A California state court recently dismissed an excess of insurer's attempt at an early exit from litigation over whether it owes coverage for cyber liabilities. In that case (previously summarized here), the policyholder, Cottage Health suffered a data breach resulting in the disclosure of patients' private medical information. Subject to a reservation of rights, Cottage Health's primary insurer, Columbia Casualty, paid millions of dollars to help respond to the data breach and to defend and settle a class action lawsuit filed against Cottage Health. Cottage Health's excess insurer was Lloyd's.
Lloyd's moved to dismiss the claims against the arguing that its coverage bonds had not been triggered since the $ 1
First, Lloyd's failed to establish that the primary limits were, in fact, not exhausted. Second, Lloyd's did not show that applicable primary limits were actually $ 10 million. Instead, Lloyd's had stated that there was coverage under the primary Columbia policy, to the full extent of its stated limits and that coverage under the Columbia Policy is not subject to limitation. ”
The court also refused to dismiss the policyholder's claim for declaratory relief against Lloyd's. It explained that, in addition to the deficiencies above, exhaustion of underlying limits was not necessary to create an actual controversy between a policyholder and its excess insurer.
We will continue to keep our readers updated on this case, which thus is one of only a handful of active cases involving a dispute under policies designed to cover cyber risks and liabilities. More are sure to follow.