- Acumen Powered by Robins Kaplan LLP®
- Affirmative Recovery
- American Indian Law and Policy
- Antitrust and Trade Regulation
- Appellate Advocacy and Guidance
- Business Litigation
- Civil Rights and Police Misconduct
- Class Action Litigation
- Commercial/Project Finance and Real Estate
- Corporate Governance and Special Situations
- Corporate Restructuring and Bankruptcy
- Domestic and International Arbitration
- Entertainment and Media Litigation
- Health Care Litigation
- Insurance and Catastrophic Loss
- Intellectual Property and Technology Litigation
- Mass Tort Attorneys
- Medical Malpractice Attorneys
- Personal Injury Attorneys
- Telecommunications Litigation and Arbitration
- Wealth Planning, Administration, and Fiduciary Disputes
Acumen Powered by Robins Kaplan LLP®
Ediscovery, Applied Science and Economics, and Litigation Support Solutions
-
October 10, 2024Michael Collyard and Ronald Schutz Named to Minnesota Lawyer’s Power 30: Business Litigation List
-
October 9, 2024Michael Geibelson Named to Daily Journal’s Top Trade Secrets Lawyers
-
October 8, 2024Robins Kaplan Partners Named Women Worth Watching in Leadership
-
October 20, 2024License Agreement Disputes:
-
October 21, 2024How Much Did We Invest in AI?
-
October 22, 2024Justice for All: Minnesota's Civil Legal Aid and Pro Bono Landscape
-
September 2024Meet Our New Partner and Trial Advocacy Seminar Keynote Speaker: B. Todd Jones
-
September 2024Q&A with Alan Harter, Founder of Pactolus Private Wealth Management
-
August 2024Recruiting & Retaining Diverse Attorneys: Building an Inclusive Legal Profession
-
September 16, 2022Uber Company Systems Compromised by Widespread Cyber Hack
-
September 15, 2022US Averts Rail Workers Strike With Last-Minute Tentative Deal
-
September 14, 2022Hotter-Than-Expected August Inflation Prompts Massive Wall Street Selloff
Find additional firm contact information for press inquiries.
Find resources to help navigate legal and business complexities.
Ransomware Attack Results in Covered Physical Loss or Damage
A Maryland federal court examines a coverage dispute regarding whether an insured had experienced a covered loss to its computer system following a ransomware attack.
Spring 2020
As cyberattacks increase and coverage lawsuits make their way through the judicial system, policyholders have increasingly asked courts to broadly construe policy language to provide coverage for such events. In January 2020, a federal district court in Maryland found that the loss of data and software, as well as impaired functionality of a computer system due to a ransomware attack, qualified as direct physical loss or damage under a businessowners policy.1 It remains to be seen whether the insurer will appeal the novel ruling and if other courts will follow suit.
National Ink and Stitch, LLC v. State Auto Property and Casualty Insurance Company
At issue in this coverage dispute was whether the insured had experienced “direct physical loss of or damage” to its computer system following a ransomware attack. The insured, National Ink and Stitch, operated an embroidery and screen-printing business that used a computer server to store art and designs for its products, as well as different types of software.
In December 2016, National Ink’s server and network computers were subject to a ransomware attack that blocked the insured’s access to data on the server and most of the software programs. The hacker demanded payment in exchange for releasing the software and data. After receiving payment, however, the hacker refused to release the system and demanded more. National Ink hired a security company to replace the original software and install protective software that resulted in a slower and less efficient system. Despite these efforts, a residual, dormant ransomware virus likely remained in the system. Given the risk of further infection, National Ink purchased an entirely new server and related components.
National Ink brought a claim under its businessowners policy with State Auto Property and Casualty Company for the cost of replacing its computer system. The policy provided coverage for “direct physical loss of or damage to Covered Property . . . caused by or resulting from any Covered Cause of Loss.” The policy also included a Special Form Computer Coverage Endorsement that defined “Covered Property” to include “Electronic Media and Records (Including Software). This endorsement further defined “Electronic Media and Records” as:
(a) Electronic data processing, recording, or storage media such as films, tapes, discs, drums or cells; and
(b) Data stored on such media.2
State Auto denied the claim on the basis that National Ink did not experience “direct physical loss” to covered property. State Auto reasoned that National Ink could still operate its computer system and had only lost data, an intangible asset. National Ink argued that: (1) the policy language includes data and computer software as property that may be subject to “direct physical loss,” and (2) the computer system itself was damaged by the loss of functionality.
The district court granted National Ink’s motion for summary judgment, finding that the policy did not limit coverage to “tangible property” and instead “contemplates that data and software are covered and can experience ‘direct physical loss or damage.’”3 Separately, the court rejected State Auto’s argument that the repaired computer system was not damaged because it continued to function, noting that the policy language covers both “physical loss” and “damage to” the software and data. The court concluded that the impaired functionality of the slower and likely still infected computer system was sufficient, by itself, to trigger coverage under the policy.4
Why It Matters
Ransomware attacks are on the rise and increasingly target organizations and municipalities, causing widespread and substantial damage. According to a report from Cybersecurity Ventures, the estimated damage from ransomware attacks was to exceed $11.5 billion in 2019.5 A “Cyber Threat Landscape Report” by Deep Instinct found that the average estimated cost of an attack was $141,000, a substantial increase from the $46,800 average in 2018.6 As reported by the New York Times, the FBI’s Cybersection Chief views ransomware attacks as “one of the most serious cybercriminal problems we face right now.”7
Against this backdrop, policyholders may increasingly seek coverage following ransomware attacks under policies that were not intended to provide such coverage. Depending on the circumstances, insureds may view National Ink as providing a path forward for their claims. It remains to be seen whether State Auto will appeal and if other courts will find the decision compelling and follow suit. The opinion may, however, be limited in its application given the specific language in the policy’s computer coverage endorsement.
1 National Ink and Stitch, LLC v. State Auto Property and Casualty Insurance Company, No. SAG-18-2138 (D. Md. Jan. 23, 2020).
2 Id. at 2-3.
3 Id. at 5.
4 Id. at 11.
5 CYBERCRIME MAGAZINE, GLOBAL RANSOMWARE DAMAGE COSTS PREDICTED TO HIT $11.5 BILLION BY 2019 (Nov. 14, 2017), available at https://cybersecurityventures.com/ ransomware-damage-report-2017-part-2/
6 DARK READING, RANSOMEWARE DAMAGE HIT $11.5B IN 2019 (Feb. 20, 2020), available at https://www.darkreading.com/attacks-breaches/ransomware-damage-hit-%24115b-in-2019/d/d-id/1337103
7 NEW YORK TIMES, RANSOMEWARE ATTACKS GROW, CRIPPLING CITIES AND BUSINESSES (Feb. 9, 2020), available at https://www.nytimes.com/2020/02/09/technology/ ransomware-attacks.html
The articles on our website include some of the publications and papers authored by our attorneys, both before and after they joined our firm. The content of these articles should not be taken as legal advice. The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the views or official position of Robins Kaplan LLP.
Related Professionals
Related Publications
Related News
If you are interested in having us represent you, you should call us so we can determine whether the matter is one for which we are willing or able to accept professional responsibility. We will not make this determination by e-mail communication. The telephone numbers and addresses for our offices are listed on this page. We reserve the right to decline any representation. We may be required to decline representation if it would create a conflict of interest with our other clients.
By accepting these terms, you are confirming that you have read and understood this important notice.