In an all too common scenario, someone in your organization’s finance department receives an email that purports to be from a supplier informing your organization of the supplier’s supposedly changed bank account and a request for you to make all future payments to the new account. Even after some likely back and forth via phone and/or email with the “supplier,” your employee ultimately changes the payment information in your systems, and future invoices are paid to the new pay-to account. Everything seems fine for a while, and then the problems begin.

Eventually, your company receives an email from the supplier asking why it hasn’t received payment of its recent invoices. When the supplier insists that it has not received payment, in spite of your company’s assurances that all invoices have been paid, your IT department investigates. The IT team figures out that the emails with the new payment information and the phone calls were fraudulent—they were not from your supplier but from a bad actor. It is, of course, too late to recover the fraudulently obtained payments, and in the interest of keeping the supplier, your company pays again. Continue Reading Social Engineering Fraud: Can You Expect Coverage?

Many contracts require that parties be added as “additional insureds,” but few contain specifics on what type of coverage should be provided. The gambit of additional insured provisions is far-ranging. Being proactive and ensuring that the additional insured coverage you are expecting is actually provided on the front end will eliminate a host of issues should you need to invoke coverage under the provision.

Additional insured coverage is normally provided by endorsement, at times listing specific entities or individuals and at other times providing blanket coverage for all that require it via contract. In theory, being included as an additional insured provides protection as if your company was a named insured on another’s policy. In reality, however, there are many variations of additional insured coverage that often contain restrictions on the rights of additional insureds under the policies.  Continue Reading How to Maximize Protection Under Additional Insured Provisions

Thinking about including an unmanned aerial vehicle as part of your business? What could be cooler than having a UAV deliver your product to customers? Many companies are already using UAVs or drones not only for delivery but also for video surveillance, property surveying for agriculture or unique promotional videos. Your business will want to consider the basic rules for drone operation—like having an experienced pilot and a well-maintained drone— as well as other ways to manage potential risks.

Possible Risks

There are a number of risks if your business has a connection to drones. What happens if a drone crashes or if a bystander shoots it down? In the evolving high-tech world, there are also real threats of someone hacking into your remote system and interfering with your controls. If there is a crash, there is a possibility you might be liable for the property of others. Drones can be a significant investment, and you will want to protect your asset and yourself if someone blames you for some loss. Continue Reading Attack of the Drones: How to Protect Your Business

Cryptocurrencies, including bitcoin, may be the wave of the future, as more and more companies and countries accept them as valid forms of currency. As with any new technology, however, the potential for risk and error is prevalent. Although cryptocurrencies are backed by various blockchains designed to reduce risk, a certain amount of risk is unavoidable. And where there is risk, insurance follows.

For example, the Mt. Gox scandal, which is speculated to involve a bitcoin insider taking bitcoins from the exchange, is estimated to result in losses of more than $400 million. Traditionally, insureds attempted to find coverage for risks related to cryptocurrencies by finding novel constructions of provisions in extant insurance policies. Often, the insured was simply left without any coverage. But certain insurers have begun taking the bull by the horns and marketing a new kind of product—cryptocurrency insurance. Continue Reading Prepare for the Future With Cryptocurrency Insurance

Some estimates calculate that over 23 billion “things” were connected through the internet in 2016. This number is projected to rise to over 50 billion by 2020. The broad category is known as the Internet of Things (IoT), and the new technology connects everything, from household devices to cars to industrial machinery, to the internet via enhanced sensors. The exponential growth in connectivity and new product development carry additional risks for companies investing in IoT technology. We offer some ways to protect your interests. Continue Reading Insurance Coverage for a Connected Technical World

Consumer privacy actions continue to be a huge, costly risk for any business handling customer data over the internet. Lawsuits alleging improper collection of consumer data, such as zip codes or contacts, have become commonplace. Is your company at risk? We share several recent settlements and lawsuits highlighting the risks of privacy claims.

Neiman Marcus. In March 2017, retailer Neiman Marcus agreed to a proposed settlement to pay $1.6 million in a consumer class action filed in response to a 2013 data breach that allegedly compromised the credit card data of approximately 350,000 consumers. The class alleged that Neiman Marcus failed to protect consumers’ privacy and further harmed consumers by waiting 28 days to inform them of the breach. Continue Reading Are You Protected Against Privacy Claims?

