Navigating today’s complex risk environment can be a monumental task. Steve Shappell, Alliant Claims & Legal, spearheads Executive Liability Insights, a monthly review of news, legal developments and information on executive liability, cyber risk, employment practices liability, class action trends and more.
FEATURED ARTICLE
D&O CARRIER CANNOT DENY COVERAGE BASED ON INSURED VERSUS INSURED EXCLUSION DUE TO BANKRUPTCY EXCEPTION
In re Walker County Hosp. Corp., 2024 Bankr. LEXIS 2440 (Bankr. S.D. Tex. Oct. 3, 2024).
A bankruptcy court recently found that an Insured v. Insured Exclusion (the “IvI Exclusion”) in a D&O policy did not exclude coverage for the former CEO of the Insured, which operated a non-profit hospital (the “Hospital Corporation”).
In This Issue:
EXCESS CARRIERS WITH AN EXPRESS DISCLAIMER ON DUTY TO DEFEND ARE NOT REQUIRED TO ADVANCE DEFENSE COSTS
Argonaut Ins. Co. v. Gid Inv. Advisers Corp., 2024 U.S. Dist. LEXIS 159609 (Sept. 5, 2024).
A federal judge ruled that two excess insurance carriers (the “Carriers”) had no duty to defend or advance defense costs that a property management company (the “Company”) incurred during a multidistrict antitrust class action lawsuit (the “Lawsuit”).
Read More >>
INSURER CANNOT DENY COVERAGE FOR DEFENSE COSTS BASED ON BREACH OF CONTRACT EXCLUSION DUE TO PROFESSIONAL SERVICES EXCEPTION
Domus BWW Funding, LLC v. Arch Ins. Co., LEXIS 162245 (E.D. Pa., Sept 10, 2024).
A federal court recently found that an insurer (the “Carrier”) was required to advance defense costs related to an Insured’s lawsuit with a third party for asset management services covered under its professional liability policy.
Read More >>
COURT HOLDS THAT LATE NOTICE PREJUDICED AN EXCESS CARRIER AND RELIEVES CARRIER FROM PROVIDING A DEFENSE
Atos Syntel Inc. et al v. Ironshore Indemnity Inc., 21-cv-1576 (S.D.N.Y Sept. 17, 2024).
A U.S. District Court recently held that an excess E&O Insurer (the “Carrier”) did not owe coverage to an Insured who noticed a multi-million dollar claim nearly three years after the applicable policy period. This case stems from a trade secret lawsuit filed against the Insured that resulted in a large judgment.
Read More >>
THE IMPORTANCE OF INDEMNIFICATION PROVISIONS IN CONTRACTS WITH THIRD PARTY VENDORS
Axis Ins. Co. v. Barracuda Networks, Inc., 2024 U.S. Dist. LEXIS 162435 (D. Mass., Sept. 9, 2024).
A federal court dismissed a claim against a cybersecurity company for a breach that involved confidential information of thousands of patients of a medical device company.
Read More >>
NO COVERAGE FROM EXCESS INSURERS UNTIL EXHAUSTION IS SHOWN
Fox Paine & Co., LLC v. Twin City Fire Ins. Co., 104 Cal. App. 5th 1034 (Cal. Ct. App. Sept. 5, 2024).
An Insured, a private equity management firm, sued its excess carriers, alleging breach of contract for failing to cover its litigation costs in an underlying action. The excess carriers sought to dismiss the lawsuit arguing that the Insured did not allege, and could not allege, exhaustion of the underlying policies.
Read More >>
FTC SETTLEMENT WITH HOTEL CHAIN PLACES CYBERSECURITY IN FOCUS
A recent settlement order proposed by the Federal Trade Commission (FTC) with a hotel chain and its subsidiary (the “hotel chain”) requires the hotelier to implement “a robust information security program.” The order would conclude a long-standing investigation by the FTC into three data breaches at the hotel chain from 2014 to 2020, which impacted over 344 million domestic and international customers.
Read More >>
CYBER CORNER
Click to read the following cases:
- THE RISING COSTS OF CYBER RECOVERY: COMPLEX SYSTEMS, COSTLY VENDORS AND REGULATORY SCRUTINY
- REGULATORS STEP UP DATA PRIVACY ENFORCEMENT: WILL YOUR CYBER INSURANCE RESPOND?
