Computer Fraud Insurance in the Cyberage - Excerpts
Westlaw (Thomson Reuters) recently published another article I wrote on how some courts have interpreted computer fraud provisions. In the article, I identify the common themes in those court decisions, and explore possible implications for applying those themes to emerging technologies.
Here are some excerpts:
Electronic communications are ubiquitous in modern society. Companies now rely on the internet, email, text messages, social media and artificial intelligence chatbots to compete.
The rise of electronic communications presents a major challenge to companies because, to the extent fraud is perpetuated through the exchange of information, many fraudulent schemes involve some form of computer-facilitated communication. There are many reports of criminals exploiting society's reliance on electronic communication for financial gain (e.g., phishing, spoofing and social engineering).
As companies fall victim to fraud through the use of computers, they may seek coverage under computer fraud or computer crime provisions in insurance policies (collectively, computer fraud provisions).
The Insurance Services Office Inc. has two forms that provide coverage for computer fraud or computer crime. These forms specify that the loss must result directly from the use of a computer. Some insurance companies have adopted language similar to that used on the ISO forms.
Since 2016, there have been some important cases interpreting computer fraud provisions. The outcome of those cases has surprised many and left some to think the name "computer fraud insurance" is misleading.
This analysis will discuss how courts have interpreted computer fraud provisions, identify the common themes in those decisions, and consider possible implications for applying those themes to emerging technologies.
In deciding whether there was a loss resulting directly from the use of a computer, these cases hinge on the answers to two key questions:
• Did the insured, at any point, authorize the transfer?
• Were there any intervening steps between the initial fraudulent communication and the loss?
If the insured authorized the fraudulent transfer, the loss can be chalked up to human error rather than the manipulation of computer systems. Similarly, if there were several steps between the fraudulent access or communication and the loss, then the insured had opportunity to discover the fraud and avoid the loss.
As courts continue to agree with insurance companies denying coverage, the message is clear: If insurance companies intended computer fraud provisions to cover all transfers that in some way involve both a computer and fraud, then almost every fraud in the cyberage would be covered. Insurance companies plainly cannot afford such an interpretation.
It will be interesting to see if insurance companies tighten their language to cover only the classic hack, or if new insurance products come to market that will cover the many permutations of fraud that occur through the use of computers and emerging technologies.
For certain, the implementation and utilization of emerging technologies in modern business will strain the interpretation of insurance policies and force courts to decide cases in uncharted territories.
For a complete copy of the article, click here