Insurer Took Insured To Court Over Misleading Application

Travelers took International Control Services Inc. to court in Illinois after ICS suffered a data breach that the plaintiff claimed could have been thwarted if the multi-factor authentication process the company said it had in place was up and running. It said the misrepresentation “materially affected the acceptance of the risk and/or the hazard assumed by Travelers” in the court filing. Going to court rather than simply denying the claim is an extreme measure, but this case was not unique, according to a partner at Barnes & Thornburg LLP who is quoted in the article. He says the hard market that carriers have created by raising premiums and lowering limits has inspired them to boldness. Another expert advises keeping the fact that security should stop breaches, not simply respond to successful attacks, should be front of mind. Insurance companies are modifying their underwriters’ reliance on self-attestation without some type of third-party verification. In the Illinois case forensics investigators determined there was no MFA in place, so Travelers asserted it should not be liable for the claim. In August the litigants agreed to void the contract and ICS was left without coverage.