- NO COVERAGE UNDER CYBER POLICY FOR EMPLOYER’S UNAUTHORIZED USE OF BIOMETRIC DATA
Read More >>
EMPLOYMENT CORNER
Click to read the following cases:
- SCOPE OF WAGE AND HOUR VIOLATIONS EXCLUSION EXTENDS TO RELATED ERISA FIDUCIARY LIABILITY CLAIMS
Read More >>
SECURITIES CORNER
Click to read the following cases:
- SEC COMMISSIONERS CALL FOR MORE GUIDANCE ON RECORDKEEPING RULES
- SECURITIES CLASS ACTION SETTLEMENTS TREND HIGHER WHEN A DERIVATIVE LITIGATION TAGS ALONG
- SEPTEMBER 2024 NOTEWORTHY ENFORCEMENT ACTIONS FILED
- SEPTEMBER 2024 NOTEWORTHY SETTLEMENTS AND JUDGEMENTS
Read More >>
SHAREHOLDER CORNER
Click to read the following cases:
- SEPTEMBER 2024 SECURITIES CLASS ACTION FILINGS
Read More >>
D&O CARRIER CANNOT DENY COVERAGE BASED ON INSURED VERSUS INSURED EXCLUSION DUE TO BANKRUPTCY EXCEPTION
In re Walker County Hosp. Corp., 2024 Bankr. LEXIS 2440 (Bankr. S.D. Tex. Oct. 3, 2024).
A bankruptcy court recently found that an Insured v. Insured Exclusion (the “IvI Exclusion”) in a D&O policy did not exclude coverage for the former CEO of the Insured, which operated a non-profit hospital (the “Hospital Corporation”). During its pre-filing for bankruptcy, the Hospital Corporation became the debtor-in-possession of the bankruptcy estate and sent its former CEO several demand letters for payment of damages. The letters alleged that the CEO breached their contractual responsibilities to the Hospital Corporation, as well as breached their fiduciary duties. During bankruptcy, the estate, along with the Hospital Corporation’s unsecured creditors filed suit against the CEO.
Allied World Specialty Insurance (the “Carrier”), after initially assigning defense counsel and reserving rights as to coverage, subsequently denied coverage based on the Policy’s IvI Exclusion and withdrew its defense of the matter. In the rationale for the denial, the Carrier argued that the Policy excluded coverage for claims brought by the Hospital Corporation against the former CEO. However, the Exclusion included an exception for “any Claim brought or maintained by or on behalf of a bankruptcy or insolvency trustee, examiner, receiver or similar official for the Company or any assignee of such trustee, examiner, receiver or similar official.” The CEO argued the exclusion did not apply because the Hospital Corporation as the debtor-in-possession was akin to “a bankruptcy or insolvency trustee, examiner, receiver or similar official for the Company.”
The court found that although "debtor-in-possession" was included within the definition of the Company, which would trigger the Exclusion, a debtor-in-possession is a similar official to a bankruptcy trustee and is thereby authorized under the Policy's bankruptcy exception to bring a Claim on behalf of a "debtor." Because a debtor-in-possession has substantially the same authority as a bankruptcy trustee, it must be a "similar official" to a bankruptcy trustee under the exclusion's bankruptcy exception. Therefore, the Carrier was obligated to provide coverage for the demand letters and adversary proceedings under its Policy
EXCESS CARRIERS WITH AN EXPRESS DISCLAIMER ON DUTY TO DEFEND ARE NOT REQUIRED TO ADVANCE DEFENSE COSTS
Argonaut Ins. Co. v. Gid Inv. Advisers Corp., 2024 U.S. Dist. LEXIS 159609 (Sept. 5, 2024).
A federal judge ruled that two excess insurance carriers (the “Carriers”) had no duty to defend or advance defense costs that a property management company (the “Company”) incurred during a multidistrict antitrust class action lawsuit (the “Lawsuit”).
The Carriers sought a declaration from the court that the Lawsuit was not covered under the excess policies. The Carriers, who followed form, denied coverage based on the primary policy’s language which expressly disclaimed the Insurers’ duty to defend, stating:
(A) It shall be the duty of the Insured and not the duty of the Company to defend Claims made against the Insured. The Insured shall have the sole obligation under this Policy to retain defense counsel, which shall be subject to the approval of the Company, which shall not be unreasonably withheld . . . .
