Photo of Shelby Guilbert

The SEC public company cyber disclosure rule raises issues that companies should consider in reviewing existing insurance coverage and in assessing overall risk. 

The SEC recently adopted a new cybersecurity disclosure related rule (the “SEC Cyber Disclosure Rule”)[1] in response to increasing risks associated with cyber incidents and a perceived need for investors to receive more fulsome corporate disclosures about cybersecurity risks, governance, and material incidents.  In prior efforts to improve consistency and accuracy of public company cybersecurity risk disclosures, the SEC issued interpretive guidance explaining how cybersecurity risk and incidents should be communicated based on long-standing requirements to periodically—and as needed—disclose material information to shareholders.[2]  But in spite of this guidance, in the SEC’s view corporate disclosure practices remained inconsistent, under-disclosure persisted, and investors lacked consistent information by which they could evaluate public companies’ cybersecurity risk.  In July 2023, the SEC adopted the SEC Cyber Disclosure Rule, which mandated new disclosures among other things, and which became effective in December 2023.Continue Reading The SEC’s Cybersecurity Incident, Governance, and Management Reporting Requirements: What you Need to Know to Avoid Cyber and D&O Coverage Gaps

In March last year, New York’s Appellate Division – First Department issued Xerox an important pro-policyholder decision in its D&O insurance recovery action against Travelers, arising from Xerox’s failed 2018 merger with Fujifilm.  In a thoughtful order, the court issued three key pro-policyholder rulings that: (1) reinforce the rule that the words “arising from” when used in policy exclusions should be narrowly construed under New York law; (2) recognize that an insurer who shows bad faith indifference to its policyholder’s rights may be held liable for a breach of the duty of good faith and extracontractual damages under New York law; and (3) held that the reasonableness of an underlying settlement is  an issue of fact that should go to the jury.  A copy of the Court’s decision is available here.Continue Reading Xerox Obtains Important Pro-Policyholder Decision in New York’s First Department, Adopting Narrow Construction of “Arising From” Exclusions and Confirming That Insurers Who Show Indifference to Policyholders’ Rights May Be Liable for Bad Faith in New York

Last week, the North Carolina Supreme Court issued its long-awaited ruling in North State Deli, LLC v. The Cincinnati Insurance Company, siding with a group of North Carolina restaurants that sought business interruption insurance for losses they sustained because of the COVID-19 pandemic.  Specifically, the court held that those restaurants sustained “direct physical loss” to property, as that phrase is used in their commercial property policies, when COVID-19 government orders restricted the restaurants’ use of and access to their property, resulting in the suspension of their operations and the loss of income.  In reaching this holding, the Supreme Court of North Carolina joined the Supreme Court of Vermont as the only other state supreme court to have ruled in favor of policyholders on the question of COVID-19 business interruption insurance coverage. Continue Reading North Carolina Supreme Court Unlocks the Door to COVID-19 Business Interruption Coverage, Holding that Pandemic-Era Restrictions on Use of Property Constitute “Direct Physical Loss” to Property

A recent decision by a federal court in the Eastern District of New York illustrates how directors and officers (“D&O”) policies can provide valuable insurance coverage for defense costs and potential liabilities arising from False Claims Act (“FCA”) litigation.  In Northern Metropolitan Foundation for Healthcare, Inc. v. RSUI Indemnity Company, Case No. 20-CV-2224 (EK)

Hurricane Helene made landfall in Florida on September 26, 2024, eventually making its way up to western North Carolina where it caused unprecedented damage. The estimated costs associated with these damages grow daily, with AccuWeather currently estimating losses between $145 and $160 billion. Earlier this week, we issued an alert with general tips policyholders should consider when pursuing insurance claims for hurricane-related losses. As damage reports continue to come in from portions of western North Carolina that have been cut off from regular communications, we are updating our guidance for North Carolina policyholders.Continue Reading Tips for Pursuing Insurance Claims and Disaster Relief Funding in North Carolina After Hurricane Helene

