There are few cases interpreting stand-alone cyberinsurance policies. So, when there is a development in one of them, however unrelated to the novel construction issues raised by these new(ish) policies, it’s worth a word. Or 350.
Travelers v. Federal Recovery Services, Inc. (D. Utah No. 2:14-CV-170) is not a remarkably interesting case. It was one of the first times that a court issued a written opinion deciding whether a claim implicating electronic data misuse was covered by a cyberinsurance policy. But the Court found that the insured’s intentional withholding of the data from its rightful owner triggered an exclusion barring coverage for the insured’s intentional misconduct. A CGL decision in cyber-clothing.
Armed with the court’s holding that Travelers had no duty to defend or indemnify, Travelers filed a motion for summary judgment. In the bag, right?
Wrong. See 2016 WL 146453 (Jan. 12, 2016).
The court spared the insured’s breach of the covenant of good faith and fair dealing claim. The insured argued that Travelers breached the covenant by refusing to accept notice of the claim and waiting to begin its investigation until after the formal initiation of litigation. The insured argued that this delay left it exposed to be damaged between the time that it first tendered the claim in December 2012 and when Travelers issued a final denial of coverage in June 2013. With the assistance of some expert testimony about claims handling processes, the insured won itself a trial.
Still not exactly remarkable. There is one interesting rub, though. The claims handling process is likely to be more scrutinized in the cyber-context than with respect to traditional lines, as cyberinsurance policies, particularly first party claims seeking breach response, are extremely time-sensitive. Any delay can have major ramifications. That wasn’t exactly the case in Travelers v. FRS, but given the dearth of case law in this context, that’s not going to keep the case out of briefs. “Though no court has explicitly applied a heightened standard of care in the context of cyberinsurance claims handling, courts have recognized the need to scrutinize carrier delays in resolving this type of coverage dispute…”.