On Tuesday, the U.S. District Court for the District of New Jersey granted Travelers’ motion to dismiss Posco Daewoo America Corporation’s suit for coverage under the computer fraud provision of its crime insurance policy. Distinguishing itself from precedent like Medidata, Principal Solutions Group, Apache and American Tooling Center, Daewoo did not seek coverage for money fraudulently transferred or stolen from its own accounts. Instead, Daewoo sought coverage for amounts that had been designated for payment to Daewoo by a third party supplier, Allnex, and stolen from Allnex after a criminal impersonated a Daewoo employee. The Court held that the crime policy did not cover the lost sums because Daewoo did not “own” the money stolen from Allnex.
The Court did not reach the parties’ conflicting positions on whether Daewoo experienced a “direct loss” under the policy – which has been the primary point of dispute in prior legal battles over the meaning of “computer fraud” coverage. But the Court left open the door for a favorable opinion, noting that New Jersey precedent interprets the word “direct” as requiring “proximate cause.” The decision also does not attempt to reconcile the ownership issue with policy language extending coverage to both “direct loss of, [and] direct loss from damage to, money, securities, and other property directly caused by computer fraud.” In the case of Daewoo’s loss, while the loss may not have been a “direct loss of” Daewoo’s money as a result of computer fraud, it does appear that Daewoo experienced a “direct loss from damage to . . . other property” (i.e., Allnex’s hacked computer system).
Daewoo has 30 days to amend its complaint. But, even if Daewoo is able to overcome the “ownership” hurdle to coverage, its challenges will be far from over. As we’ve reported in earlier blog posts, courts are split on whether “computer fraud” coverage is intended to cover social engineering losses. The nature of the criminal scheme, the policy’s definitions and exclusions, and venue will each decide whether its next complaint survives. For more on these factors, check out our article in Risk Management (published yesterday), titled “Will Your Crime Insurance Cover Cyber?,” which provides a comprehensive discussion of crime coverage for social engineering losses.