INTRODUCTION
Insurance is often viewed as a panacea, but it rarely is. The first question usually raised when a liability risk becomes real is: "DO WE HAVE INSURANCE COVERAGE?" If the risk is new or unanticipated, insurance carriers usually respond in unison "NO." And insureds usually reply "THAT'S UNFAIR." The rebuttal from the carriers is frequently the equivalent of "TOUGH," which often prompts the insured to rejoin with "SEE YOU IN COURT."
This paradigm may or may not apply with respect to Y2K-based claims. In this article, you will learn that insurers have not spoken in unison. Rather, different carriers have adopted different approaches to the Y2K problem. Some have remained silent, some have added Y2K extensions, and some have issued Y2K specialty policies.
This article then reviews the possibility of obtaining coverage under policies typically purchased by businesses. These include First-Party policies (such as All-Risk, Business Interruptions, Extra Expense, and others) and various Liability Policies (Comprehensive General Liability, Errors & Omissions, and Directors & Officers policies).
Finally, this article addresses some of the most pressing Y2K issues confronting businesses today. For example, it will address what risk-management efforts will likely be necessary for businesses to maintain existing insurance and how to cope with Y2K-oriented questions on insurance applications. In addition, this article will discuss the Y2K exclusions businesses are confronting and what kind of Y2K specialty policies are available.
So, what is the industry saying about Y2K claims? Is there coverage or not? Is it worth making a claim?
The answers to these questions are not clear right now. Although the insurance industry and policyholders have had a number of years to contemplate the inevitability of the Year 2000 problem, very little progress has been made in resolving coverage issues. Why? Several observations help to explain this unfortunate truth.
First, the Y2K problem is huge. A widely respected consulting firm, the Gartner Group, has estimated the losses to be between $300 and $600 billion. More recently, litigation estimates of one trillion dollars and more have begun to emerge in the business and legal press.
Second, unlike most categories of losses, the Y2K problem is predictable. This fact enables the insurance industry to raise a number of unique insurance coverage questions, such as whether a Y2K loss was "unexpected or unintended" or was "fortuitous." These issues will be addressed below.
Third, the Y2K problem is something that occurs but once in a lifetime. Thus, unlike mortality or other more regular occurrences, the insurance industry does not have an underwriting structure or methodology to deal with it.
Fourth, the Year 2000 problem is multi-faceted. There are numerous categories of present and future loss. Several types of policies - First-Party Property, General Liability, Directors & Officers policies, and Errors & Omissions policies - are impacted. Also, many industries are at risk, such as computer users, every conceivable sector of the manufacturing business, as well as consultants, and corporate executives.
Finally, and perhaps most important of all, is inertia. It is human nature to put aside for another day the ugliest and biggest challenge on the horizon.
A.POTENTIALLY HELPFUL POLICIES
To provide a framework for applying insurance coverage issues, it is helpful to divide claims and policies into two basic categories.
The first category is for so-called First-Party claims and policies. Claims under this category are for losses suffered directly by the policyholder. These losses are covered by insurance policies such as All Risk, Business Interruption, and other coverages.
The second category is for Liability or Third-Party claims and policies. Claims under this category involve losses suffered by third-parties who have asserted that the policyholder is responsible. There are many kinds of Liability policies. The broadest and most common is the Comprehensive General Liability (CGL) policy. Other, more specialized, policies under this category include Directors & Officers (D&O), and Errors & Omissions (E&O) policies.
1.First-Party Policies
a.All Risk Insurance
Over time, as the insurance market has softened and as competition has increased, most First-Party insurance policies are written as All-Risk policies. Although policy provisions may vary, coverage normally exists where there is "physical loss or damage" to covered property, when the loss is "fortuitous" and no exclusions apply.
The most favorable attribute of All-Risk policies is that they provide coverage for all losses unless specifically excluded. As such, it should be the insurance company's burden to show that one of the exclusions obviates coverage.
As might be expected, insurers have not always been willing to shoulder this burden and provide coverage. Typically, insurers raise two basic arguments.
