Have you honestly read your "computer fraud" or "cyber insurance" policy? Chances are, if you did, you probably would not understand the wording and if you are really covered. Here is an example of wording:
F. Computer Crime
1. Computer Fraud
The Company will pay the Insured for the Insured's direct loss of or direct loss due to damage to money, securities and other property directly caused by Computer Fraud.
Do not worry because these types of provisions are very ambiguous; and are likely created in this way intentionally. Jurisdictions across the country struggle with and interpret regulations on computer fraud in this way in different ways.
If you are covered by computer fraud, you will almost always find, in the definition section of your insurance, more vague definitions of what exactly is "computer fraud." These definitions can look like:
E. Computer fraud means:
The use of any computer to fraudulently cause the transfer of money, securities or other property from within premises or financial institutions:
1. to a person (other than Messenger) outside the premises or premises of financial institutions; or
2. to a location outside the premises or premises of financial institutions
One of the most important cases for what constitutes "computer fraud" is, American Tooling Center v. Travelers Casualty & Surety Company of America . 1 In this American Sixth Circuit Court of Appeals case, the court dealt with this very type of ambiguous computer fraud. The scenario presented was one in which an impersonator / hacker infiltrated the insured's e-mail server, sent the insured fraudulent e-mails using a computer, which in turn fraudulently led to the insured transferring money to the imitator.
When the insured tried to recover under Försäkringsbolaget provided computer fraud and denied the claim, claiming that the facts did not constitute computer fraud. More specifically, the insurance company did not question the transfer of money from the plaintiff's bank to a person, but rather that the definition of computer fraud required that a computer 'fraudulently caused the transfer. . . [meaning that] it is not enough to just use a computer and have a transfer as it is fraudulent. " 2
In support of this argument, the insurer cited a ninth circuit case, Pestmaster Services v. Travelers Casualty & Surety Company 3 in which the court stated that" Travelers could have formulated this language narrower ", but" [b] because computers are used in almost all business transactions, reading this provision to cover all transfers involving both computer and fraud at some point in the transaction would transform this criminal policy into a "General Fraud Policy". 4 The court in Pestmaster could be distinguished from Am. Tools mainly due to the difference in facts. but in principle it can be distinguished on its facts.In that case, Pestmaster would have hired Priority 1 Resource Group to manage its payroll tax services and granted Priority 1 electronic access to their bank account. Priority 1 was then authorized to transfer money from Pestmaster's bank account to its own account and from there it was to pay Pestmaster's payroll tax. The fraud occurred when Priority 1 did not pay the taxes and kept the money instead. Thus, in Pestmaster, everything that happened using the computer was legitimate and deceptive behavior occurred without the use of a computer. before the court, the court ruled that because the scenarios were so different (authorized party of the principal fraudulently transferring the principals' money to himself against authorized party of the principal as fraud of a third party hacker and fraudulent transfer of money to third party), that this situation should in mainly constitute prima facie computer fraud, which would then be subject to a computer fraud provision. a computer and these emails fraudulently caused ATC to transfer the money to the imitator. And the policy definition does not require, as travelers claim, that fraud "causes any computer to do anything." Passengers' attempts to limit the definition of "Computer Fraud" to hacking and similar behaviors in which a malicious party in some way gains access to and / or controls the insured's computer are not well-founded. If travelers had wanted to limit the definition of computer fraud to such criminal behavior, it could have done so. Because travelers did not, third-party fraudulent systems in this case constitute "Computer Fraud" as defined in the policy. 6
Am. Tooling the court's decision sheds light on how a court can interpret the provision on computer fraud. While the Court Pestmaster was concerned that its analysis could in turn "over-broaden" the scope of provisions on computer fraud, Am. Tooling court set foot and ruled that a scenario with a hacker infiltrating a company's email database is in fact computer fraud.
* It must also be noted that Am. The Tooling Court also noted one of the most popular rules in contract / insurance law: ambiguity is interpreted against the draftsman. Thus, this traditional rule of contract further diminished the defendant's insurer's argument, as the Court held that this type of general computer fraud was clearly ambiguous to the point where both sides had completely different interpretations of the scope of coverage. a black and white situation where the provision is to be interpreted against the client (the insurer).
1 Am. Tooling Ctr., Inc. v. Travelers Cas. and Sur. Co. of Am. 895 F.3d 455, 461 (6th Cir. 2018).
2 Am. Tooling Ctr. at 461.
3 Pestmaster Services, Inc. v. Travelers Cas. & Surety Co. of Am. No. 14-56294, 656 F. App & # 39; x 332 (9th Cir. 29 July 2016).
4 Am. Tooling Ctr. Inc. at 461.
5 Id. (Quotations omitted).
6 Id. at 462 (citations omitted).