Listen to this post

As many policyholders are acutely aware, the insurance landscape is complex, with numerous insurers offering a wide range of available insurance programs.  While some coverage forms are standard, many are unique to specific industries and even to individual insurance companies. This diversity makes it critically important for policyholders to know the risks that their particular insurance policy covers and their responsibilities when seeking coverage. And often nowhere are these coverage nuances more crucial to properly understand than in determining what constitutes a “claim” under a given insurance policy and knowing how and when to provide notice of that claim to the insurer. This is especially true in the context of “claims-made” policies, which generally only provide coverage for claims made during the policy period. 

The Second Circuit’s recent decision in Match Group, LLC v. Beazley Underwriting Ltd., 2024 WL 3770709 (2d Cir. Aug. 13, 2024), highlights the significance of these issues and offers essential lessons that policyholders can leverage to better navigate their rights and obligations under claims-made policies, and to mitigate the risk of any missteps that may jeopardize the availability of their insurance coverage to protect against potential financial loss.

Match Group LLC v. Beazley Underwriting Ltd.

In Match Group, the parent company of the popular dating app Tinder was sued by John Mellesmoen, a product-development consultant who alleged that he was not paid for inventing the app’s “Super Like” feature. 

Mellesmoen’s attorneys sent Tinder a letter in February 2016, outlining Mellesmoen’s alleged meeting with Sean Radd, Tinder’s then-CEO, at a shopping mall where Mellesmoen first pitched his idea for the “Super Like” feature. The letter alleged Tinder stole Mellesmoen’s idea without compensating him and threatened suit against Tinder if it did not contact him to resolve his claims. Tinder did not provide the letter to its liability insurer. 

Mellesmoen later sued Tinder on August 18, 2016. Tinder provided notice of the lawsuit to its insurer on August 22 – two days after the end of the policy period.  The insurer denied coverage. While Tinder’s policy provided a notice “grace period,” which allowed Tinder to report claims up to 60 days after the end of the policy period, the grace period applied only to claims made within the last 60 days of the policy period. The insurer contended that Mellesmoen’s February 2016 letter constituted a “claim” under the policy, thereby obviating the protections of the policy’s grace period and rendering Tinder’s notice untimely. 

The policy defined a “claim” as a “demand . . . for money or services, including the service of a suit or institution of arbitration proceedings” or “a threat . . . of a suit seeking injunctive relief.” In its federal declaratory action, Tinder argued that while the letter was explicitly a “threat of a suit,” it did not seek injunctive relief.  And further, the letter was not a demand for money, service of a suit, or institution of arbitration, but rather simply an invitation to negotiate toward an amicable resolution of the dispute. According to Tinder, although Mellesmoen’s grievance might be resolved with the payment of money, his grievance might also be resolved another way – such as by providing Mellesmoen with recognition for his idea, or employment with Tinder, or by bestowing him with some other benefit besides money. The district court agreed with Tinder and denied the insurer’s motion to dismiss.

On review, the Second Circuit sided with the insurer, holding that Mellesmoen’s letter qualified as a “claim” under the policy, thereby triggering Tinder’s obligation to report the claim before the end of the policy period. The court reasoned that even though Mellesmoen did not outright demand a sum certain from Tinder, by stating in his letter that he had legal claims against Tinder that he believed he was entitled to compensation and that he would sue if Tinder did not contact him to resolve his claims, Mellesmoen was clearly seeking payment of money. 

While the Match Group case resulted in an unfortunate outcome for Tinder, it offers valuable lessons for other policyholders navigating the complexities of claims-made policies, particularly in understanding their obligations regarding claim identification and notice reporting.

Lesson 1: Understand the definition of a “claim.”

Policyholders must recognize that what constitutes a “claim” can vary significantly among policies. In Match Group, the court construed Mellesmoen’s letter as a claim because it indicated a right to compensation and threatened legal action. While a similar letter might not qualify as a “claim” under the provisions of other liability policies, policyholders should familiarize themselves with their policy’s definition of a “claim” to avoid missing critical reporting windows. 

Lesson 2: Know the notice reporting requirements.