In assuming that the primary policy included a duty to defend, the Company argued that a common law “potential coverage” standard applied, and the Carriers had to advance defense costs. Additionally, the Company cited an amplifier endorsement and argued that it created an obligation to provide defense costs, as it stated that: “Defense Costs shall be advanced on a current basis, but no later than ninety (90) days after receipt by the [Carrier] of invoices or bills detailing such Defense Costs and all other information requested by the [Carrier] with respect to such invoices or bills.” The court found that the Lawsuit was not covered under the policies, noting that the Endorsement did not convert the policy into a Duty-to-Defend-type.
The court examined the primary policy, finding that the Carriers had no duty to defend. Interpreting the primary policy’s disclaimer (or, simply put, non-duty-to-defend language), the court noted that while the Carriers could advance defense costs, they had the sole discretion over exercising these advancements. This meant that the Company was responsible for incurred defense costs. Thus, the Carriers were not obligated to defend or advance defense costs from the Lawsuit based on the policy’s language.
INSURER CANNOT DENY COVERAGE FOR DEFENSE COSTS BASED ON BREACH OF CONTRACT EXCLUSION DUE TO PROFESSIONAL SERVICES EXCEPTION
Domus BWW Funding, LLC v. Arch Ins. Co., LEXIS 162245 (E.D. Pa., Sept 10, 2024).
A federal court recently found that an insurer (the “Carrier”) was required to advance defense costs related to an Insured’s lawsuit with a third party for asset management services covered under its professional liability policy.
The underlying lawsuit stemmed from the breach of a lease agreement between two housing companies. The Insured, a private equity group (the “PE Group”), had acquired an entity as part of its investment strategy of purchasing a struggling company's outstanding debt, extending additional loans to that company, and later collateralizing the debt and foreclosing on the company. The PE Group sought coverage under its equity management and professional liability policy for defense costs incurred for the lawsuit and related bankruptcy proceedings. The Carrier denied coverage, citing the policy’s contract exclusion.
In the subsequent coverage litigation, the PE Group argued that the contract exclusion did not apply due to a carve back in the exclusion for Loss “resulting from” Asset Management Services. The court determined that, based on the “resulting from” language, the carve back to the contract exclusion applied where the PE Group could show that its asset management services were the substantial and proximate cause of its incurred defense costs. The court found that regardless of the subsequent breach of the lease agreement, the PE Group’s defense costs in the underlying litigation arose from its investment strategy and management of the defaulting entity. Therefore, the Loss was a proximate result of the PE Group’s Asset Management Services, and the Carrier was required to advance defense costs pursuant to the carve back in the contract exclusion.
COURT HOLDS THAT LATE NOTICE PREJUDICED AN EXCESS CARRIER AND RELIEVES CARRIER FROM PROVIDING A DEFENSE
Atos Syntel Inc. et al v. Ironshore Indemnity Inc., 21-cv-1576 (S.D.N.Y Sept. 17, 2024).
A U.S. District Court recently held that an excess E&O Insurer (the “Carrier”) did not owe coverage to an Insured who noticed a multi-million dollar claim nearly three years after the applicable policy period. This case stems from a trade secret lawsuit filed against the Insured that resulted in a large judgment.
The primary insurer accepted coverage and eventually exhausted its limits. Following the primary layer’s exhaustion, the Insured sought coverage from the excess Carrier for its remaining defense costs. The excess Carrier denied coverage and argued that because the Insured never included the excess Carrier in the initial notice of claim, the Insured’s notice was untimely.
The lower court acknowledged that state contract law favored the Insured which allowed for notice, whether it resulted in prejudice to either party. However, the lower court held that the notice was untimely.
This court agreeing with the lower court held that notice was untimely and, as a result, the excess Carrier was undoubtedly prejudiced by the Insured’s years-long delay. The court reasoned that the excess Carrier was stripped of the opportunity to engage in settlement negotiations, attorney-selection discussions, and was never appraised of material developments.
THE IMPORTANCE OF INDEMNIFICATION PROVISIONS IN CONTRACTS WITH THIRD PARTY VENDORS
Axis Ins. Co. v. Barracuda Networks, Inc., 2024 U.S. Dist. LEXIS 162435 (D. Mass., Sept. 9, 2024).
A federal court dismissed a claim against a cybersecurity company for a breach that involved confidential information of thousands of patients of a medical device company.
An employee of the cybersecurity company left a port open during a data migration process, exposing the patients’ personal data. The cybersecurity company did not have a direct contract with the medical company. Instead, the contractual relationship was between the medical company and a business communications company, which in turn had contracted with the cybersecurity company that caused the exposure. The two impacted businesses assigned their rights against the cybersecurity company to the communication’s company’s insurer. The insurer pursued a recovery against the cybersecurity company (a process known as “subrogation”) on grounds of equitable indemnification and breach of contract.
The court rejected the Insurer’s arguments regarding equitable indemnification because the cybersecurity company was only an independent contractor, not an agent. As an independent contractor, it had no “vicarious” (or indirect) liability to the communications company. Because the contractual relationships were insufficient to hold the cybersecurity company liable, the court dismissed the claim.
The court also dismissed the insurer’s claim for breach of contract because the business communications company failed to include an indemnification provision in its consumer contract. Similarly, the cybersecurity company’s contract did not prescribe its duties in the event of a data breach, so the court concluded there was no breach of good faith and fair dealings.
The Takeaway
When cybersecurity services are outsourced to third party vendors, it is crucial for businesses to discuss potential coverage implications with their brokers during the underwriting process and to structure policies accordingly. Coverage for security failures on the part of vendors can be driven by policy language. It should not be assumed that an indirect contract with a vendor triggers coverage for the wrongful acts of the vendor. Moreover, pay close attention to indemnification provisions in the contracts with vendors.
NO COVERAGE FROM EXCESS INSURERS UNTIL EXHAUSTION IS SHOWN
Fox Paine & Co., LLC v. Twin City Fire Ins. Co., 104 Cal. App. 5th 1034 (Cal. Ct. App. Sept. 5, 2024).
An Insured, a private equity management firm, sued its excess carriers, alleging breach of contract for failing to cover its litigation costs in an underlying action. The excess carriers sought to dismiss the lawsuit arguing that the Insured did not allege, and could not allege, exhaustion of the underlying policies. The court agreed, finding the clear language of the excess policies did not trigger coverage until the exhaustion of the underlying coverage, which the Insured failed to show.
Following the settlement of the underlying dispute, certain insured parties sought and received reimbursement for costs incurred, which exhausted only the primary carrier’s policy limits. Other insured parties then filed suit against the primary carrier alleging they wrongfully distributed the entire insurance proceeds. This coverage litigation was settled, however additional coverage litigation was filed against the excess carriers.
The relevant exhaustion language in the policies included: “shall only be liable … after the total amount of all Underlying Limits of Liability has been paid in legal currency by the Issuers of all Underlying Insurance as covered loss thereunder” and “only provides coverage when the underlying limit of liability is exhausted by reason of the [carriers] of the underlying policies paying or being held liable to pay in legal currency the full amount of the underlying limit of liability as loss.” And “underlying limit of liability” was defined as “the combined limits of liability of the underlying policies, less any reduction or exhaustion of limits of liability due to payment of loss under those policies.”
Applying California law, until the legal obligations of the primary insurers have been determined and the excess policies triggered, an insured cannot sue excess carriers for breach of contract. One policy was triggered only if the total amount of underlying limits had been paid. And the other policy only provided coverage when the underlying limit of liability was exhausted by the underlying carriers paying or being held liable to pay. Such language demonstrated that the policies did not attach and no obligations arose.
FTC SETTLEMENT WITH HOTEL CHAIN PLACES CYBERSECURITY IN FOCUS
A recent settlement order proposed by the Federal Trade Commission (FTC) with a hotel chain and its subsidiary (the “hotel chain”) requires the hotelier to implement “a robust information security program.” The order would conclude a long-standing investigation by the FTC into three data breaches at the hotel chain from 2014 to 2020, which impacted over 344 million domestic and international customers.
Under the settlement order, the hotel chain would restore stolen loyalty reward points to members and provide customers with a way to request that their personal data be deleted. In a separate but related settlement, the hotel chain agreed to pay a $52 million civil penalty to 49 states and the District of Columbia to resolve allegations arising from its data security practices. The FTC lacks the authority to obtain civil penalties in this matter, but state Attorneys General worked closely with the FTC in its investigation.
