Deploying D&O and Cyber Insurance Coverage Against COVID-19 Claims
Pandemic-fueled litigation will test the reliability of the insurance coverage many organizations have purchased.
May 29, 2020 at 02:30 PM
9 minute read
Since March, litigation has engulfed many organizations in disputes stemming from the novel coronavirus pandemic. Class action securities litigation, bodily injury lawsuits, and insurance coverage litigation have already made their way to courts nationwide. With court systems across the country beginning to embrace the operational changes needed for legal systems to return to some level of normalcy, expect more categories of litigation to get filed in response to the massive casualties, disruption, and social divisions over coronavirus. Pandemic-fueled litigation will test the reliability of the insurance coverage many organizations have purchased. A rise in litigation will necessarily translate into a rise in insurance claims under policyholders' third-party liability insurance.
Industries reliant upon people gathering in the same location will suffer the brunt of the business displacement. The cruise industry, casinos, sports leagues, theaters, restaurants, and travel businesses generally, will feel a disproportionate amount of pain, at least for the near term.
With an effective vaccine almost certainly several months away, at least, and with no evidence of a sharp decline in new infections on the horizon in the United States, crashing stock prices in certain business segments will lead inevitably to shareholder suits. Investors will want their money back, so to speak. Directors and Officers (D&O) insurance coverage will be key to protecting senior management against liability. Claims will be asserted that companies did not properly disclose certain risks to operations from viral outbreaks or that they failed to properly manage the risk. Whether those suits have any viability may be beside the point, given how expensive class action investor suits are to defend. Given this reality, a number of coverage fights are likely to ensue under D&O insurance policies.
|COVID-19 Hacking Risks and Privacy Issues
On the cyber liability front, coronavirus promises to pose two main perils: (1) intrusion by a hacker into computer systems, with opportunity heightened by a massive shift to telecommuting and a worried (and, sometimes desperate) populace clicking on links that promise official-looking relief payments or medical "alerts"; and (2) a major breakdown in privacy norms, where entire populations will be tracked, monitored and biometrically encoded as part of an unprecedented public health response.
Cyber (and likely other lines of) insurance will be called upon to offer vital protection against hacking related claims and class action complaints that assert privacy rights were violated.
Policyholders filing claims under D&O and cyber policies alike will have to be aware, however, of defenses against coverage that insurance companies have deployed in the past. They will need to be vigilant against over-broad application of exclusions and arguments that their insurance policies do not provide coverage for bodily injury-related claims or governmental investigations. And they will have to analyze their insurance portfolios to locate points where one policy type can cover gaps in another. Below are some of the coverage disputes that can be anticipated and the positions policyholders can take to combat insurance company claim denials.
|D&O Insurance in the Era of COVID-19
Certain investors will seek to recoup losses triggered by the pandemic by alleging that mismanagement, inaccurate disclosures, false statements, and other acts or omissions caused losses to their investments. Absent a clear and express exclusion, investor suits should trigger most D&O coverage.
Some insurance companies may try to deny coverage under D&O insurance policies where exclusions for claims of bodily injury or property damage are included. Given that coronavirus can cause bodily injuries and property damage, D&O insurance companies may try to avoid coverage by arguing that bodily injury or property damage exclusions limit coverage (through some form of allocation argument) or bar coverage altogether.
Despite this, D&O insurance policyholders should have coverage in most instances. To determine D&O coverage in this setting, it is important to focus on what the underlying investor complaint is alleging for purposes of recovery: damages for bodily injury or property damage on the one hand, or monetary damages for investment losses attributed to alleged wrongful acts by the officers or directors in their capacity as such?
In Michigan Crop Improvement Assoc. v. Colonia Insurance. Co., No. 20668, 1999 Mich. App. LEXIS 2580 (Ct. App. Oct. 29, 1999), for example, management sought D&O coverage where litigation was instituted for a failure to detect bacterial ring rot in its agribusiness. The D&O insurance policy contained a property damage exclusion which the insurance company invoked against the policyholder. In the D&O coverage litigation ensuing after the insurance company contested coverage, the court held that the underlying claims were not excluded by the D&O insurance policy's "property damage" exclusion.