First, despite the All-Risk nature of the coverage, insurers have argued that policyholders must establish that only "fortuitous" losses are covered. Many insurers maintain that Y2K losses are not "fortuitous." As Lloyd's of London has stated:
Given the extensive global debate on the subject of Y2K computer problems, it is clearly apparent the topic does not meet the criteria of fortuity. Rather, it is a well-known, well-described business risk.
Policyholders should adopt the position that, although the Y2K phenomenon itself may have been foreseeable, the actual damages they suffered were not. Therefore, the fortuity requirement would be satisfied.
Second, insurers will argue that the requirement of a "physical loss or damage" is not met with respect to Y2K claims. Carriers probably will contend that the loss or damage suffered by the policyholder was not "physical," suggesting as they do that the word "physical" modifies "damage" as well as "loss." With respect to this issue, insureds should first examine the definition of "physical loss or damage" in their policy. If this proves unhelpful, insureds should argue that "physical" does not modify "loss."
There is limited case law on this issue. In Massachusetts, the state's highest court has not spoken, and the intermediate appeals court has issued conflicting decisions. Compare HRG Development Corp. v. Graphic Arts Mutual Ins. Co., 527 N.E. 2d 1179 (Mass. App. Ct. 1988) with USM Corporation v. First State Insurance Co., 641 N.E. 2d 115 (Mass. App. Ct. 1994).
Despite these uncertainties, All-Risk policies could be useful for companies in some circumstances. Depending on the size of the claim, insurers may be willing to settle claims brought under an All-Risk policy under the right facts. If the claim is large enough and the policyholder is willing to litigate, an insurer may wish to avoid the risk of an adverse decision (on the "fortuity" or "physical loss or damage" issues) enough to compromise the claim.
b.Business Interruption
Business Interruption insurance may also provide important coverage for Y2K claims. In fact, this type of insurance appears especially important in light of the risk that Y2K problems could result in computer crashes that seriously disrupt company operation. This coverage is designed to protect businesses from losses suffered after they have been partially or wholly disabled. Business Interruption coverages is usually found within the All-Risk policy. A typical provision provides:
In consideration of additional premium, this policy is extended to cover the actual loss sustained by the insured during a period of interruption directly resulting from physical loss or damage of the type insured against by the policy, to property not otherwise excluded by the policy, utilized by the insured, and located or described elsewhere in this policy.
This policy provision obviously implicates the same "physical loss or damage" issue discussed above. Policyholders can expect that because this provision often exists within an All-Risk policy that insurers also will raise the "fortuity" argument. Some business interruption provisions also require a complete cessation of business operations before coverage is triggered.
c.Extra Expense
Some First-Party policies also include provisions providing insurance coverage for expenses incurred in the prevention or avoidance of future losses. For example, the following is a typical provision:
(1)We will pay an Extra Expense to avoid or minimize the suspension of business and to continue "operations".
(2)We will pay any Extra Expense to minimize the suspension of business if you cannot continue operations.
(3)We will pay any Extra Expense to:
(a)Repair or replace any property; or
(b)Research, replace or restore the lost information on damaged valuable papers and records.
This provision is designed to encourage the policyholder to take reasonable steps to prevent future covered losses by requiring the carrier to reimburse the insured for sums spent that actually reduce the carrier's net exposure. They may apply to expenses incurred by insureds to minimize expected damage to computer and other equipment as a result of the Y2K problem, but only if the policy would provide coverage for the loss if it did occur. This means that claims brought under an Extra Expense provision are also subject to the "physical loss or damage" and "fortuity" requirements previously discussed.
Nevertheless, this type of provision may provide a source of revenue for a company that wants to do something about reasonably anticipated Y2K problems before they occur. This coverage may even offer a company the opportunity to negotiate coverage ahead of time. Any efforts to take advantage of such coverage should be undertaken now, before policies in effect during the changeover date, because such future policies could very well contain a Y2K exclusion eliminating this opportunity.
d.Boiler and Machinery
Boiler and Machinery (B&M) coverage, sometimes called machinery and equipment coverage, is a specialized from of property insurance involving very unique exposures such as electrical arcing, explosion and mechanical breakdown that are usually excluded under property policies. This coverage is often purchased by manufacturing and processing companies.