Every claims-made policy will have specific notice provisions that dictate how and when claims should be reported to the insurer. And critically, not all notice provisions are created equal. For example, the market standard for claims-made notice reporting requirements is to provide a 60-day grace period that extends coverage to any claim made during the policy period so long as it is reported to the insurer within 60 days of the end of the policy period. However, some claims-made policies, as was the case with the Match Group policy, include non-standard grace periods that allow for reporting only of claims made during the last 60 days of the policy period. Match Group illustrates the coverage consequences of a policyholder’s failure to fully appreciate this potential difference.

Moreover, it is important for policyholders to recognize the impact of state laws on the calculation of their reporting deadlines. For example, in Match Group, the Second Circuit noted that New York’s General Construction Law Section 25 allows for “an extension of time when contractual performance is authorized or required on a weekend.” If a contract requires the performance of a condition on a weekend or public holiday, a party may have until the next succeeding business day “unless the contract expressly or impliedly indicates a different intent.” Tinder’s policy period ended on August 20, 2016 – a Saturday.  Because the district court concluded that the February 2016 letter was not a claim in the first place, it never analyzed the statute’s effect on the timeliness of Tinder’s notice to the insurer. The Second Circuit therefore remanded the case to the district court for further consideration of the issue. 

Understanding the interplay between state laws and insurance policy requirements is essential for ensuring compliance with reporting deadlines.  Policyholders must understand the impact of these nuances on their rights and obligations. By doing so, they can better protect themselves against potential pitfalls and maintain the coverage they need when faced with claims. 

Lesson 3: Audit and negotiate policy terms.

The Match Group case underscores the potential risks associated with non-standard notice reporting requirements for insureds under claims-made policies.  It also illustrates that the flexibility of market-standard notice provisions can offer essential protection to policyholders by providing broader reporting windows that account for unexpected delays in notifying insurers of a claim. Indeed, had Tinder’s policy included a standard 60-day grace period for claims reporting, the notice of suit to its insurer two days after the end of the policy period would have no doubt been timely.

To avoid similar issues, policyholders should regularly review their claims-made policies to pinpoint any stringent notice reporting requirements, such as those found in the Match Group policy. If they discover strict notice provisions, policyholders should feel empowered to negotiate for more favorable terms.  Aligning notice reporting requirements with market standards can enhance flexibility and safeguard coverage. Recognizing these differences is vital for policyholders to ensure they do not unintentionally compromise their coverage due to discrepancies between their policy’s terms and common industry practices.

Lesson 4: Document communications.

Clear documentation and communication with the insurer in claim reporting is essential. In the event of a dispute, having a well-maintained record of communications can support an insured’s position on timely reporting and compliance with policy requirements. Further, erring on the side of over-reporting potential claims (as notice of circumstances, for example) can be a prudent strategy depending on the availability of insurance limits, as it ensures that no claim goes unaddressed. Tinder’s failure in the Match Group case to provide notice promptly led to complications that likely could have been avoided with better documentation and reporting practices.

Lesson 5: Seek legal counsel.

Finally, when in doubt, seeking legal advice can prevent costly mistakes. Legal professionals can explain obtuse policy language and ensure that notice requirements are met, helping policyholders safeguard their coverage. The complexities of the Match Group case highlight the importance of consulting with experienced legal counsel to navigate insurance policies effectively. 

In sum, Match Group serves as a poignant reminder of the intricacies involved in navigating claims-made insurance policies. The decision underscores the necessity for policyholders to have a comprehensive understanding of their policies, particularly with respect to claim notice requirements. By recognizing these complexities and actively engaging with their policies, policyholders can safeguard against the risk of financial loss due to misunderstandings or misinterpretations of key coverage provisions. In an era where the nuances of insurance law can have significant legal and financial implications, ensuring that all obligations are met and that claims are appropriately reported can make all the difference. Ultimately, proactive management of insurance policies and a keen awareness of their terms will equip insureds to effectively maintain critical coverage and protect against potentially debilitating and otherwise avoidable financial loss.

Listen to this post

Sometimes defining the simplest phrases proves anything but simple. So learned the insurer in a property loss and bad faith case brought by its insured and decided earlier this year by the Pennsylvania Superior Court (Watchword Worldwide v. Erie Ins. Co., 308 A.2d 728 (Pa. Superior Ct. 2024)).

