Cyber Risk Insurance Litigation Next Chapter: Bad Faith, the Reciprocal Obligation to Read the Policy and Following Alice Through the Cyber Risk Insurance Looking Glass

Claims handling in cyber risk matters may be more time-sensitive than other lines of insurance and delays can be subject to heightened judicial scrutiny. Dilatory claims handling may, at least in Utah, give rise to bad faith allegations even after a court has held there is no duty to provide coverage at all. To paraphrase Lewis Carroll, the author of Alice’s Adventures in Wonderland, this is most curious, and about to get curiouser.

This latest twist on the case of Travelers v. Federal Recovery Services, Inc., 2016 WL 146453 is an example of how courts may grope along the lanes of cyber risk when there are no lights of precedent to guide them. The U.S. District Court for Utah, ruled in May, 2015 that the insurer, Travelers Insurance, had no duty to defend its insured, Federal Recovery Services, Inc. (“FRS”), because the policy it issued was for technology errors and omissions, while the claim against the insured alleged intentional conduct. This case was notable for its warning to insureds to read cyber risk policies carefully.

Ah, but as the saying goes, “What goes around, comes around.” The duty to read the policy terms carefully, according to the Utah court, is reciprocal. FRS tendered the claim in December, 2012, but Travelers did not deny coverage until the papers with regard to the suit against FRS were served, in June, 2013. In its claims for bad faith and breach of a covenant of fair dealing, FRS alleged that presentation of suit papers was not a requirement for notice of claim, as per the policy, and thus Travelers acted improperly in delaying its denial of coverage until it received the Summons and Complaint in the underlying litigation.

On January 12, 2016 the court, found issues of fact on the bad faith and breach of covenant of fair dealing claims to warrant a trial. Yes, the court had found previously that Travelers had no duty to defend or indemnify FRS. One is then left to scratch one’s head and ask, “If there is no coverage, what is the end result of a bad faith and covenant of fair dealing claim? What are FRS’s damages if the court has ruled that there is no coverage, other than continued legal fees for both sides? Can FRS prove the damages it claims from Travelers’ allegedly dilatory denial of coverage?”

This case is far from over, and we will follow its journey through the cyber risk looking glass.

If you have questions regarding cyber risk insurance coverage, please contact Kenneth N. Rashbaum.