Stewart Smith Counsel Nace Naumoski was tapped by Law360 to comment in the article, “Ransomware Victims’ Coverage Hopes Surge with Ind. Ruling,” about the recent Indiana Supreme Court decision that reversed lower courts’ decisions in the ransomware case, G&G Oil Co. of Indiana v. Continental Western Insurance. The focus of the debate in this decision is whether G&G’s ransomware payments should have triggered the computer fraud provision in its commercial crime policy, which extends coverage only for losses “resulting directly from the use of any computer to fraudulently cause a transfer of money.” The Law360 article further explains that “the state high court opined that not every ransomware attack is necessarily fraudulent,” noting that a hacker can easily break into a company’s network without resorting to trickery if the company failed to set up an adequate security system.
According to Nace, this decision injects more confusion and uncertainty into the debate surrounding coverage for ransomware attacks and other cyber incidents by inserting the word “trickery,” which is not a common term used in insurance policies, into the standard for determining coverage. This creates more ambiguity for both the insurance industry and policyholders. He shared that buying a cyber policy is a more effective and prudent way to protect companies from cyberattacks: They help prevent attacks by encouraging insureds to examine and correct their vulnerabilities in the underwriting stage, and cyber policies are written specifically for these types of claims.
Nace, an insurance coverage attorney who handles cyber security and data privacy, and complex civil and criminal litigation, also weighed in on a recent Law360 article about new guidelines issued by New York’s insurance regulator.