Watchword Worldwide engaged in the business of producing and selling Biblical videos.  Its sales process involved a customer’s use of a mobile application and an application programming interface (API) that verified the sale and delivered the purchased video. Watchword’s videos and its API were housed on a server owned by GoDaddy; Watchword leased an account on GoDaddy’s server under a license, but the server was owned by GoDaddy.

In 2017, Watchword learned that an unknown hacker had deleted its videos and API from the GoDaddy server. It asserted a claim against its property and liability insurer, seeking recovery under the policy’s electronic data coverage. The policy provided coverage for loss or damage to electronic data, “which is owned by you, licensed or leased to you, originates and resides in your computers, and is used in the e-commerce activity of your business.” The insurer, Erie, denied the claim, in part on the basis that Watchword’s data at the time of its loss resided on GoDaddy’s server, not Watchword’s.

Watchword then filed suit for breach of contract and bad faith against Erie. The jury returned a verdict in Watchword’s favor, and Erie appealed. The appeals court reversed the jury’s verdict, on the ground that Watchword had not adequately shown that its loss exceeded the policy’s deductible but ruled against the insurer on the “your computers” issue.

In a question of first impression – not only in Pennsylvania but apparently the country – the court ruled that “your computer” could reasonably both include or exclude computers the insured had a right to use but did not own. The court noted that policy did not define the term “your computer” and that no case law existed interpreting it and so applied the common understanding that “your computer” could reasonably apply to computers that the insured did not own but had a right to use. Because both definitions were reasonable, the term was ambiguous and therefore had to be construed in the insured’s favor. In this case, the term “your computer” was not defined, which allowed the court to apply its own common-sense definition that expanded coverage. Had the policy contained its own, more restrictive definition, the analysis could have come out very differently. The takeaway for policyholders here is that simple phrases in an insurance policy may not be so simple after all. It makes sense to check your electronic data coverage, particularly if your data is being preserved on or passing through servers or other computer facilities that you don’t technically own.

Listen to this post

Most policyholders are aware of the danger of losses from fraudulent instructions and invoices accomplished through what is known as “social engineering” or related methods. Often this is carried out by an email claiming to be from a vendor or company executive that provides instructions for payment to a fraudulent account. In some cases, the fraud can go on for months before it is detected, leading to losses of hundreds of thousands of dollars. 

Unfortunately, policyholders are sometimes unpleasantly surprised when their cyber insurance excludes or places limits on coverage for this type of fraud. Unlike many other kinds of insurance, cyber has not become standardized in the years since its inception. Instead, the cyber insurance market offers policyholders a menu of coverage options from which the organization must purchase specific insuring agreements that match its risk profile. This “à la carte” approach means that policyholders must pay close attention to the insuring agreements in their policies, as well as key conditions on this coverage. They must also recognize missing coverages because not all cyber policies offer social engineering or other theft-of-property coverages.

Confusing terminology compounds the problem: If given options to purchase coverage for (a) “computer fraud,” (b) “funds transfer fraud,” or (c) “fraudulent instruction,” would you know which one insures against an invoice your company received from a spoofed vendor email? As these terms are commonly used in the insurance market, the answer is most likely (c), but depends on the specific policy language. 

Where coverage does exist, it is frequently subject to sublimits that are much lower than the overall policy limits. Policyholders should consider whether, for example, a sublimit of $100,000 is sufficient for the expected risk of a fraud event or if higher limits are needed.

An important condition typically imposed by insurers requires policyholders to maintain and utilize procedures for verifying a transaction, such as using two-factor or “out-of-band” authentication before transferring funds. The organization should determine the specific procedures mandated by the policy or represented to the insurer during the application process, and confirm those requirements are being followed. Ideally, this will not only avoid forfeiting coverage, but may prevent the loss in the first instance. 

What about the reverse scenario when your customer is deceived by an email purporting to be from your organization? The customer may balk at paying the same invoice twice, or may argue that your company was at fault, particularly if the deception was aided by a breach of your own data. Some insurers will refuse to cover this type of event, reasoning that a third party, not the insured, has been defrauded. Other insurers expressly offer this coverage or make it available by endorsement. Coverage is usually available — but only if the insured understands its risks and obtains knowledgeable counsel from its coverage attorneys and brokers.