How Insurers Can Refuse To Cover Hacker Payments

April 18, 2023

Keyboard in shadows, with a white "thumbs down" image on one of the keys.
thumb down or dislike button on keyboard.

Insurers sometimes make the argument that paying ransomware or putting out money after falling for an email scam do not constitute “direct lost” and therefore are not covered, according to a post on the Ervin Cohen & Jessup website. The contention of the carrier would be that such losses are “occasioned through some action by the company.” In addition, some policies specifically exclude coverage when “any transfer, payment of or delivery of Money, Securities or Property [is] approved by an Employee…”

There have been cases supporting this type of argument, the writer notes, but more recent cases have been more friendly to insureds. Those include a recent case involving a ransomware payment, and a case where the Ninth Circuit, reversing a district court, held that an accounts payable clerk’s processing of a payment to a scam recipient, at the behest of a party who was impersonating her superior, did constitute a direct loss from fraud.

Critical intelligence for general counsel

Stay on top of the latest news, solutions and best practices by reading Daily Updates from Today's General Counsel.

Daily Updates

Sign up for our free daily newsletter for the latest news and business legal developments.

Scroll to Top