Tag Archives: insurance policy

START SPREADIN’ THE NEWS…NEW YORK’S HIGHEST COURT SAYS PRO RATA ALLOCATION IS LEAVING TODAY

new_york_1

Guest Blogger: John G. Koch, Weisbrod Matteis & Copley PLLC

In a much anticipated decision, New York’s highest court handed policyholders a significant victory in In re Viking Pump, Inc. & Warren Pumps, LLC, Insurance Appeals, No. 59 (N.Y. May 3, 2016).  In the context of long-tail bodily injuries or property damage spanning multiple policy periods, the Court declared that policy language is the King of New York and trumps all else when determining whether the “all sums” or “pro rata” allocation approach applies to a liability insurer’s indemnity obligation.  Specifically, the Court held that the “all sums” approach applies to an insurer’s indemnity obligation where the policy contains language inconsistent with a pro rata approach. In this case, the Court reasoned that a “non-cumulation” or “anti-stacking” clause is inconsistent with allocating an insurer’s liability on a pro rata basis.  Although Viking Pump dealt only with the duty to indemnify, its ruling applies to the broader duty to defend and bolsters existing case law recognizing that the duty to defend language in most general liability policies cannot be reconciled with a pro rata allocation approach.

To put the Viking Pump decision in context, insurers usually prefer a pro rata approach, meaning they can only be liable for their share of a loss based on the time period their policies were in force compared to the overall period that the long term injury or property damage occurred.  This rests on the legal fiction that a single indivisible loss taking place over many years can be treated as one occurrence in each successive policy period, which is an expedient method for dividing the indivisible loss among multiple successive policies based upon each policy’s time on the risk, as opposed to the extent of actual injury or damage that took place during any specific period.  Id.  As the Court stated, the foundation of this approach is that no insurer will have to pay for any injury or damage that occurs outside of its policy period.  Viking Pump, slip op. at 11-12.

Insurers usually prefer the pro rata approach because their risk is typically reduced and the risk of lost policies, insurer insolvencies or other gaps in coverage may fall upon the policyholder.  In contrast, under the “all sums” approach, each successive insurance policy triggered by a long term injury or damage is, essentially, jointly and severally liable for the entire loss up until the policy’s limits are exhausted.  Under this approach, the insured may target one or many insurers for the entire loss, leaving it to the insurers to seek contribution from one another.

Prior to Viking Pump, insurers often brandished Consolidated Edison Co. of New York v. Allstate Insurance Co., 98 N.Y.2d 208 (2002), to assert that New York is a “pro rata” state.  But in Viking Pump, the Court of Appeals distinguished and limited the reach of Consolidated Edison by pointing out that it never formed a blanket rule for pro rata allocation and that the policies in Consolidated Edison did not contain non-cumulation or similar clauses.  Viking Pump, slip op. at 11-12.

The Viking Pump Court held that non-cumulation clauses are antithetical to the concept of a pro rata allocation.  Non-cumulation clauses essentially provide that where a single loss triggers successive policies, any amount paid by a prior policy will reduce the limits of the policy containing the non-cumulation clause.  The original purpose of the clause was to prevent policyholders from double dipping when the industry made the switch from accident based policies to occurrence based policies.  Non-cumulation clauses are inconsistent with a pro rata allocation because they “plainly contemplate that multiple successive insurance policies can indemnify the insured for the same loss or occurrence,” whereas the entire premise underlying pro rata allocation is that an insurer cannot be liable for the same loss to the extent the loss occurs in another insurer’s policy period – hence the legal fiction that a separate occurrence takes place in each successive policy period.  Id. at 18 (emphasis added).  The two provisions are logically inconsistent.  Thus, adopting the pro rata approach would render the non-cumulation clause superfluous in violation of New York’s principles of policy interpretation. For this reason, the Court determined that the “all sums” approach applies to policies containing a non-cumulation clause.

