In one of the first decisions of its kind (in the cyber insurance space), the District Court of Utah has determined in Travelers Property Casualty Company of America, et al. v. Federal Recovery Services, Inc., et al (Case No. 2:14-CV-170 TS) that cover under a cyber insurance policy was not triggered by a suit arising from the alleged misuse of data by Federal Recovery Services Inc (“FRS“), a data storage and processing company.
FRS had entered into an agreement with Global Fitness Holdings LLC (“GFH“) (a fitness centre operator) to provide member account and fee processing services. GFH brought a suit against FRS alleging that it knowingly withheld data that it was to provide for a corporate transaction until demands made by FRS were met.
FRS sought to make a claim under a cyber policy for the suit, which was challenged by the insurer. In determining that the cyber policy did not apply, the Court held that the policy covered claims arising from acts, errors or omissions of FRS, whereas the present suit arose from alleged wilful conduct by FRS and so did not fall within the terms of the policy.
The decision (once again) highlights the importance for insurers, insureds and brokers to ensure they consider the risks to be covered under a policy. In this respect the decision should provide some comfort to insurers that the terms of the policy will still dictate the extent of cover, even in the emerging and complex cyber insurance area.
We expect a similar approach to the application of cyber insurance policies to claims will be taken in Australia.