A federal court recently found that a policyholder adequately plead that a loss of hundreds of thousands of dollars through wire fraud is covered under a commercial crime policy. In Landings, Yacht, Golf, and Tennis Club v. Travelers Casualty and Surety Company of America Case No. 2:22-cv-00459, Landings Yacht, Golf, and Tennis Club (“Landings”) sued Travelers Casualty and Surety Company of America (“Travelers”) under a crime policy for denying coverage for: (1) about $6,885.79 in unauthorized withdrawals (“First Withdrawal”) from users purporting to be Landings and (2) $575,723.95 in withdrawals made by a third-party purporting to act on behalf of Landings (“Second Withdrawal”).[1]
Travelers moved to dismiss Landings’ complaint, arguing that the alleged wire fraud was not covered under the policy because the fraudulent transfers did not meet the requirements necessary to trigger coverage under the crime policy. Travelers argued that the policy requires fraudulent wire transfer instructions be transmitted or issued by someone purporting to be the insured, and the complaint alleged the instructions were transmitted by someone purporting to act on behalf of the insured, not someone purporting to be the insured.
The Court granted Travelers motion to dismiss in part and denied it in part. The Court found Landings’ allegations about the First Withdrawal sufficient to defeat Travelers’ motion to dismiss, but found the allegations about the Second Withdrawal insufficient because Landings had alleged that the fraudulent instructions for the Second Withdrawal were transmitted by someone acting on the insured’s behalf and the policy defined “insured” to mean Landings or a formal subsidiary, but not a separate entity acting on behalf of Landings. The Court, however, granted Landings leave to amend the allegations related to the Second Withdrawal. Ultimately, Landings filed an amended complaint, and the Court found the amendment sufficient to overcome Traveler’s motion to dismiss for the Second Withdrawal as well.
Landings highlights the increasingly common threat companies are facing with wire transfer fraud. And while companies often turn to their insurance to recover their resulting loss, insurance companies are largely denying coverage for wire fraud transactions arguing that certain actions – whether it’s the insured’s employee or fraudulent instructions from a bad actor that may not exactly fit the policy requirements – break the causal chain between the bad actor’s use of the computer and the insured’s loss. See our previous blog posts here and here where courts have found coverage under crime policies for fraudulent wire transfers, and our blog post here where a court concluded that the fraudulent wire transfer was not covered.
Understanding policy language is key to avoid the unpredictability associated with litigation. Although some policies have traditionally provided “silent cyber coverage,” coverage not primarily intended to cover cyber losses but which nonetheless applies to cyber-related losses based on broadly worded insuring agreements, insurers are introducing broad exclusions or restrictive language to curtail such coverage—making it all the more important for businesses to ensure that their insurance portfolio specifically targets cyber risks. Waiting until an incident occurs may be too late. Policyholders should act now, by reviewing their insurance policies with trusted coverage counsel, to ensure their coverage expectations are being met so they are protected and can maximize insurance recovery if a loss occurs.
FOOTNOTES
[1] Landings also sued Swiss Re Corporate Solutions America Insurance Corp. and Peleus Insurance Co. under a cyber policy. See The Landings Yacht, Golf and Tennis Club Inc. v. Swiss Re Corporate Solutions America Insurance Corporation et al., No. 2:22-cv-00459 (M.D. Fla.). That case is pending a decision on Swiss Re’s and Peleus’s motion for judgment on the pleadings.