In addition to the pro rata versus all sums allocation issue, the Court determined that the proper method for allocating between primary and excess layers of insurance under the “all sums” method is vertical exhaustion – meaning that a single primary policy may be required to respond to the long term loss up to its policy limits, at which time the excess coverage above that policy is pierced on an all sums basis.  The Court rejected the argument that horizontal exhaustion should apply, where all primary coverage would have to be exhausted before any excess coverage must respond to a loss, noting that the excess coverage was tied to the exhaustion of only the underlying policy, not prior or subsequent policies.  Thus, the Court ruled that vertical exhaustion is the appropriate method.

Although Viking Pump specifically addressed the effect of non-cumulation clauses, it undoubtedly stands for the propositions that: (1) no blanket rule controls how an  insurer’s indemnity obligation must be allocated, and (2), where language or a clause in an insurance policy is inconsistent with the pro rata approach, pro rata allocation does not apply.

The latter point is especially important when considering the issue of whether the duty to defend is subject to pro rata allocation.  Most general liability policies provide that the insurer has a duty to defend “any suit” in which at least one potentially covered claim is alleged.  New York courts have interpreted this language as requiring the defense of the entire lawsuit so long as at least one claim is at least in part potentially covered.  A pro rata allocation is inconsistent with the language obligating insurers to “defend” “any suit” if at least one potentially covered claim is alleged.  Thus, the reasoning in Viking Pump suggests that the “all sums” approach is the appropriate method respecting the duty to defend and is consistent with the duty to defend language found in most liability policies.

To learn more, contact John G. Koch

Caveat Emptor in the Brave New World of Cyber Insurance Coverage

databreach

Guest Blogger:  Martin Bienstock, Weisbrod Matteis & Copley PLLC

There are two types of entities in the world, goes the adage: those who have learned that their data was breached; and those who just don’t know it yet.  The cost of these data breaches is no laughing matter, however; according to a recent study sponsored by IBM, the average data breach costs a company more than $200 for each record lost.[1]  (In the health-care sector, the cost are even greater, approaching $400 per-record lost record.[2])  The more records that are lost, the greater the per-record expense, so that a large data breach may give rise to exorbitant costs.[3]

Thoughtful executives can mitigate these costs through effective utilization of insurance coverage.  Insurance companies aggressively are marketing new cyber-insurance policies that provide first-party and third-party coverage in the event of a data breach.  Often, the new policies are accompanied by an exclusion in the entity’s Commercial General Liability Policy for losses arising from a data breach.

Entities entering the market for cyber coverage therefore must be vigilant to ensure that, at the end of the day, their efforts not yield less coverage than previously had been available.

Cyber Insurance Policies Are Often Conditioned Upon Maintaining a Particular Level of IT Security.

The new cyber policies typically require an applicant to complete a comprehensive assessment of its cyber security measures, affirming, for example, that it has in place “up-to-date, active firewall technology,” and “updated anti-virus software active on all computers and networks.”[4]   Coverage may be conditioned on the accuracy of these representations.[5]   In the event of a breach, if it turns out that the IT security information represented in the application form was inaccurate, coverage might not be available.

Thus, in one recent case,[6] an insurer sought to deny coverage because, among other things, the insured health-care provider had not maintained the level of IT security described in its application.  The insurer argued that the policy therefore was void.[7]  Under cyber-liability policies, then, an insured might be excluded from coverage in the event that it was negligent in implementing cyber-security measures – hardly the result that the insured had in mind when it purchased the policy.

Traditional CGL Policies Offer Some Protection for Data Breaches Even When the Insured Failed to Maintain Adequate IT Security.

When a data breach arises from an entity’s failure to maintain security, third-party coverage likely would be available under a standard Commercial General Liability Policy.  The standard CGL Policy provides coverage for “advertising injury.”  It defines such advertising injury to include injury caused by “oral or written publication, including publication by electronic means,” which “disclosed information about a person’s private life.”

