- Emergency Consultation Services
- Risk Management Services
- Who We Are
- Our People
- What We Do
- Why We Are Different
- What’s New
- Where We Are
By: Barry M. Miller and Elisabeth Gentile
The idea of “Future Shock”—that an accelerated pace of change causes social and psychological disruptions—dates from Alvin Toffler’s 1970 book of the same name. As it copes with the mutable nature of cyber risks, the Insurance industry is experiencing such a shock. Insurers who write cyber liability policies are well-equipped to manage such claims, but what about carriers and adjusters who face such claims under more traditional policies—also known as “Silent Cyber?” This article aims to help non-cyber risk adjusters who may have to oversee such a claim.
Recent court decisions show how a cyber claim can arise under a traditional policy:
What makes cyber claims so difficult?
As the cases above show, cyber claims can have huge stakes. This has caused insurers to try to clarify when such losses are covered. They have tried to exclude cyber liability from traditional policies for more than a decade, seeking to push coverage for such claims towards cyber-insurance policies. But this is where the Future Shock comes; insurers cannot write new policy language as quickly as hackers change their tactics. Freeman Mathis & Gary partner Jonathan Schwartz pointed this out in a recent interview with Law 360: While insurers are “writing a policy and accepting premium based on the risk that they’re assuming,” the criminals’ changing tactics force courts to apply policies that may not be tailored to the new circumstances. This is how adjusters who handle claims under traditional policies may find themselves adjusting what seems like a cyber loss.
Tips for non-cyber adjusters
1. Recognize the need for speed.
Accelerated pace is both a general and a particular problem in cyber losses. Not only do the ways of causing such a loss morph quickly, but the facts of individual claims change by the hour, if not by the minute. Cyber adjusters are accustomed to retaining breach counsel within hours after receiving a new claim and being on a call with counsel and the insured shortly after that to discuss the breach. Often the result of that call is a to recognize the need for forensic investigator. A second call happens with the insured, counsel, the adjuster, and the forensics team. All this typically is done within 24-36 hours after the adjuster receives the assignment.
There are two reasons for this. If the hackers have left evidence in the insured’s system, the forensic investigator wants to get that evidence before the insured restores its systems in a way that might destroy it or critical logging “rolls over.” More importantly, not every hacker attack leads to a breach of information. If there is any chance of stopping an attack before it becomes a breach, the investigator, counsel, and insured must act quickly.
This schedule makes the 20-30 days between the filing of a complaint and the due date for an answer seem leisurely.
2. Recognize and deal with coverage issues quickly
If your company manages coverage in house, get the file in the hands of a coverage adjuster or attorney. Even with that done the claim adjuster still must consider coverage issues while overseeing the claim.
First, cyber policies cover generally both liability to the insured resulting from a cyber event, and the insured’s own losses, which can include remediation of its computer system, amounts spent to protect or restore its reputation, and sometimes lost business income. Even if a court finds cyber coverage where an insurer did not think it existed, that “Silent Cyber” coverage is likely to extend only to first party claims or liability claims, not to both. The adjuster must be able to explain this before the insured develops unwarranted expectations.
Next, the claim-handling adjuster must be able to understand and apply the language of a particular policy to determine what parts of a loss might be covered. For example, under a businessowner’s policy, an adjuster may need to understand whether the insured has suffered “direct physical loss of or damage to” covered property. As National Ink points out, “physical” may not mean the same thing as “visible.” Computers rearrange “the atoms or molecules of a disc or tape” to store data. National Ink, 485 F.Supp. 3d at 684.
In the end, Nat’l Ink turned on policy language. The policy before that court expressly included electronic storage media (and the data stored on them) as covered property. Other cases construed policies that did not include data as covered leading to the conclusion that data was not covered because it “cannot be touched, held, or sensed by the human mind; it has no physical substance.” Id. At 683, quoting State Auto Prop. And Cas. Ins. Co. v. Midwest Comp. & More, 147 F.Supp. 2d 1113 (W.D. Okla. 2001).
3. Act Quickly but Deliberately
A claim under a businessowner’s or crime policy may not proceed on the compressed schedule of a claim under a true cyber policy. But in such a claim, the traditional adjuster may face all or some of the same reasons a cyber claim moves so quickly—an insured may still be facing an active attack, attackers may be shifting their tactics quickly to meet any initial response, and all these forces are acting on electronic data which, by its nature, can change constantly. As in the National Ink case, the adjuster may have to deal with an insured whose data is not accessible and wants access to it immediately. That wish may run counter to the needs of a forensic investigation.
An adjuster not familiar with these issues may find intramural assistance. If working for a company that writes cyber insurance the adjuster should reach out to a counterpart in cyber claims for advice. Is this a case where a forensic vendor might assist in defending the claim or mitigating damages? If so, the earlier the adjuster can bring such a vendor on board, the better. But it generally is better to follow the practice of the adjusters, who allow breach counsel to retain the forensic specialists to cloak their work with attorney-client privilege.
Is this a case that trusted defense counsel can manage, or does the adjuster need to consider retaining counsel with knowledge of cyber issues? A cyber adjuster may be helpful in making this call. If there is a genuine need for either an expert or for counsel conversant with cyber issues, the cyber adjuster can help identify experts and counsel who already are on the insurer’s panel.
If the traditional adjuster does not have access to a cyber adjuster in the same company, the next step may be to vet law firms already on the carrier’s approved list. If a panel firm also has a cyber practice the adjuster may find help in a familiar place. In firms that have a data security practice there may be overlap between attorneys who do defense or coverage work and advise clients on data security.
Advice and foresight from these sources can help the non-cyber adjuster address the need to act quickly, but correctly.
4. Understand— and help the insured understand—the need to preserve evidence
Many adjusters are accustomed to addressing early in a claim whether physical evidence exists, and whether it has been preserved. But in the electronic world—where evidence can include the data stamp on a data file, that changes whenever it is accessed—adjusters must act quickly. This highlights again the requirement to have access to forensics experts who can save an evidentiary copy of the insured’s data and systems software, and who know how to keep that information under a proper chain of custody so it can be used as legal evidence.
The need to preserve such evidence can runs counter to the insured’s first thoughts after a cyber event—wiping hard drives of affected computers, using backup systems to restore compromised data, or gaining access to locked data using an encryption key purchased from hackers. But the insured must preserve its data for several reasons:
Part of the sting of “Future Shock” is that the accelerated pace of change is not anticipated. In a world where most insureds rely on computers and networks to conduct day-to-day personal and commercial business, non-cyber adjusters must expect that they will face claims involving the use or loss of computer data and equipment. When that happens the adjuster must understand the need to act quickly and know who can help the adjuster get up to speed.
August 1, 2022 edition of the “NU Property Casualty 360º”© 202X ALM Global Properties, LLC. All rights reserved. Further duplication without permission is prohibited, contact 877-256-2472 or [email protected].