Sean Quinn, Ph.D, J.D., Etc.
Tech E&O, Network Security, Internet Media and MPL Insurance Policy
Insuring Agreement I.G: DIGITAL ASSET EXPENSES COVERAGE
* * * * * *
There are several important points to note in this definition. First, the Insurer has an obligation to reimburse. Technically, under the wording of the contract, this means the Insured has to spend the money before it collects from the insurer. The Insured‘s right to reimbursement only for covered spending. Thus, the Insurer probably has a right to “observe,” “monitor,” and maybe even to some degree “regulate”expenditures. [The words in quotes are mine, not those of the policy.] Of course, any such regulation must be reasonable and necessary.
The rights of the insurer and the insured parties to the contract may conflict on this and–of course–other matters. One area disputes in this area might develop is over the need for forensic investigation; carriers may sometimes assert that one is enough; while the insured may assert that it has a right to pick its own investigator.
Second, it is the Company and not the Insured that is covered in I.G. Of course, the Company is part of the Insured, but it is not the only one; the others are individuals and they are named as Insureds here. Probably that is because it is the Company that will be incurring the expenses that are covered.
Third, the term “direct” is in I.G twice. Hence, there must be two direct, as opposed to indirect, causation’s. First, the covered expenses must directly result from a covered incident to which the covered Digital Assets were subjected. Second, the expenses must directly result from the corruption [etc.] of the Digital Assets.
(The reader might use the following images to get an idea of required directness. Suppose Obama sends a diplomatic message to Putin. He might hand it to him. That’s obviously direct. The U.S. Secretary of State might tell him or hand him a note. Is that direct? If Obama “wires” it; and the document is decoded; the Russian Foreign Secretary picks it up, reads it, and hands it along; maybe with a memo; Is this “direct”? Are there degrees of directness? If so, how does this handle back-and-forth arguments about claims?) See Retail Ventures Inc. v. National Union Fire Insurance of Pittsburgh, PA., 691 F.3d (6th Cir. 2012)
Of course, as already said, there are many other definitions, some of which are complex right on their surfaces and some of them involve other “sub-definitions,” and they may be quite complex. Many other cyber policies are like this. The reader has been warned.
The place to begin to sketch the other key portions of this agreement I.G is with the idea of–the definition of–a Digital Asset:
“Digital Assets means Electronic Data, Software, audio files, and image files stored on the Company’s Computer System.” (And then is a list of what is not within the definition, e.g., some pieces of paper, “unless they have been converted to Electronic Data, and then only in that form.”) The main themes of the definitions within this definition are predictable, although there may be sub-surface subtleties; all such components will be subject to endless dispute.
The other key definition is Digital Asset Expenses:
The phrase Digital Asset Expenses, as one might expect, to what it costs to replace or restore Digital Assets that has been injured in specified ways “corruption or deletion as the direct result of a Network Security Incident. Of course the expenses must be “reasonable and necessary.” These Expenses include “disaster recovery and or computer forensic investigation efforts[.]” In addition, the replacement or restoration must be done in specified ways, e.g., solid records or other (to some extent) matching Electric Data.
There are no exclusions uniquely applicable to this insuring agreement and its definitions. The definitions more or less are taken from the language of definitions found in policies, designed for the so-called “real world” apply, of course, as to the definitions formulated for all–or many–of the sections
Originally posted on 10/02/2013 @ 8:09 pm