A Michigan federal court judge just ruled in favor of an insurance company in a cyber claim case in which the insured agreed to pay a Chinese vendor at certain intervals when the vendor hit certain production milestones. An unknown criminal group posed as representatives of the vendor and requested that the insured wire approximately $800,000 in payments for real invoices to a bank account controlled by the criminals. The insured wired the funds to the fraudulent bank account.
The policy in question contained language stating that:
The Company will pay the Insured for the Insured’s direct loss of, or direct loss from damage to, Money, Securities and Other Property directly caused by Computer Fraud.” The judge found that “[g]iven the intervening events between the receipt of the fraudulent emails and the (authorized) transfer of funds, it cannot be said that ATC suffered a “direct” loss ‘directly caused’ by the use of any computer.
The decision can be found here:
In contrast, just a few weeks ago a New York federal court judge ruled in favor of an insured in regards to a large cyber liability claim. See Medidata Solutions, Inc. v. Federal Insurance Company, No. 1:15-cv-00907 (S.D.N.Y. July 21, 2017).
This disparity in outcomes highlights the continued uncertainty in how courts will rule on insurance coverage issues regarding cyber claims.