PRESCOTT, Ariz. (Legal Newsline) – A
recent ruling by an Arizona federal court involved cyber insurance policies
The decision made in
P.F. Chang’s China Bistro v. Federal Insurance Co.
by the U.S. District Court for the District of Arizona showed that
cyber insurance claims would most likely be interpreted based on what the
policy actually says is covered rather than what the policyholder believes is
case involved P.F. Chang’s, an Asian restaurant chain, that became the target of a June 2014
hacking incident in which about 60,000 credit card numbers were
stolen from the company’s computer
Chang’s turned to its cyber insurance policy to cover the costs that resulted from investigation and remediation
expenses, as well as its defense against the various class action lawsuits that followed.
issue came about when P.F. Chang’s looked to its insurer, Federal Insurance Co.,
to cover a $2 million charge in fees and assessments from its credit card
service providers. However, Federal denied the payment based on the restaurant's policy, which contained a contractual liability exclusion.
Therefore, it was the liability exclusion that led the Arizona court to rule in favor of Federal. It maintained that this clause prevented it from receiving
any payment “because P.F. Chang’s had
agreed that its credit card acquirer could charge back against it these credit
card brand imposed costs and assessments.”
Maynard Guinn, a managing associate with Dentons who followed the case, said that, “a big point in this case was the contractual
liability exclusion, and that exclusion had been around with insurance policies
for decades.” However, she admitted that for cyber insurance, this element is relatively new.
and misinterpretation were the two other elements that seemed to have really defined this
case. P.F. Chang’s believed that these costs would be covered under its
policy because they were given a “flexible insurance solution designed by
cyber risk experts to address the full breadth of risks associated with doing
business in today’s technology-dependent world.”
Guinn said that a
possible reason behind this may be because “companies tend to treat cyber
insurance as a completely new beast, which in a lot of ways it is.” Nevertheless, she explained that cyber policies contain a lot of the same rules and principles as traditional ones.
speculated that P.F. Chang’s may have misread the language in its policy.
"They were looking at it as a different form of insurance, and they weren't thinking of it the way they would with any traditional type of policies," Guinn said.
She revealed that the confusing nature by which some insurance policies are worded is an issue that has been flagged by courts for
decades. As a result, this may be the main source of confusion for companies when they are looking at their coverage.
The only solution may have to involve
insurance companies simplifying the language of their policies. Instead of using
terms and phrases that can be interpreted in more ways than one, insurers may have to
use language that is more specific.
Furthermore, businesses such as P.F. Chang’s could also take a closer look at the cyber policies that they have purchased and make sure
that creditor fees would be covered by its insurance in the event of another