Even though cyber breaches—hacks, ransomware attacks, denial or delay of service attacks, malware, phishing and the like— have existed for years, coverage under actual cyber policies (as opposed to CGL, D&O, or crime policies) is now starting to be litigated. One of the early issues that has been addressed under a cyber policy is if cyber policies provide coverage for Payment Card Industry (PCI) fees assessed by credit card companies in case of a data breach for which the insured is ultimately liable. In P.F. Chang’s China Bistro, Inc. v. Federal Insurance Co., No. CV-15-01322-PHX-SMM,  2016 WL 3055111 (D. Ariz. May 26, 2016), the court answered that question in the negative under the cyber policy at issue there. Continue Reading Cyber-Policy Coverage for Payment Card Industry (PCI) Fees

The U.S. Court of Appeals for the Ninth Circuit ruled in the negative last month on whether the Los Angeles Lakers were entitled to coverage under their Directors and Officers (D&O) policy (Policy) for costs relating to an underlying suit brought against them alleging violations of the Telephone Consumer Protection Act (TCPA). Los Angeles Lakers, Inc. v. Federal Ins. Co., No. 15-55777 (9th Cir. Aug. 23, 2017). On its face, the ruling is favorable to insurers. But given the disparities between the opinions, its ultimate effect is unclear and will be revealed only in its future application.

The Lakers lead opinion adopted the Federal Insurance Company’s (Federal’s) broad argument that a TCPA claim is by definition a claim for invasion of privacy and therefore excluded from coverage under the Policy’s broad exclusion from coverage of claims “based upon, arising from, or in consequence of . . . invasions of privacy” (Privacy Exclusion). Id. at 8-9. To reach its conclusion regarding the nature of TCPA claims, the lead opinion determined that the U.S. Congress enacted the TCPA with the express intent to protect privacy interests so that, “in pleading the elements of a TCPA claim, a plaintiff pleads an invasion of privacy claim.” Id. at 14. That, combined with the very broad meaning the lead opinion gave to the Privacy Exclusion, meant that the Lakers were not entitled to coverage under the Policy. Continue Reading Ninth Circuit Weighs in on Coverage for Third-Party Claims Alleging Non-Fax-Related TCPA Violations

Does your business manufacture autonomous vehicles, supply components or software for use in autonomous vehicles, or otherwise incorporate autonomous vehicles into its business plan? For any venture involving autonomous vehicles, there are new risks that your business should understand and insure.

But first, what exactly qualifies as an autonomous vehicle? There are varying levels of automation, and before evaluating insurance options, it is important to understand the levels of automation. The Society of Automotive Engineers (SAE) has established levels of automation on a scale of 0 to 5, from no automation to full automation, respectively. The full chart created by SAE in its standard J3016 is available here. Continue Reading Autonomous Vehicles: New Risks in A Driverless World

Ever since the introduction of bitcoin in 2009, cryptocurrencies have become increasingly relevant to business transactions over the internet. Blockchain technology does afford additional protections to businesses using cryptocurrencies, but bitcoin, Ethereum and other cryptocurrencies represent value, and are at risk of loss, just like any other currency or asset. Insurers are in the formative stages of addressing these emerging risks, but there are still avenues, as well as new insurance products, to protect your virtual assets.

Bitcoin is an open source public payment system operating over the internet. It was designed to bypass the central bank model by using peer-to-peer technology. [For more information about bitcoin and blockchain technology, see “Treatment of Bitcoin Under U.S. Property Law.”] Use of cryptocurrency involves what is known as public key cryptography, which uses digital signatures to secure information. Basically, the signatures consist of a public key (known to everyone) and a private key known only by the cryptocurrency owner. The private key is required to access and use the cryptocurrency. As such, the protection of those private keys is critical. Such keys can be lost or stolen. Is there coverage in the event of an inadvertent loss, a mistake or a hacking incident? Continue Reading Is There Insurance Coverage for Virtual Currencies?