These types of facilities rely heavily on embedded chips and systems. It is anticipated that a significant percentage of these chips and systems will experience operational problems, possibly including total shut-down. B&M coverage may be helpful in these circumstances. Policyholders can expect that carriers aggressively will defend claims brought under B&M policies, and will assert all available exclusions. Particularly helpful to insurers in this situation will be an exclusion in most B&M policies for the breakdown of an electronic computer or electronic data processing equipment.
e.Other First-Party Policies
Depending on the industry, there are numerous other specialized property policies that could provide coverage, such as: inland marine policies; electronic data processing insurance; cargo insurance; computer crime insurance policies; and valuable papers and records insurance. In light of the complexity and scope of a Y2K claim, it would be prudent to review all applicable First-Party insurance forms.
2.Liability Policies
a.CGL Policies
Comprehensive General Liability (CGL) insurance policies are the broadest form of liability policies available on the market. They usually provide coverage for property damage, bodily injury, personal injury and advertising injury claims. We expect that there will be many claims asserted under CGL policies for Y2K claims and that the insurance industry will be very aggressive in responding to them.
Nevertheless, we have reason to think that the insurance industry itself may believe that CGL policies provide coverage for third-party Y2K claims. One of the most prominent insurance industry trade groups, the Insurance Services Office, Inc. (ISO), has developed Y2K exclusions for CGL carriers. In describing one of these exclusions, GL 97-0Y2KF, ISO has stated as follows:
Many types of businesses insured under a CGL policy may encounter liability claims arising out of the Y2K computer problems. Claims may involve damages for Bodily Injury, Property Damage, or loss of use of a third party's property due to failure of an insured's products to function or perform properly. In addition, ISO and others have expressed concern that there exists an increased potential for loss under the Personal Injury coverage sections of the CGL policy.
This language suggests that the industry itself believes that current exclusions do not obviate Y2K claims. In addition, ISO has stated that "there is presently no explicit treatment of the Y2K exposure" within the CGL form. This alone is enough in most states to support a finding that the CGL policy provides coverage for Y2K claims. Finally, ISO has informed insurance agents who desire to sell the broadest available CGL coverage for Y2K claims to use the "unendorsed CGL or Products Liability forms." This seems to be an explicit acknowledgment that Y2K claims are theoretically covered under existing CGL forms. This discussion assumes, however, that the particular facts of the claim otherwise meet the requirements of the CGL policy and do not give rise to an applicable exclusion.
(1)Property Damage
Unless a Y2K claim involves bodily injury, the insured must demonstrate that some property damage has occurred. CGL policies typically defined property as:
a.Physical injury to tangible property, including all resulting loss of use of that property . . .[ ;] or
b.Loss of use of tangible property that is not physically injured.
(a)Physical Injury to Tangible Property
The concept of physical injury usually connotes some alteration of the form of the property. In Y2K cases, there will be significant debate whether such injury really occurs to the data or software due to a system's inability to handle the date changeover. A few courts have wrestled with this issue in related cases, with some concluding that computer data is tangible property subject to CGL coverage, while others have reached the opposite result. There have been no decisions on this issue in the Y2K-coverage context
(b)Loss of Use
Even if an insured is unable to establish that a system malfunction constitutes physical injury to tangible property, it may be able to support a Y2K insurance claim based on a theory of loss of use. Suppose that an insured's system crashes and that a third-party's system is disabled thereby. In such a case, a good argument could be made that the loss of use component of the property damage requirement was met.
(2)Sums Paid "As Damages
The insuring contract requires the carrier to pay those sums that the insured is legally obligated to pay "as damages." This phrase is now commonly interpreted to mean any loss for property damage or bodily injury paid to a third-party making a claim against the insured. It is distinguished from expense incurred by a policyholder either voluntarily or in response to a government order. Accordingly, expenses incurred voluntarily by the insured to remedy an actual or potential system failure would not be covered.
