A recent decision by the Federal Court, Inchcape Australia Ltd. vs. Chubb Insurance Australia Ltd [2022] FCA 883, determined that coverage for losses resulting from the destruction or damage of data only extends to the cost of replacing the data. It does not cover the full range of consequential losses incurred by the policyholder.
Inchcape, a company that deals in automotive distribution, retail, and logistics, filed a claim for damages under Chubb’s Financial Institutions Electronic and Computer Crime Policy (the Policy) after they experienced a ransomware attack. The ransomware attack resulted in its data encryption, deletion of backups, installation of malware on computers, and publication of its information on the “dark web.”
“It is not any ‘loss’ which is covered. It is only ‘direct financial loss,” says Justice Jayne Jagot.
Inchcape suffered different costs in investigating and responding to the cyber assault, repairing or replacing hardware, software, and data, and manually processing orders while its computer systems were under restoration. According to the federal court’s ruling, the victim made the expenses of their own choice, which are not a direct result of the attack and falls outside the insurance policy.
Under the insurance contract that Inchcape Australia has with Chubb Insurance Australia, only a tiny portion of expenses related to “blank media” and the transfer of data onto that media are claimable. Hardware repair, the costs of investigating the ransomware attack and avoiding other impacts, are not evident costs that would necessarily have been borne by every insured in the same circumstances, according to the court.
Like in every court case, the outcome mainly depends on the parties, the case’s facts, and the insurance contracts’ precise terms.
A significant portion of the case concentrated on the insurance policy’s precise wording, including its limited coverage of cyber incidents and the categories of costs that were classified as included or excluded.
Defining the meaning of the phrase “direct financial loss resulting directly from,” which constantly appears in the insurance policy conditions as a limitation on the insurer’s liability, was essential to the case.
The ruling highlights the significance of carefully reviewing the terms of cyber insurance plans before the purchase to avoid having to dispute coverage after a loss has happened. In this scenario, the cyber Policy was similar to property damage coverage and did not specifically cover business disruption.
Wotton + Kearney Partner Kieran Doyle asserts, “It’s a core principle of insurance that you’re indemnified for losses, and usually not for getting something better than what you had before.”
More Stories
Killnet and AnonymousSudan Collaborate to Launch Cyber Attacks on Western Organisations
In recent news, it has been reported that two Russia-sympathetic hacktivist groups, Killnet and AnonymousSudan, have allegedly launched a series...
$4000 Gone In An Instant: Mother Defrauded in Facebook Marketplace Car Deal
A mother of four is warning others to be cautious after believing she had purchased a safe and dependable car...
Shocking Scam: Sydney Family Loses $200K Life-Savings in Suncorp Spoofing Fraud
A family from Sydney has lost their life savings worth $200,000 due to a fraudulent scam. Peter and Madison, who...
Mysterious Money Transfer Leaves Couple Speechless: How They Got an Unsolicited $4000
A young couple in Melbourne claims their bank is making up a personal loan they do not understand. Ashley and...
Phishing + AI + Voice Cloning= Big Trouble: The New Way Criminals are Stealing Your Money
New Alert: Criminals use AI and voice cloning to trick you out of your money. Earlier this year, Microsoft unveiled...
‘Impossible to Spot’ Delivery Scam Email Targets Australia Post Customers – Don’t Fall Victim!
Unsuspecting shoppers should be cautious as a parcel delivery scam that is hard to distinguish targets Australia Post customers. Email...