The appellate court found that cross-motions for summary judgment filed by the insured and insurer for a claim arising from computer fraud were properly denied. G&G Oil Co. of Ind. v. Cont'l W. Ins. Co., 2021 Ind. LEXIS 182 (Ind. March 18, 2021).      G&G Oil discovered one morning it was locked out of its computer system. Its hard drives were encrypted, and one screen prompted: "To decrypt contact [email user]. Enter password." In order to decrypt the contents of its own drives, G&G Oil believed it would have to contact the person or entity responsible for the attack to regain access.     G&G Oil consulted with the FBI and other experts before initiating contact with the hackers to negotiate the release of its servers. G&G Oil ultimately paid nearly $35,000 before regaining access to its computer systems. A claim was then submitted under its policy with Continental. The claim was denied becuase the computer hacking was excluded from the policy. Continental contended that the payment was voluntarily transferred by G&G Oil to the hacker and therefore, the hacker did not "transfer funds directly" from G&G Oil.      G&G Oil filed suit. The policy covered loss "resulting directly from the use of any computer to fraudulently cause a transfer of money." On cross-motions for summary judgment, the trial court found that the loss was not "fraudulently caused" but was the result of theft. Second, G&G Oil's payment to the hacker did ot qualify as a loss "resulting directly from the use of a computer" under the policy and instead was a voluntary payment ot accomplish a necessary result. Summary judgment was granted to Continental. The Court of Appeals affirmed.      The Supreme Court found that the term "fraudulently cause a transfer" could be reasonably understood as simply to obtain by trick. Nevertheless, G&G Oil had not designated reliable evidence to entitle it to summary judgment. Not every ransomeware attach was necessarily fraudulent. For example, if no safeguards were put in place, it was possible a hacker could enter a company's servers unhindered and hold them hostage. There would be no trick involved.      Nor was summary judgment appropriate for Continental. There was a question as to whether G&G Oil's computer systems were obtained by trick. Though little was known about the hack's initiating event, enough was known to raise a reasonable inference the system could have been obtained by trick.      The court also considered whether the loss "resulted directly from the use of a computer." G&G Oil said it was because a computer was part of the entire scheme. Continental argued, and the trial court agreed, that G&G Oil's voluntary transfer of payment was an intervening cause that severed the causal chain of events.     The court determined that G&G Oil's loss resulted either immediately or proximately without significant deviation from the use of a computer. The payment was nearly the immediate result from the use of a computer. Though the transfer of money was voluntary, it was made only after consulting with the FBI and other experts. The payments were "voluntary" only in the sense G&G Oil consciously made the payment. The "voluntary" payment was not so remote that it broke the causal chain. Therefore, G&G Oil's loss "resulted directly form the use of a computer."

from Insurance Law Hawaii https://ift.tt/2PPsCjs