RELATED UPDATE: Tips for Pursuing Insurance Claims and Disaster Relief Funding in North Carolina After Hurricane Helene (October 3, 2024)

Hurricane Helene made landfall on Thursday, September 26, 2024, carrying catastrophic 140 mph winds as the first known Category 4 storm to hit Florida’s Big Bend region since records began in 1851. By Friday, Hurricane Helene’s effects could be felt through Georgia, South Carolina, North Carolina, Tennessee, and Virginia, with numerous fatalities and significant property damage and power outages reported across the entire southeastern United States. Flooding from the storm resulted in highway and road closures throughout the region, including Interstate 40 in North Carolina, and multiple dams in Tennessee and North Carolina were on the brink of failure before stormwaters began to subside.Continue Reading Tips to Maximize Insurance Recoveries for Hurricane Helene Property Damage and Business Interruption Losses

Following record-shattering data breaches, there has been a major push for increased transparency and regulation in the insurance industry regarding consumer data privacy. With an increase in consumer data collection, the threat of ransomware attacks can expose companies to potential litigation or regulatory action if not handled properly.

Read on to learn about the National

On March 26, a containership struck the Francis Scott Key Bridge in Baltimore, Maryland, resulting in the collapse of the highway infrastructure and tragic loss of life.[i]  As communities grieve the loss of their loved ones, businesses around the world are grappling with the economic fallout, including significant supply chain disruptions.  The closure of I-695, which provides an alternate route for hazardous materials and oversized vehicles that are prohibited from going through the Baltimore Harbor Tunnel, has created a gridlock for companies with distribution warehouses nearby.[ii]  The many ships stuck at the Port of Baltimore blockage, which is the top port in the nation for automobile shipments, is likely to create a ripple effect for other ports worldwide.[iii]Continue Reading Insurance Recovery for Businesses Impacted by the Francis Scott Key Bridge Collapse

Last week, Merck & Co. filed documents with the Supreme Court of New Jersey indicating that it reached a settlement with its “all risk” property insurers in a long-running coverage dispute involving over $1.4 billion in losses stemming from a 2017 NotPetya cyberattack that impacted tens of thousands of Merck computers. The coverage litigation, Merck & Co. v. ACE American Insurance Co., focused on the key question of whether the policies’ “hostile/warlike” exclusion applied to the NotPetya attack, which some intelligence agencies have attributed to Russian government attempts to destabilize Ukraine. The settlement was announced just a few days before the New Jersey Supreme Court was set to hear oral arguments during an appeal of the New Jersey state appeals court’s affirmance of a 2021 trial court ruling in Merck’s favor. Merck’s insurers had argued that Merck’s losses were barred by a war exclusion, but the New Jersey trial court found that the exclusion did not apply to malware and cyberattacks and instead was intended to apply only to physical acts of warfare between the armed forces of two or more countries. The terms and the amount of the settlement have not yet been disclosed.Continue Reading Merck-Settlement of $1.4 Billion Coverage Dispute Over NotPetya Cyberattack Places Renewed Spotlight on War Exclusions in 2024

With bank stability and the related stock market rout now dominating the headlines for the first time since the 2008 financial crisis, are financial institutions’ D&O and bankers’ professional liability / E&O (“BPL”) liability policies ready to help backstop coverage, or potentially full of holes?  Coming out of a hard market where insurers carefully and quietly pulled back some policy enhancements over the course of several years, now is the time for financial institutions to review their insurance policies to identify and fill any significant gaps and holes in their executive risk coverages.  The last two weeks demonstrate that financial institutions, as well as their directors and officers, face the risks of receivership, government investigations, securities lawsuits, and personal liability following a bank failure or stock rout in the face of financial stability concerns.  Continue Reading Financial Institutions and Bank Directors and Officers in the Crosshairs – Are Their Insurance Policies Really Primed and Ready?