Insurers will also rely on the well-settled rule that liability policies do not cover losses arising from breach of contract. This "contract" defense will be significant in cases whereby claims between persons or entities that have contracts with each other. In the context of computer or software sales, purchasers will no doubt bring breach of contract and warranty claims alongside their tort claims. Insurers will argue that claims by purchasers are essentially contractual in nature and thus not covered. Many CGL policies, however, include "buybacks" that provide contractual liability coverage that may be helpful in the Y2K context.
(3)Caused by an Occurrence
Coverage exists under the standard CGL form only when property damage or bodily injury is caused by an "occurrence," which is generally defined to mean "an accident, including continuous or repeated exposure to substantially the same general harmful conditions." Practically, this has been interpreted to mean that the damage or injury must have resulted from a fortuitous event, one that is neither expected or intended.
Interpreted in this way, the "occurrence" requirement will involve an examination of what software vendors and users knew about the Y2K problem and when they knew it. The focus of this inquiry will be whether the policyholder had reason to know of the problem before the effective date of the policy. On a practical level, mere awareness in theory of the Y2K problem in the abstract may not obviate coverage. Where the insured had reason to know that its system was "infected" and could result in problems with its customers eventually, the insurance industry will argue that the resulting damage was not a "fortuitous." This argument would apply with particular force in cases involving claims against manufacturers of hardware or software (who ought to know the characteristics of their own products), but may not hold sway in cases involving claims against users of defective hardware or software (who may or may not know whether their systems is "infected").
(4)CGL Policy Exclusions and Conditions of Coverage
CGL policies contain a variety of limitations to coverage. These limitations come in the form of exclusions and conditions of coverage, some of which are discussed below.
(a)Notice of a Claim or Occurrence
Policies typically require an insured to notify the carrier in the event of an occurrence, thus allowing an insurance company an opportunity to investigate potential losses. In Y2K cases, insurers may argue that every policyholder now involved in Y2K compliance efforts (assessing, remediating and testing its code and reviewing supply claim compliance) has been aware of an "occurrence" for some period of time. In other words, these technical problems constitute an event that might give rise to a claim, thus entitling an insurer to notice. Remember, it is the occurrence that first gives rise to an obligation to notify. Notice of a claim follows later. Accordingly, insureds should consider engaging in early and frequent notice to insurance companies regarding the Y2K problem.
(b)Voluntary Assumption of Liability
Only damages that an insured is required to pay to a third party are covered under the CGL policy. To the extent that an insured incurs liability to a third party voluntarily, there would be no coverage, such as when a vendor performs work at a customer's location without proof of legal obligation.
(c)Expected or Intended Injury or Damage
The software and hardware problems that constitute the Y2K problem have been known for some time. This awareness enables insurers to argue that this problem was known at the time of the purchase of the policy. This is significant because CGL policies exclude coverage for bodily injury or property damage that is "expected or intended" from the standpoint of the insured.
From the insured's point of view, coverage expectations may be characterized as akin to a new car buyer's expectation. Purchase of hardware or software with the expectation that it would be replaced before Year 2000 is not unlike purchasing a car with the knowledge that ongoing maintenance is required.
From the perspective of the insurance company, computer engineers have known for decades that two-digit date fields would have to be changed to accommodate the millennium change. Viewed in this light, it is difficult to argue that Y2K damages were unexpected. The issue is one of forseeability. Insurers will argue that there should be no coverage because Y2K problems were foreseeable. What this argument misses, however, is that policyholders buy insurance because of foreseeable as well as unforeseeable events. Death is inevitable, yet many people buy life insurance. Companies buy accident insurance for their vehicles knowing that such accidents are possible if not likely. The industry's revenue is based on taking premiums for foreseeable events. The real question should be whether the policyholder "expected or intended" the actual harm that resulted from the Y2K problem.
(d)Contractual Liability
Liability assumed under a contract is excluded under standard CGL language, although "buybacks" of this coverage may have been purchased.
