Read Time:2 Minute, 5 Second
A recent decision by the Federal Court, Inchcape Australia Ltd. vs. Chubb Insurance Australia Ltd [2022] FCA 883, determined that coverage for losses resulting from the destruction or damage of data only extends to the cost of replacing the data. It does not cover the full range of consequential losses incurred by the policyholder.
Inchcape, a company that deals in automotive distribution, retail, and logistics, filed a claim for damages under Chubb’s Financial Institutions Electronic and Computer Crime Policy (the Policy) after they experienced a ransomware attack. The ransomware attack resulted in its data encryption, deletion of backups, installation of malware on computers, and publication of its information on the “dark web.”
“It is not any ‘loss’ which is covered. It is only ‘direct financial loss,” says Justice Jayne Jagot.
Inchcape suffered different costs in investigating and responding to the cyber assault, repairing or replacing hardware, software, and data, and manually processing orders while its computer systems were under restoration. According to the federal court’s ruling, the victim made the expenses of their own choice, which are not a direct result of the attack and falls outside the insurance policy.
Under the insurance contract that Inchcape Australia has with Chubb Insurance Australia, only a tiny portion of expenses related to “blank media” and the transfer of data onto that media are claimable. Hardware repair, the costs of investigating the ransomware attack and avoiding other impacts, are not evident costs that would necessarily have been borne by every insured in the same circumstances, according to the court.
Like in every court case, the outcome mainly depends on the parties, the case’s facts, and the insurance contracts’ precise terms.
A significant portion of the case concentrated on the insurance policy’s precise wording, including its limited coverage of cyber incidents and the categories of costs that were classified as included or excluded.
Defining the meaning of the phrase “direct financial loss resulting directly from,” which constantly appears in the insurance policy conditions as a limitation on the insurer’s liability, was essential to the case.
The ruling highlights the significance of carefully reviewing the terms of cyber insurance plans before the purchase to avoid having to dispute coverage after a loss has happened. In this scenario, the cyber Policy was similar to property damage coverage and did not specifically cover business disruption.
Wotton + Kearney Partner Kieran Doyle asserts, “It’s a core principle of insurance that you’re indemnified for losses, and usually not for getting something better than what you had before.”
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
