July 2, 2022

Volume XII, Number 183

Advertisement
Advertisement

July 01, 2022

Subscribe to Latest Legal News and Analysis

June 30, 2022

Subscribe to Latest Legal News and Analysis

June 29, 2022

Subscribe to Latest Legal News and Analysis

Court Does Not Beat Around The Bush and Is Rather Direct In Rejecting Insurer’s Causation Argument In Computer Fraud Claim

As businesses continue to increase their reliance on technology, they are bound to face the inevitable risks associated with online transactions and other cyber exposures. This, in turn, emphasizes the importance of having the proper insurance policies and compliance methods in place to prevent or, at least, mitigate losses that ensue from these risks. In this context, many insurance policies require that there be a “direct” loss for there to be coverage, which has spawned numerous lawsuits about what the word “direct” means. The latest court to weigh in has sided with the insured and interpreted that term broadly to essentially mean proximate causation.

In City of Unalaska v. National Union Fire Insurance Company, an employee received an email from a fraudster, purporting to be a vendor, requesting a change to its payment instructions for invoices. 2022 WL 826501, at *1 (D. Alaska Mar. 18, 2022). The employee assumed that the request was legitimate and updated the bank account information and later initiated ACH payments for several invoices. The payments ultimately went to the fraudster’s bank account. Id. The insured submitted a claim to its insurer, who only accepted partial coverage under an Impersonation Fraud Coverage endorsement subject to a $100,000 sublimit, and refused to pay the remaining amount of the insured’s claim under the computer fraud insuring agreement of the policy. Id. at *2.

The insurer argued that the insured was not entitled to computer fraud coverage under a crime policy because “incidental” use of an email to perpetuate a fraud does not constitute “computer fraud” and the insured’s loss did not “result[ ] directly from the Fraudster’s emails” but was “temporally remote and involved a chain of intervening and independent steps and decisions that did not involve the fraudster.” Id. at *3. The court held that the plain language of the computer fraud insuring agreement makes it clear that there is coverage for a “loss of money resulting directly from a fraudster’s use of a computer – sending an email impersonating the City’s vendor – to fraudulently cause a transfer of funds from the City to the fraudster’s bank account,” and that a reasonable insured would expect coverage under the computer fraud insuring agreement. Id. at *7.

As a result, the court denied the insurer’s “direct means direct” argument, which would suggest that the loss would have to be “without deviation or interruption” and that “the Fraudster’s use of a computer … [would have to] directly bring about the funds transfer.” Id. at *4. Further, the court also found that the computer fraud insuring agreement does not require more than proximate causation because “though the word ‘directly’ may connote immediacy when read in isolation, a reasonable insured would consider the phrase ‘resulting directly from’ to convey the concept of proximate cause.” Id. at *8.

Cited within the Unalaska opinion is the similar case of Ernst and Haas Management Company, Inc. v. Hiscox Inc., 2022 WL 223965 (9th Cir. Mar. 7, 2022). There, the Ninth Circuit reversed the district court’s decision finding that the district court engaged in an “improperly narrow reading of the contractual language” when finding that “a direct loss is limited to unauthorized computer use, like hacking.” Ernst and Haas Mgmt. Co., Inc. v. Hiscox, Inc., 23 F.4th 1195, 1200 (9th Cir. 2022). Therefore, the Ninth Circuit held that the insured’s loss was directly caused by the fraudulent transfer of funds when the employee transferred them (there was no intervening event), and the computer fraud insuring agreement could cover the insured’s alleged loss. Id. at 1202-1203.

The broad application of the “direct” language under these coverages is an important, recurring issue that many insureds confront when they have a computer fraud loss. The City of Unalaska case emphasizes the potential confusion and uncertainty regarding the causation requirement for “directly” language that is found in many policies. The ruling represents a trend by many courts who interpret the computer fraud coverage broadly and have rejected the “direct means direct” approach advocated by many insurers.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XII, Number 130
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Syed S. Ahmad Insurance Coverage Attorney Hunton Andrews Kurth Washington, DC
Partner

Syed represents clients in connection with insurance coverage, reinsurance matters and other business litigation.

Syed has been admitted to the US Court of Appeals for the Second Circuit, US Court of Appeals for the Sixth Circuit, US District Court for the District of Columbia and US District Court for the Eastern District of Virginia. 

Relevant Experience

  • Advised clients on COVID-19 insurance claims for business interruption, contingent business income (CBI), extra expense, civil authority, ingress/egress, D&O, and general liability...
202-955-1656
Latosha M. Ellis Associate DC Insurance Litigation
Associate

Latosha helps corporate policyholders resolve complex insurance disputes.

From advising clients at policy renewal and through the claims process to representing clients in litigation or alternative dispute resolution of coverage disputes, Latosha delivers comprehensive end-to-end counsel. She regularly advises and represents clients on all major forms of insurance coverage – commercial general liability, directors and officers liability (D&O), business interruption, event cancellation, employment practices liability, and cyber. She has handled and tried cases in state and...

202-955-1978
Veronica P. Adams Insurance Lawyer Hunton Andrews Kurth Miami
Associate

Veronica’s practice focuses on complex insurance litigation and advising policyholders in insurance coverage matters.

As a member of the firm’s nationwide insurance coverage team, Veronica represents commercial policyholders in a range of matters, including property and business interruption claims, directors and officers liability, and cyber insurance. She is also a contributor to the firm’s Insurance Recovery Blog.

Prior to...

305-810-2529
Advertisement
Advertisement
Advertisement