This definition of “advertising injury” is ill-suited for costs arising from a data breach since it depends upon “publication.”  In the event of a data breach, many of the costs are unrelated to the actual publication of private data; the costs arise from the mere possibility of publication, not its actuality.  Conditioning data-breach coverage upon an irrelevant “publication” standard makes little sense.

Two recent cases highlight the limitation of relying on the “publication” standard to provide protection against data-breach claims.  In one case, electronic data concerning 50,000 employees fell out of a transport van and never was recovered.  The Connecticut Supreme Court held that the data had not been “published,” since there no factual support for the conclusion that the data, which was not in a readily usable format, ever was accessed by anyone.[8]  In contrast, in another recent case, the Fourth Circuit Court of Appeals affirmed a district court decision that damages resulting from a data-breach did constitute “advertising injury” because the information had been made available on the internet, and therefore was “published.”[9]

Cyber-data and Cyber-security policies can be better designed than the CGL “advertising injury” coverage, so that coverage is not dependent on publication.  But as some insureds have learned to their dismay, cyber-liability policies may be drafted to shift the costs of negligence back to the insured, and to make coverage unavailable for the very data breaches for which the insured purchased the insurance in the first place.

Caveat Emptor

Cyber-risk insurance therefore may serve a useful purpose by providing coverage that is targeted specifically towards data breaches, and that covers damages that go beyond the scope of the traditional CGL Policy. Buyers must beware however that the extra financial and administrative burden they assume in buying such policies not leave them worse-off than before.

For more information, please contact Marty at mbienstock@wmclaw.com or 202.751.2002.

 

[1] IBM 2015 Cost of Data Breach Study United States, conducted by Ponemon Institute LLC (May 2015) at 1.

[2] Id. at 7.

[3] Id. at 7.

[4] A sample cyber-risk policy issued by Travelers Group and containing these representations (last accessed on the date of publication) is available here .

[5] Id., Cyber-Risk Policy at III.M. (p. 22).

[6] Columbia Cas. Co. v. Cottage Health Sys., 15-cv-3432 (2015 C.D. Cal.).

[7] Id., Dkt No. 22.

[8] Recall Total Info. Mgmt., Inc. v. Fed. Ins., 317 Conn. 46, 115 A.3d 458 (2015).  The Connecticut Supreme Court adopted the reasoning of the appellate court in Recall Total Information Management, Inc. v. Federal Ins. Co., 147 Conn.App. 450, 465, 83 A.3d 664 (2014).

[9] Travelers Indem. Co. of Am. v. Portal Healthcare Sols., L.L.C No. 14-1944, 2016 WL 1399517, at *2 (4th Cir. Apr. 11, 2016).

New York High Court Refuses to Enforce Policy Provision That Would Nullify Coverage

Property insurance policies typically include a clause limiting the time (one to two years) after a loss within which the insured may sue the insurer. Generally, those clauses are enforced by the courts, and lawsuits commenced by insureds after the limitations period expires are dismissed. New York’s highest court, however, recently refused to enforce a contractual statute of limitations where the insured was unable to commence suit before the two-year limitation period expired. See Executive Plaza, LLC v. Pierless Insurance Company, (Feb. 13, 2014).

In addition to the two-year limitation period, the insurance policy in Executive Plaza also contained a clause that allowed for the recovery of “replacement cost,” but only after the damaged property is actually repaired or replaced. A fire destroyed the insured’s building, and it could not be reasonably replaced within two years. The insurer denied coverage based on the two-year limitation period.

Although New York courts had previously enforced even shorter limitations periods, the Executive Plaza Court refused to enforce the two-year limitations period because the insured was not able to commence suit before the limitations period expired. “A ‘limitation period’ that expires before suit can be brought is not really a limitation period at all, but simply a nullification of the claim.”

This case serves as an important reminder that insurance policies (and, indeed, all contracts) must be interpreted and applied in a reasonable manner. Insurance policy provisions, even if clear and unambiguous, should not be enforced if it will render coverage valueless.

Questions? Contact Lee Epstein at Weisbrod Matteis & Copley PLLC.

%d bloggers like this: