BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.
To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.
To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.
In what may be the first court rulings focused on cyber insurance, the U.S. District Court in Phoenix held in P.F. Chang's China Bistro Inc. v. Federal Insurance Co. that the Chubb Ltd. unit did not have to reimburse the Scottsdale, Arizona-based company $1.9 million in costs for a 2014 data breach.
The restaurant chain had entered into a master service agreement with Charlotte, North Carolina-based Bank of America Merchant Services L.L.C. to process credit card payments made to by P.F. Chang's customers.
Following the breach, MasterCard imposed three assessments on the Bank of America unit totaling $1.9 million, which the restaurant chain reimbursed in April 2015. P.F. Chang's sued after Federal Insurance denied coverage for the assessments.
The cyber coverage included a clause that provided that Federal Insurance would pay for any claim first made against the insured for injury. Federal Insurance successfully argued the clause was not applicable to its policy because the payment processing unit itself had not sustained an injury.
The court also held Federal Insurance was not obligated to indemnify P.F. Chang's for the assessments because of policy exclusions “that bar coverage for contractual obligations an insured assumes with a third party outside of the policy.” The court held P.F. Chang's agreement with the processing unit met the criteria “and thus triggers the exclusions.”
Federal Insurance did reimburse the restaurant chain for more than $1.7 million for costs incurred from the security compromise, including forensic investigation and defense costs.
Policyholders should be aware of potential gaps in their cyber insurance as standardized language is still in the early stages of development and policies can vary greatly in what they do and do not cover.