Following up on our recent post about a business interruption insurance decision by a Washington D.C. court, a federal judge in Missouri ruled last month, in Studio 417, Inc., et al. v. The Cincinnati Ins. Comp., No. 20-cv-03127-SRB, that businesses can sue their insurance carrier for business interruption losses caused by COVID-19.

Plaintiffs, owners of

On August 6, 2020, in Rose’s 1 LLC, et al. v. Erie Insurance Exchange, a District of Columbia trial court granted an insurer’s cross motion for summary judgment on the issue of whether COVID-19 closure orders constitute a “direct physical loss” under a commercial property policy. Plaintiff insureds (“Insureds”) own several restaurants in Washington D.C. that were forced to close and suffered serious revenue losses stemming from the Mayor’s orders to close non-essential businesses and ordering people to stay home. As a result, the Insureds made claims to Defendant Erie Insurance Exchange (the “Insurer”) under their policies that included coverage for “loss of ‘income’ and/or ‘rental income’” sustained “due to partial or total ‘interruption of business’ resulting directly from ‘loss’ or damage” to the property insured. The policy also stated that it “insures against direct physical ‘loss.’”

Dictionary Definitions Open to Interpretation

As the Court framed the issue, “[a]t the most basic level, the parties dispute whether the closure of the restaurants due to Mayor Bowser’s orders constituted a ‘direct physical loss’ under the policy.” To support their argument, the Insureds relied on dictionary definitions of “direct” as “[w]ithout intervening persons, conditions, or agencies; immediate;” and “physical” as pertaining to things “[o]f or pertaining to matter, or the world as perceived by the senses; material as [opposed] to mental or spiritual.” The policy defined “loss,” as “direct and accidental loss of or damage to covered property.”

The Insureds relied on these definitions to make three arguments. First, they argued that the loss of use of their restaurant properties was “direct” because the closures were the direct result of the Mayor’s orders without intervening action. The Court rejected that argument because those orders commanded individuals and businesses to take certain actions and “[s[tanding alone and absent intervening actions by individuals and businesses, the orders did not affect any direct changes to the properties.”

Second, the Insureds argued that their losses were “physical” because the COVID-19 virus is “material” and “tangible,” and because the harm they experienced was caused by the Mayor’s orders rather than diners being afraid to eat out. The Court also rejected that argument because the Insureds offered no evidence that COVID-19 was actually present on their properties at the time they were forced to close and the mayor’s orders did not impact the tangible structure of the properties.

Third, the Insureds argued that the policy’s definition of “loss” as encompassing either “loss” or “damage,” required the insurer to “treat the term ‘loss’ as distinct from ‘damage,’ which connotes physical damage to the property,” and thus “loss” incorporates “loss of use.” The Court rejected that argument and held that the words “direct” and “physical” modify the word “loss” and therefore any “loss of use” must be “caused, without the intervention of other persons or conditions, by something pertaining to matter—in other words, a direct physical intrusion [onto] the insured property.” The Court held that the Mayor’s orders did not constitute such a direct physical intrusion.
Continue Reading D.C. Judge Rules COVID-19 Closure Orders Do Not Constitute “Direct Physical Loss”

While businesses and their employees continue to operate in the “new frontier” of working-from-home during the COVID-19 pandemic and the gradual reopening of the economy, a serious risk continues to present itself: the threat of cybercrime. The increased use of remote access to work systems and related applications has made businesses a prime target for those unscrupulous individuals seeking to encroach on companies’ cyber-landscape. Flaws in VPNs, firewalls, and videoconferencing, for example, have exposed many companies’ electronic infrastructures to these incursions. Similarly, the at-home workforce has increasingly been subjected to social engineering attacks often cloaked as communications purporting to provide information about pandemic-related issues.

In addition to the technical measures necessary to confront these threats, businesses would be well-advised to ensure that their cyber insurance is up to date and responds to this challenging new environment. Such coverage may be found in a variety of insurance, including property policies, commercial crime bonds or in stand-alone cyber risk policies. Regardless of where it resides, cyber insurance typically provides coverage for data breaches, ransomware attacks and employee wrongdoing, and for loss of business income occasioned by covered occurrences.

While the jurisprudence related to these issues continues to develop, some recent cases provide insight into how courts may decide cyber coverage questions in the current environment. 

Ransomware – Covered

Earlier this year the U.S. District Court for the District of Maryland considered the issue of how first-party “computer coverage” responded to data loss resulting from a ransomware attack. In National Ink & Stitch, LLC v. State Auto Property & Casualty Ins. Co., No. SAG-18-2138, 2020 WL 374460 (D. Md. Jan. 23, 2020), the insured was an embroidery and screen printing business that stored business-related art, logos, designs and graphics software on a server that became compromised by a ransomware attack. Id. at *1. As a result, the insured needed to recreate stored data that it was unable to access because of the incursion. Id. Further, after the software was replaced and reinstalled by experts, there remained a likelihood that remnants of the virus lingered on the system, leaving the insured with the unpalatable choice of either “wiping” the entire system or purchasing a new server. Id.

The policy at issue responded to “direct physical loss of damage to Covered Property at the premises…caused by…any Covered Cause of Loss.” Id. “Covered Property” included electronic data processing, recordings or storage media such as film, tapes, disks, etc. in addition to data stored on such media. Id. at *1-2. Software was included as “covered property” in the policy. Id. at *1. The insurer denied the claim on the basis that the insured had not experienced direct physical loss or damage to its computer system to justify reimbursement of the cost of replacing the entire system. Id. at *2. That is, because the insured “only lost data and could still use its computer system,” the insurer took the position that there was no “direct physical loss” and, therefore, no coverage. Id.

In finding that the insured should be reimbursed for its losses, the court determined that the plain language of the policy “contemplates that data and software are covered and can experience ‘direct physical loss or damage’” Id. at *3. The court refused to credit the insurer’s argument that a loss of software and its related functionality was not a direct loss to tangible property simply because the insured could still use the system albeit in a diminished fashion. Id. Instead, relying on relevant case law, the court it recognized that the insured’s computer system, while still functional, had been rendered inefficient and its storage capability was damaged in a way that its data and software could not be retrieved. Id. at *4. Accordingly, the court ruled that the policy did not require the computer system to be completely unable to function in order to constitute covered “physical loss or damage”. Id. at *5.

In granting summary judgment in favor of the insured, the court viewed the system’s loss of use and reliability and impaired function to be consistent with the “physical loss or damage to” language in the policy. Id. This was so because “not only did [insured] sustain a loss of its data and software, but [it] is left with a slower system which appears to be harboring a dormant virus, and is unable to access a significant portion of software and stored data.” Id.
Continue Reading Cyber Coverage in the Age of COVID-19 Need Not Result in Pandemonium

On March 23, 2020, shortly after the Governors of California, New York, Connecticut and New Jersey issued orders closing non-essential businesses, we recommended that businesses review their insurance policies to determine if they had either business interruption coverage or civil authority coverage that might be available to lessen the economic blow of COVID-19.  As explained

The COVID-19 pandemic has leveled a blow against businesses everywhere. The Governors of New York, California, Illinois, and Pennsylvania, for example, have ordered all non-essential businesses to close their physical locations and the California Governor has ordered all residents, except those performing essential functions, to stay home. Governors across the country have issued orders restricting

On March 10, 2020, the New York Department of Financial Services (“DFS”), which regulates a wide variety of financial institutions, including banks, insurance companies, and investment advisors doing business in New York, issued a series of letters regarding the response to the Novel Coronavirus (“COVID-19”). In addition to providing guidance, DFS has asked all regulated