Similarly, in Clark v. General Accident Insurance Co., 1996 WL 165004 (D.V.I. Jan. 25,1996), the D&O insurance company contested coverage under a bodily injury exclusion and a property damage exclusion for claims alleging the officers had committed wrongful acts concerning the management of funds for repairs in the wake of hurricane damage and destruction. The court rejected the insurance company's defense and found that the claims were for the actions of management and not for the hurricane damage. See also Sealed Air v. Royal Indem. Co., 961 A. 2d 1165 (Super. Ct. N.J. 2008) (rejecting application of pollution exclusion to D&O coverage for underlying securities claim alleging misrepresentations by management for pollution claim exposures); Philadelphia Indem. Ins. Co. v. Maryland Yacht Club, 742 A.2d 79 (Md. 1999) (rejecting application of bodily injury exclusion to employment claim stemming from allegations concerning on the job physical injuries); Scottsdale Ins. Co. v. Coapt Sys., No. C-12-1780, 2013 U.S. Dist. LEXIS 86414 (N.D. Cal. June 18, 2013) (rejecting application of D&O policy's bodily injury exclusion for fraudulent conveyance claims brought by patients who alleged defective products injured them); Owens Corning v. National Union Fire Ins. Co. of Pittsburgh, Pa., No. 97-3367, 1998 U.S. Dist. LEXIS 26233 (6th Cir. Oct. 13, 1998) (rejecting D&O insurance company's refusal to provide insurance coverage for securities suit on basis of asbestos exclusion sold to maker of insulation where underlying claims alleged misrepresentation of assessment of asbestos liabilities).
As such, D&O coverage should be available for securities claims that were precipitated by the financial whirlwinds generated by the pandemic. While there is no question that COVID-19 can kill and damage, securities lawsuits are typically not filed for the purpose of seeking damages for either of the aforementioned perils. Instead, the underlying allegations and relief sought in a securities lawsuit is one for compensatory damages to redress harm to an investor as a result for a management "wrongful act" in the insured's capacity of an officer or director of the organization.
|Cyber Insurance Coverage
Telecommuting on a massive scale leaves many organizations vulnerable to additional cyber perils. Indeed, even before most local and federal governments were sounding the alarm over COVID-19, cyber scammers were using the fear, confusion and national angst over coronavirus as a way to hack systems and steal. Phony "official"-looking governmental communications have been a mechanism used by cyber criminals to infiltrate systems and commit crimes. Nonetheless, cyber insurance coverage should be available for cyber perils that trade off of coronavirus fear and distraction, whether it occurs during telecommuting or when using computer systems in the office.
|Exclusions for Bodily Injury and Property Damage
Like D&O insurance, many cyber policies contain some version of an exclusion for bodily injury and property damage claims. As with D&O insurance, these exclusions should be inapplicable, even where it is argued that if traced to the source, the cyber crime was perpetrated and made possible by the pandemic causing injuries and damage.
Policyholders may face liability where private or sensitive information is either accessed or released by a hacker. If workers telecommuting fail to exercise sound cyber practices from home systems, or fail to update their security with patches and other (computer) virus protection, then third-party cyber claims from customers, clients, patients, and guests may be faced. Most cyber insurance policies promise coverage for claims, including class action and regulatory ones, for harm resulting from a cybersecurity incident (or "event").
Further, privacy claims abound when financial or health information is not kept secure. Not only can a privacy claim arise when a hacker accesses sensitive computer files, but also when companies fail to safeguard the data they handle—even where no cyber criminal is involved. Privacy claims will undoubtedly arise as organizations track, monitor and share health information as part of the COVID-19 public health response.
Such claims should be covered under cyber insurance policies and other liability insurance policies. See West Bend Mutual Insurance Co. v. Krishna Schaumburg Tan, No. 1-19-1834 (Ill. App. 2020) (affirming defense costs coverage under CGL policy protection for privacy claims for a proposed class action accusing policyholder of violating the Biometric Information Privacy Act in connection with the handling of customer fingerprint data), and Travelers Indemnity Company of America v. Portal Healthcare Solutions (4th Cir. 2016) (holding that a CGL policy covered policyholder's defense for class action lawsuit concerning alleged violation of privacy when health data was accessible through internet search).
While thus far, disputes under dedicated cyber insurance specialty products have been limited, an onslaught of cyber claims arising from the pandemic could well change the insurance claim landscape. Accordingly, whether dealing with cyber insurance claims or ones made under D&O insurance coverage, policyholders may need to fight for their right to insurance coverage.
Joshua Gold is a shareholder in Anderson Kill's New York office and is chair of the cyber insurance recovery practice group and co-chair of the Marine Cargo Insurance Group,
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllLaw Firms Mentioned
Trending Stories
- 1FTC Settles With Security Firm Over AI Claims Under Agency's Compliance Program
- 2'Water Cooler Discussions': US Judge Questions DOJ Request in Google Search Case
- 3Court rejects request to sideline San Jose State volleyball player on grounds she’s transgender
- 4Trump and Latin America: Lawyers Brace for US's Hardline Approach to Region
- 5Weil Advances 18 to Partner, Largest Class Since 2021
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250