Line design
Insurance Insight_390x160

By Taylore Karpa Schollard

Small businesses account for 99.9 percent “of all American businesses,” with more than 33.1 million small businesses employing a staggering 61.7 million Americans.1 There is nothing “small” about their import to the economy or the unique insurance questions facing them. Nor is there anything “small” about the potential exposure insurers of small businesses face. In 2022, studies showed that small businesses incurred commercial losses of over $200 million.2

While theft, weather, and fire-related losses continue to be the triggers for the “most common business insurance claims in America,” it is important for insurers to keep a watchful eye on cyber loss trends given the potential for substantial exposure cyber losses pose. Small businesses are reported to “account for 43% of cyber attacks annually.”3 In 2020, reports indicate that over 700,000 small businesses suffered cyber attacks, resulting in “a total of $2.8 billion in damages.”4 The potential for cyber claims is likely to increase as instances of cybercrime continue to grow. Indeed, studies show that ransomware attacks increased by nearly 93% in 2021 alone.5

As cyber losses are expected to continue to trend upward, this article provides a brief update on recent cyber insurance cases to assist insurers in evaluating their risk and handling cyber claims:

  • National Ink and Stitch, LLC v. State Auto Property and Casualty Insurance Company, 435 F. Supp. 3d 679 (D. Md. 2020)

- The insured embroidery and screen-printing business sought coverage under a business owner’s policy for the cost of fully replacing its entire computer system after a ransomware attack that prevented it from accessing its files, software, and corporate data. Even though the insured paid the ransom, some of its art files needed to be completely recreated. The computer system also ran more slowly due to protective measures instituted after the loss.

- The insurers argued that because the insured did not lose complete functionality of its computer system, the insured did not suffer a covered loss. The court disagreed. It held that the insured sufficiently proved it suffered the required “physical loss or damage” because “loss of use, loss of reliability, or impaired functionality demonstrate the required damage to a computer system.”6

  • Yoshida Foods International, LLC v. Federal Insurance Company, No. 3:21-cv-01455-HZ, 2022 WL 1748000 (D. Or. Dec. 6, 2022)

- A cyber-criminal hacked into the insured’s computer system, encrypting it so that the system could not be used. The hacker demanded a ransom payment in cryptocurrency only. The ransom was paid by the insured’s president using his own personal cryptocurrency holdings. The insured company eventually reimbursed the president for the payment and sought coverage.

- The court found that the payment was a direct loss to the insured and rejected the insurer’s argument that the payment was not covered because it was made from personal funds and was voluntary, particularly given that the payment was made under duress.7

Staying up to date on trends in cyber coverage and developments in legal precedent is an insurance company’s first line of defense in evaluating its potential exposure and effectively handling cyber claims when they arise.

Read More

1 Ashlee Tilford, Small Business Insurance Statistics 2023, Forbes Advisor, Sep. 28, 2023, https://www.forbes.com/advisor/business-insurance/small-business-insurance-statistics/, and sources cited therein.
2 Id.
3 Nivedita James Palatty, 51 Small Business Cyber Attack Statistics 2023 (And What You Can Do About Them), Astra, October 26, 2023,  https://www.getastra.com/blog/security-audit/small-business-cyber-attack-statistics/#:~:text=Small%20businesses%20account%20for%2043,%2425%2C000%20due%20to%20cyber%20attacks.
4 Id.
5 Tilford, supra.
6 “Here, not only did Plaintiff sustain a loss of its data and software, but Plaintiff is left with a slower system, which appears to be harboring a dormant virus, and is unable to access a significant portion of software and stored data. Because the plain language of the Policy provides coverage for such losses and damage, summary judgment will be granted in favor of Plaintiff's interpretation of the Policy terms.”
7 The above discussion identifies only one of the holdings discussed in the Yoshida case.

Related Attorneys

The Robins Kaplan Insurance Insight

read more
Jump to Page

Robins Kaplan LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek