), is an embroidery and screen printing business that was covered by a business owner's insurance policy from March 31, 2016, to March 31, 2017, through State Auto Property & Casualty Insurance Co. (State Auto) National Ink stored art, logos, and designs for its business on its computer server, which also housed software for graphic arts, shop management, embroidery, and webstore management.

In December, 2016, National Ink's computer server and networked computers came under a ransomware attack, which prevented the company from accessing all of the art and other data stored on the server, except for the embroidery software. The attacker demanded a bitcoin payment to release access to the software and data. National Ink hired a security company to replace and install its software, and install protective software on the system. Although the computers were restored to function, the installation of the protective software slowed the system, resulting in a loss of efficiency. National Ink also lost access to the art files stored in the system and was forced to recreate those files.