Courts continue to struggle with specialty cyber-insurance products2020-04-23T00:34:37+00:00
06.09.2016 // THE POLICYHOLDER REPORT
Courts continue to struggle with specialty cyber-insurance products

Following a significant victory for policyholders earlier this year for cyber security losses under CGL (Commercial General Liability) policies, in PF Chang’s China Bistro, Inv. v. Federal Ins. Co. a federal judge in Arizona recently found no coverage for PF Chang’s credit card fraud assessments under a specialty cyber insurance policy. After a 2014 breach, hackers posted PF Chang’s customers’ credit card numbers online. It then incurred almost $1.7 million in claims from its customers and associated mitigation and other expenses. Federal Insurance Company reimbursed PF Chang’s for those expenses. But what it failed to do—and which was the subject of coverage litigation—was pay for the additional $1.9 million in fraud recovery charges from various credit card companies.

Courts continue to struggle with specialty cyber-insurance productsPF Chang’s argued that those costs were recoverable under the specialty cyber insurance policy it purchased under the “Privacy Injury” coverage part, which provides coverage for certain costs resulting from unauthorized access to protected information. Initially, the court held that these fees fell within the scope of coverage under the cyber insurance policy. But then in an unusual application, it held that the “contractual liability” exclusion barred coverage. These exclusions are typical in most CGL policies and are found in some specialty cyber insurance products, and they generally exclude liability assumed under a contract. PF Chang’s has a master service agreement with its processor (in this case, MasterCard) in which it promises to pay fines levied by credit card associations. The court, relying on caselaw interpreting “contractual liability” exclusions in CGL policies only, held that because PF Chang’s had agreed that its credit card processor could charge back to PF Chang’s the fines and assessments from the credit card associations, the “contractual liability” exclusion precluded any recover of these charges.

If this case holds up on appeal, it could result in a massive gap in insurance coverage for policyholders. In many breaches involving credit card breaches, merchants have entered into similar master service agreements with their processor. As a result, policyholders without specific coverage for these losses may be without coverage for a significant portion of the breach. We recommend that any company utilizing any significant amount of credit card transactions carefully procure a cyber-insurance product that protects it from customer claims, data-breach response expenses, and any of the fines and expenses under a master service agreement with the processor.

ABOUT BALL JANIK LLP

Ball Janik LLP is a Florida-based law firm offering construction law, construction defect, commercial litigation, insurance recovery, and real estate law to its local and national client base. Founded nearly half a century ago with six lawyers and a four-person support staff, the firm has expanded its capabilities, professionals, and geographic footprint. What began as a firm focused on real property and land use (known then as Ball Janik & Novack) has grown to include the insights of a team of attorneys and staff with a combined six centuries of experience. The firm has been recognized by Chambers USA, U.S. News & World Report and Best Lawyers®, The Best Lawyers in America©, and Corporate International.
No Blog Tiles found.