Listen to this post

Do you know what your insurance covers?

This is a deceptively simple question — risk managers rightfully expect to know the scope of their coverages when they build their insurance programs. Unfortunately, judicial interpretation of common policy terms can turn what should be a straightforward question into a morass of uncertainty.

This uncertainty is exemplified in recent case law interpreting cyber insurance policies. Many commercial cyber policies provide coverage for damages “resulting directly from” some underlying action, be it fraud, hacking, theft, etc. For example, ISO’s commercial cyber insurance policy states that “We will pay for ‘loss’ resulting directly from a ‘security breach’ ‘discovered’ during the policy period.”

Unfortunately, those three words – “resulting directly from” – can cause many complications. Insurers often interpret them to require an immediate connection between the breach and the loss (e.g., a hacker breaching a bank account to steal money). Under this restrictive interpretation, however, necessary and substantial costs associated with the hack could be left uncovered, such as crisis response costs, ransomware payments, and root cause analysis. Policyholders (rightfully) read the plain language of their coverage to include these costs, which are impossible to decouple from the underlying security breach.

Addressing this dispute, courts nationwide are split into two opposing camps: The “proximate cause” camp interprets a “direct” loss broadly to require only proximate causation. In contrast, the “direct means direct” camp interprets a “direct” loss strictly to require no intervening acts. For example, federal courts applying Pennsylvania, New Jersey, Louisiana, and Maryland law have all come down in the “proximate cause” camp. Meanwhile courts applying California, Virginia, Illinois, and Wisconsin law have come down in the “direct means direct” camp.

While differing substantive interpretations of the same policy language across different jurisdictions frustrates the goal of consistency for policyholders, it is at least foreseeable given the patchwork of jurisdictions applying the laws of 50 different states.

A Momentum Shift

In some jurisdictions the momentum may be shifting in favor of expanded coverage. In 2019 in Principle Solutions Group, LLC v. Ironshore Indemnity, Inc., the 11th Circuit rejected the “direct means direct” approach and applied the “proximate cause” standard under Georgia law to a commercial crime policy, finding that the “ordinary meaning of the phrase ‘resulting directly from’ requires proximate causation between a covered event and a loss, not an ‘immediate’ link.”

So, what does your policy cover?

The answer depends on what law applies. The inconsistent application of this common policy term creates a conundrum for policyholders that may have vastly expanded or constricted coverage under identical policy language. Therefore, it is critical for policyholders to be proactive, both when purchasing coverage and when bringing a claim, to understand the standard a reviewing court might apply to coverages, and plan accordingly by, for example, negotiating language consistent with the proximate cause approach or designating favorable governing law. When neither option is available, policyholders must be prepared for insurer attempts to narrowly interpret the phrase “directly resulting from” and recognize that the available coverage may be limited if the insurer prevails on the narrow interpretation. 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of G. Benjamin Milam G. Benjamin Milam

Ben Milam practices in the areas of financial services litigation and policyholder insurance coverage. Ben represents mortgage lenders on a variety of claims, including unfair trade practices, wrongful foreclosure, the Fair Credit Reporting Act (FCRA), the Fair Debt Collection Practices Act (FDCPA), the…

Ben Milam practices in the areas of financial services litigation and policyholder insurance coverage. Ben represents mortgage lenders on a variety of claims, including unfair trade practices, wrongful foreclosure, the Fair Credit Reporting Act (FCRA), the Fair Debt Collection Practices Act (FDCPA), the Real Estate Settlement Procedures Act (RESPA) and the Truth in Lending Act (TILA). He also represents policyholders in insurance coverage disputes, including title and liability insurance matters.

Photo of Aaron Campbell Aaron Campbell

Aaron Campbell practices in the areas of policyholder coverage and investigations. Representing policyholders, Aaron helps clients navigate a variety of complex insurance products, including commercial crime and cyber risk policies. His practice covers all aspects of policyholder insurance issues, from determining what coverages…

Aaron Campbell practices in the areas of policyholder coverage and investigations. Representing policyholders, Aaron helps clients navigate a variety of complex insurance products, including commercial crime and cyber risk policies. His practice covers all aspects of policyholder insurance issues, from determining what coverages and policies fit a client’s needs to claim management and litigation. Aaron also has extensive experience investigating and analyzing client losses arising from potential fraudulent and criminal behavior and aids clients in risk and loss mitigation surrounding those acts.