(Article from Insurance Law Alert, February 2020)
For more information, please visit the Insurance Law Alert Resource Center.
Most recent cyber-coverage decisions have focused on interpretation of Computer Fraud provisions. See January 2020 Alert; May 2019 Alert; July/August 2018 Alert; May 2018 Alert. In a decision issued last month, a Virginia federal district court addressed other issues that may arise in the cyber claim context: which act constitutes the operative “occurrence” in an email phishing scheme; the number-of-occurrences presented by cyber claims; and the location of the occurrence for purposes of a territory provision. In addition, the court ruled on the scope of admissible expert testimony in this context. Quality Plus Svs., Inc. v. National Union Fire Ins. Co. of Pittsburgh, PA, 2020 WL 239598 (E.D. Va. Jan. 15, 2020).
Over the course of about two weeks, a Quality Plus employee received five emails, purportedly from the President of the company, instructing her to make wire transfers to banks in Mexico and Hong Kong. After the payments were made, Quality Plus discovered that the emails were fraudulent and sought coverage under a Funds Transfer Fraud provision. The provision, which covered loss “resulting directly from a Fraudulent Instruction directing a financial institution to transfer, pay or deliver Funds,” contained a $1,000,000 per occurrence limit with a $10,000 deductible.
National Union argued that Funds Transfer Fraud coverage was inapplicable and that several exclusions barred coverage. In addition, National Union claimed that a Territory Condition, which limited coverage to loss “resulting directly from an Occurrence taking place within the United States of America,” precluded coverage.
The court ruled that the operative “occurrence” was the transmission of the emails by the criminals (rather than Quality Plus’s instructions to the banks to transfer the funds). However, the court ruled that coverage could not be decided as a matter of law based on the following disputed issues of fact:
The Location From Which The Sender Transmitted The Emails: National Union argued that the terms of the Territory Condition were not met because evidence indicated that the fraudulent emails were sent from Nigeria. In response, Quality Plus contended that the IP addresses could have been fabricated and proffered testimony that one of the purported hackers “sounded American, with no identifiable accent” during a phone call with Quality Plus’s President. Emphasizing that the location of the origin of the emails would be outcome determinative as to coverage, the court denied summary judgment on this issue.
The Number Of Occurrences: The policy defined “Occurrence” as an act or event, or combination or series of acts of events “committed by the same person acting alone or in collusion with other persons.” Quality Plus argued that the losses resulted from five separate occurrences because different individuals were responsible for sending each fraudulent email. It emphasized that the emails contained at least four different signature blocks and that the five transactions occurred over a seventeen-day period and involved four different banks in two countries. In contrast, National Union claimed that there was only one occurrence because the emails were sent by the same person acting alone or in concert with others, as evidenced by the common IP addresses and other similarities. The court concluded that the number-of-occurrences issue should be decided by the finder of fact, based on evidence relating to common identifying characteristics (or lack thereof) in the emails.
Finally, the court denied Quality Plus’s motion to exclude National Union’s expert witness. The expert’s opinion supported National Union’s contention that the emails were similar to each other and were sent from Nigeria. The court ruled that the expert met the standards set forth in Federal Rule of Evidence 702, finding that his specialized cybersecurity knowledge would help the trier of fact to understand the evidence and that his opinions were based on reliable principles and methods.