Regulatory/Law
A Direct Answer

• Alan Rutkin
• August 2018
• 

Cyber coverage cases, like other areas of law, are starting to evolve around a few recurring issues. One of the issues is causation. When does a loss result from computers directly? A prominent court, the 11th U.S. Circuit Court of Appeals, recently weighed in on this issue, and it sided with the insurance industry. If you’re working in this area, you might spend a few minutes considering this case, Interactive Communications International v. Great American Insurance Co.

The policyholder sold “chits” (credits loaded onto prepaid debit cards) that could be redeemed by a consumer to make everyday purchases. Thieves found a glitch in the policyholder system that allowed them to redeem a single chit many times. They stole $11.4 million. The policyholder made a claim under its computer fraud policy.

The policy covered “loss of, and loss from damage to, money, securities and other property resulting directly from the use of any computer to fraudulently cause a transfer….”

The issue quickly became: What does “directly” mean? And both policyholder and insurer were able to cite supporting cases, because two different approaches have evolved on this issue.

Policyholder argued for a “proximate cause” approach. Under this view, if the use of the computer set in motion a chain of events that caused the loss, then the computer caused the loss directly.

Insurer argued for a literal approach. To result directly, there must be immediacy between conduct and result.

The 11th Circuit adopted a methodology that insurers often endorse: “We look to the plain language of InComm’s policy. It is a fundamental principle of Georgia law—and law more generally—that words in contracts ‘generally bear their usual and common signification.’” To that end, the court turned to dictionaries, and found that their theme is unmistakable: “one thing results ‘directly’ from another if it follows straightaway, immediately, and without any intervention or interruption.”

The 11th Circuit then broke down the steps of the theft here. The court found that theft would begin with a computer transaction, creating a duplicate chit. But to complete the theft, three more steps were required: a redemption call, a debit card purchase and a financial transfer. Days, weeks, or months could pass between the first step and the final step, and the loss required that final step. The court found that this sequence lacked the immediacy to be considered as caused directly from the computer fraud.

Several lessons can be drawn.

First, “resulting directly” has become a recurring important issue in this area. Since there remain many different forms in this area, it is useful to see common themes evolving.

Second, while I support the insurers’ approach, fairness requires me to acknowledge that courts have gone both ways on this issue. But the Interactive decision here represents significant added support for the insurance industry’s approach.

Third, enforcing “plain language” is, once again, the approach that generally supports insurers.

Finally and more personally, computer-related fraud and theft has become a scary part of our daily lives.

Best's Review columnist Alan Rutkin is a partner at Rivkin Radler in Uniondale, N.Y. He can be reached at alan.rutkin@rivkin.