For relatively little expense, insureds can often add cyber endorsements to traditional CGL, professional liability or other insurance policies. On October 25, 2016, the Northern District of Alabama issued a decision in Camp’s Grocery, Inc. v. State Farm, one of the few decisions interpreting cyber coverage to date, that demonstrates why insureds should be wary of opting for cyber endorsements instead of stand-alone policies. Docket No. 4:16-cv-0204, 2016 WL 6217161.
Camp’s had a series of no good, very bad days. First, hackers accessed its network and compromised customers’ credit card, debit card and check card information. Yipes. Then, three credit unions sued Camp’s to recover card reissuance, fraud reimbursement and fraud prevention expenses. Double yipes. Finally, Camp’s tendered the claim to State Farm, which informed Camp’s that the Computer Programs and Electronic Data Extension of Coverage and related endorsements to its property and casualty policy only covered Camp’s first party data breach losses. The endorsements did not cover, in State Farm’s view, third party liability claims like the credit unions’.
The court agreed. It held that State Farm and no duty to defend or indemnify Camp’s with respect to the credit union lawsuit. It explained that “[i]nsurance contracts generally are assigned to one of two classes: either ‘first party coverage’ or ‘third party coverage’…’First party coverage’ pertains to loss or damage sustained by an insured to its property…In contrast, if the insurer’s duty to defend and pay runs to a third party claimant who is paid according to a judgment or settlement against the insured, then the insurance is classified as ‘third party insurance.’ Thus, wholly different interests are protected by ‘first-party coverage’ and ‘third-party coverage’.” In holding that Camp’s endorsements offered only first party coverage, the essentially held that Camp’s had no coverage since it was only attempting to deal with the credit unions’ third party claims.