Government regulators charged the hotel chain with misleading customers as to the caliber of its security measures, while failing to implement password management, firewall controls, regular patching of software, or segmentation of its network to prevent bad actors from moving from one business unit to another. The hotel chain is also alleged to have used outdated software and systems, maintained poor logs of network activity, and deployed multifactor authentication only sporadically.
During the data breaches, malicious actors obtained passport information, payment card numbers, loyalty numbers, dates of birth, email addresses, and other personal information from hundreds of millions of consumers, which the FTC’s proposed complaint contended was a direct result of the hotel chain’s lax data security measures.
Among other settlement terms, the hotel chain is expected to be transparent with customers about how their data is collected, stored, used, disclosed, and deleted. The companies must implement a policy to retain this information only for as long as necessary to fulfill its intended purpose. For the next 20 years, the hotel chain will also need to implement a comprehensive data security program and to certify compliance to the FTC on an annual basis. That data security program will also be subjected to an independent audit every other year.
The FTC is required to publish a description of the consent agreement package in the Federal Register, and it is subject to public comment for 30 days after publication before it can be finalized.
The Takeaway
The FTC continues to flex its muscle as an enforcer of consumer privacy, arguing that businesses who employ substandard cybersecurity gain an unfair advantage in the marketplace. Companies should ensure that their representations to customers around privacy accurately reflect the controls they have in place. Risk managers should also review their cyber insurance policies to confirm that the coverage for regulatory proceedings is fit for purpose.
Cyber Corner
THE RISING COSTS OF CYBER RECOVERY: COMPLEX SYSTEMS, COSTLY VENDORS AND REGULATORY SCRUTINY
In recent years, the cost of cyber incidents has risen dramatically, in large part due to increased recovery expenses involved in addressing cyber incidents. Additionally, those recovery costs have been attributed to various factors.
REGULATORS STEP UP DATA PRIVACY ENFORCEMENT: WILL YOUR CYBER INSURANCE RESPOND?
A major telecommunication company (the “Company”) recently settled with the Federal Communications Commission (the “FCC”), to address an investigation by the FCC into multiple data breaches.
NO COVERAGE UNDER CYBER POLICY FOR EMPLOYER’S UNAUTHORIZED USE OF BIOMETRIC DATA
Tonys Finer Foods Enters. Inc. v. Certain Underwriters at Lloyds London, No. 1-23-1712 (Ill. App. Ct. Sept. 10, 2024).
An Illinois court recently reversed a lower court’s holding that an insurer had a duty to defend a grocery chain company (the “Company”) in an underlying class action (the “Lawsuit”). The Lawsuit was initiated by former employees against the Company alleging its improper collection and disclosure of their biometric data without sufficient notice or consent, thus violating specific Biometric Information Privacy Act (“BIPA”) provisions.
Employment Corner
SCOPE OF WAGE AND HOUR VIOLATIONS EXCLUSION EXTENDS TO RELATED ERISA FIDUCIARY LIABILITY CLAIMS
Twin City Fire Ins. Co. v. Glenn O. Hawbaker, Inc., No. 24-1102 (3d Cir. Oct. 3, 2024).
A federal court recently affirmed a lower court’s decision that an Insurance Carrier (the “Carrier”) had no duty to defend a construction company (the “Company”) in two class action lawsuits (the “Lawsuits”) brought against the Company and its board of directors under the Fiduciary Liability section of the policy.
Securities Corner
SEC COMMISSIONERS CALL FOR MORE GUIDANCE ON RECORDKEEPING RULES
In recent years, the SEC has cracked down on financial firms and collected billions in civil fines for these firms’ recordkeeping failures regarding the use of off-channel communications to conduct business. Current recordkeeping rules have caused conflict within the SEC itself, with two commissioners calling for updated rules to match technological developments, more guidance for rule compliance, and less aggressive civil penalties.
