An Indiana businessman found out the hard way how far his insurance company was willing to go to avoid paying a claim after it misrepresented the coverage of a crime policy it sold to him. The quote for the policy indicated that it included coverage for losses resulting from computer hacking. Despite this representation, when the policyholder’s bank accounts were hacked, the insurer denied coverage on the ground that there was no provision for hacking coverage in the policy. Fortunately, the Indiana Court of Appeals recognized the insured’s right to argue before a jury that the insurer’s quotes falsely represented the scope of its coverage.
In Metal Pro Roofing, LLC v. Cincinnati Ins. Co., Richard Cornett, principal of Metal Pro Roofing, LLC and Cornett Restoration, LLC (the “LLCs”), purchased a Cincinnati Insurance Company CinciPlus Crime XC+ Policy (the “Policy”). At the time Mr. Cornett purchased this coverage, and during all subsequent renewals, Cincinnati issued insurance quotes that stated:
Cincinnati can insure your money and securities while at your premises, inside your bank and even off site in the custody of a courier. While you’ve taken precautions to protect your money and securities, you run the risk of loss from employees, robbers, burglars, computer hackers and even physical perils such as fire.
Give yourself peace of mind with Cincinnati’s crime coverage to insure the money and securities you worked so hard to earn.
Crime Expanded Coverage (XC®)Plus Endorsement $125.00.
In the course of time, someone hacked into the LLCs’ bank accounts and stole over $78,000. The LLCs made claims under the “Forgery or Alteration” and “Inside the Premises” provisions of the Policy, but Cincinnati denied coverage and filed a declaratory-judgment action seeking confirmation of its denial.
The LLCs filed a counterclaim alleging breach of contract and insurance bad faith. The bad faith claim alleged, in relevant part, that Cincinnati had deceived its policyholder by making “public representations that the commercial crime insurance is intended to protect insured business clients from someone hacking into the computers and into their bank accounts to steal money.”
The parties filed cross-motions for summary judgment, and the trial court granted summary judgment in Cincinnati’s favor on all issues except one – it allowed the LLCs’ theory of bad faith to proceed to trial, noting, however, that the LLCs had failed set forth any facts in support of their theory. In response, the LLCs amended their counterclaim to allege that the language of Cincinnati’s quotes led Mr. Cornett to believe that losses from computer hacking would be covered under the Crime XC+ Policy. The LLCs attached the quotes to their amended counterclaim.
Cincinnati again moved for summary judgment. It argued in this second motion that, even if the quote could be read to mean that computer-hacking losses were covered, certain fine print at the bottom of the quote annulled that meaning –
This proposal is based on rating information supplied by you and is valid for 30 days from the date quoted, subject to any pending rules and rate filings. It is also subject to normal underwriting consideration, favorable inspection and acceptable loss experience. This is not a policy. For a complete statement of the coverages and exclusions, please see the policy contract. Each insurer has sole financial responsibility for its own products. Not all Cincinnati subsidiaries operate in all states.
The LLCs responded to Cincinnati’s second motion for summary judgment by submitting an affidavit from Mr. Cornett, which stated that he relied on the description of the coverage provided by Cincinnati. Cincinnati moved to strike this statement, arguing that Mr. Cornett had testified at deposition that “he did not even read [the description] much less read the Policy prior to the alleged losses.” The trial court struck Mr. Cornett’s statement and granted summary judgment in Cincinnati’s favor, concluding that Mr. Cornett did not rely on the coverage description in the quote “because it wasn’t read”. The LLCs appealed both summary judgment decisions.
The Indiana Court of Appeals held that the trial court had correctly concluded that neither the Policy’s “Forgery or Alteration” nor “Inside the Premises” provisions afforded coverage for computer hacking. The Policy defined “forgery” as the “signing of the name of another person or organization with intent to deceive,” and the LLCs failed to present evidence that the hacker had “signed” anything. Similarly, the Policy defined “premises” as “the interior of that portion of any building you occupy in conducting your business” and “banking premises” as “the interior of that portion of any building occupied by a banking institution or similar safe depository,” but the LLCs presented no evidence that the person responsible for the hacking had been inside the LLCs’ buildings or a “banking premises,” so defined.
But the Court reversed the trial court’s ruling on the bad faith claim because the lower court erred when it held that Mr. Cornett “did not rely upon the [quote] because it wasn’t read.” The Court of Appeals found that, at deposition, “Cornett testified only that he did not read the Crime XC+ portions of the actual policies until Cincinnati denied the LLCs’ claims; he did not testify that the did not read or rely on the descriptions in the quotes when deciding to purchase the policies.” Mr. Cornett’s deposition testimony was, in other words, consistent with his affidavit, wherein he stated that he “relied on the description” of the Crime XC+ coverage in Cincinnati’s quotes when he decided to purchase the Policy. Therefore, the Court of Appeals concluded, a finder of fact could read Cincinnati’s quote as a false representation of the Policy’s coverage because the quote indicates that the Policy includes “coverage against loss of money or securities on deposit at a financial institution from computer hackers[.]”
There are two lessons to be learned from this case. First, the Crime XC+ coverage that Cincinnati sold to Mr. Cornett was surprisingly anachronistic when one considers the criminal threats facing business owners in the 21st century. Cincinnati’s restriction of coverage for theft of money to circumstances where the theft is committed by a person inside the policyholder’s bank or buildings or by a “forger” betrays a conception of contemporary criminal enterprise that labors in the twilight between the tragically quaint and the comically obtuse.
The second lesson, not unrelated to the first, is the remarkable scale of the carrier’s duplicity in dealing with its insured, from the original sale of the policy through the ensuing coverage litigation. Not only did the carrier represent that coverage under its crime policy would afford protection against computer hacking when, in fact, it would hardly have protected the insured from common pickpockets; but, in arguing that Mr. Cornett “did not even read [the description] much less read the Policy prior to the alleged losses,” Cincinnati also misrepresented Mr. Cornett’s deposition testimony in its motion to strike his affidavit. It compounded one misrepresentation with another. In light of the ubiquitous presence of online banking within the fabric of the commercial world and the anticipated growth of innovations such as cryptocurrency, policyholders must remain vigilant against stale programs for crime coverage and carriers willing to go to the mattresses when the coverage illusions they create are challenged.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.