SECURITIES CLASS ACTIONS SETTLEMENTS TREND HIGHER WHEN A DERIVATIVE LITIGATION TAGS ALONG
In a recent report released by Cornerstone Research, it was revealed that nearly half of the securities class actions settled between 2019 and 2023 were associated with a parallel (“follow-on”) derivative claim that featured the same or similar underlying allegations. Additionally, nearly half of all federal derivative filings between this time were filed in either the District of Delaware, Southern District of New York, or Northern District of California.
|
Director/Officer |
Role |
Company |
|
Louis Hernandez, Jr. |
CEO |
Black Dragon Capital, LLC |
|
Marg Patel & Robert Horowitz |
CEO & CFO |
Medly Health Inc. |
|
Charles E. Jones |
Former CEO |
FirstEnergy Corp. |
|
Paul D. Roberts |
CEO & President |
Kubient Inc. |
|
Baba Nadimpalli |
Co-Founder & CEO |
SKAEL Inc. |
|
Christopher Beals & Arden Lee |
Former CEO & Former CFO |
WM Technology, Inc. |
|
Remi Barbier |
Former CEO |
Cassava Sciences, Inc. |
|
Director/Officer |
Role |
Company |
|
Louis Hernandez, Jr. |
CEO |
Black Dragon Capital, LLC |
|
Marg Patel & Robert Horowitz |
CEO & CFO |
Medly Health Inc. |
|
Charles E. Jones |
Former CEO |
FirstEnergy Corp. |
|
Paul D. Roberts |
CEO & President |
Kubient Inc. |
| Baba Nadimapalli | Co-Founder & CEO | SKAEL Inc. |
| Christopher Beals & Arden Lee | Former CEO & Former CFO |
WM Technology, Inc. |
| Remi Barbier | Former CEO | Cassava Sciences, Inc. |
SEPTEMBER 2024 NOTEWORTHY SETTLEMENTS AND JUDGMENTS
|
Amount |
Director/Officer |
Role |
Company |
|
$2,400,000 |
Abraxas DiScala |
CEO & President |
CodeSmart, Inc. |
|
$7,216,801 |
Kris A. Swaffer & Sean K. Williams |
President & COO |
POHIH, Inc. |
|
$499,909 |
Matthias O'Meara |
Officer |
Choice Advisors, LLC |
| $150,000 | Lionel Selwood, Jr. | Former CEO | Romeo Power, Inc. |
| $175,000 | James R. Craigie | Former CEO | Church & Dwight Co. Inc. |
|
Amount |
Director/Officer |
Role |
Company |
|
$2,400,000 |
Abraxas DiScala |
CEO & President |
CodeSmart, Inc. |
|
$7,216,801 |
Kris A. Swaffer & Sean K. Williams |
President & COO |
POHIH, Inc. |
|
$499,909 |
Matthias O'Meara |
Officer |
Choice Advisors, LLC |
|
$150,000 |
Lionel Selwood, Jr. |
Former CEO |
Romeo Power, Inc. |
|
$175,000 |
James R. Craigie |
Former CEO |
Church & Dwight Co. Inc. |
Source: U.S. Securities and Exchange Commission
https://www.sec.gov/litigation/admin.htm
Source: Stanford Law School Securities Class Action Clearinghouse
ABOUT ALLIANT INSURANCE SERVICES
Alliant Insurance Services is the nation’s leading specialty broker. In the face of increasing complexity, our approach is simple: hire the best people and invest extensively in the industries and clients we serve. We operate through national platforms to all specialties. We draw upon our resources from across the country, regardless of where the resource is located.
Contributors
Abbe Darr, Esq.
Claims Attorney
abbe.darr@alliant.com
David Finz, Esq.
Claims Attorney
david.finz@alliant.com
Isabel Arustamyan, Esq.
Claims Attorney
isabel.arustamyan@alliant.com
Jacqueline Vinar, Esq.
Claims Attorney
jacqueline.vinar@alliant.com
Jaimi Berliner, Esq.
Claims Attorney
jaimi.berliner@alliant.com
Karina Montoya, J.D.
Claims Advocate
karina.montoya@alliant.com
Malia Shappell, Esq.
Claims Attorney
malia.shappell@alliant.com
Michael Radak, Esq.
Claims Attorney
michael.radak@alliant.com
Naomi Egwakhide Oghuma, J.D.
Claims Advocate
naomi.egwakhideoghuma@alliant.com
Peter Kelly, Esq.
Claims Attorney
peter.kelly@alliant.com
Robert Aratingi
Senior Claims Advocate
robert.aratingi@alliant.com
Steve Levine, Esq.
Claims Attorney
slevine@alliant.com