(e)Owned Property
CGL policies normally have language excluding claims for damage to the insured's property, real or personal. This would exclude claims for damages to a policyholder's own hardware and software.
b. Directors & Officers Liability Insurance
We anticipate that Y2K will generate a significant number of claims against directors and officers under various theories. First, directors and officers may be sued for breach of fiduciary duty for not controlling Y2K remediation costs or for not preventing Y2K business losses (including litigation). Second, they may be sued for breach of the duty of diligence on the ground that they did not adequately inform themselves of Y2K problems, failed to supervise Y2K remediation, or failed to properly disclose the magnitude of the company's Y2K problem to appropriate parties. For any of these claims, companies should look promptly to their D&O liability policies.
A typical insuring agreement in a D&O policy requires the insurer to:
pay the loss of each and every Director or Officer of the Company arising from a claim first made against the Directors or Officers during the Policy Period . . . for any actual or alleged Wrongful Act in their respective capacities as Directors or Officers of the Company . . .
Wrongful Act usually is defined to include any breach of duty, neglect, error, misstatement, misleading statement omission or act. This broad definition would seem to suggest that many of the Y2K claims described above should be covered under the D&O policy.
Most policies do not, however, require the insurer to provide a defense to a lawsuit brought against the directors and officers. Rather, the policy usually requires the insurance company to reimburse the policyholder for defense costs, which normally has meant that the insured receives this reimbursement as defense costs are incurred, rather than after judgment or settlement.
D&O policies typically have numerous exclusions, such as exclusions for fraud and dishonesty, bodily injury and property damage claims, and for contractual liability.
c.Errors & Omissions Policies
Errors & Omissions (E&O) coverage is also known as Professional Liability insurance. Many firms that provide computer products or services will look to this coverage for losses incurred as a result of the Y2K problem. A typical E&O policy requires an insurer to:
pay on behalf of the insured those sums which the insured becomes legally obligated to pay as damages because of a negligent act, error or omission in the performance of the insured's professional services.
Like D&O policies, most E&O policies are claims-made policies, meaning that coverage exists only for claims made during the policy period. Like CGL policies, E&O policies typically exclude expected or intended losses.
The most common dispute arising under D&O policies is over the meaning of the phrase "professional services." Carriers frequently attempt to avoid paying claims on the ground that the alleged activity does not constitute a professional service. Although this question has been open to dispute from the perspective of the insurance industry, courts often look to see whether the activity involves a specialized knowledge, labor or skill that is predominately mental or intellectual rather than physical or manual. This standard would seem to be met easily in the context of Y2K claims against software and hardware manufacturers, however, insureds should expect that carriers will raise this definitional issue in many cases.
d.Other People's Insurance
As a general requirement of doing business, many companies require that those with whom they do business either indemnify them or insure them against loss or liability. In this way many companies have the benefit of "other people's insurance" (OPI), which can be a tremendous asset. Coverage under OPI can provide a company with defense and indemnity benefits without the burdens of deductibles, self-insured retentions or co-insurance obligations.
B.IMMEDIATE ISSUES
1.Risk Management
Remediation of Y2K problems should be undertaken promptly for two major reasons. First, companies naturally have a financial desire to avoid the losses that could flow from Y2K non-compliance. Second, these efforts may be important to enable the company to recover under an insurance policy if a loss does occur. As discussed above, insurers probably will raise numerous defenses to Y2K claims, such as lack of "fortuity" and the failure of the loss to meet the "unexpected or unintended" standard. Insurers may also deny coverage on the basis of an insured's failure to mitigate damages. These types of defenses will be more persuasive to a judge where the insured has done nothing to correct the Y2K problems and is merely relying on insurance to address the loss. This means that policyholders should undertake and document a vigorous Y2K remediation effort.
2.Insurance Policy Applications
One of the issues currently facing risk managers is how to respond to questions on insurance applications regarding Y2K issues. It is not unheard of for an insurance company to decline coverage of a significant claim on the grounds that, with the benefit of hindsight, the company can credibly assert that the policy holder failed to disclose critical information necessary for the underwriting process.
It is not hard to imagine, therefore, an insurer examining an insurance application carefully when presented with a significant Y2K claim. It is critically important for all questions to be answered truthfully and thoughtfully. Simple stating that your company is compliant, even if believed to be true, could create problems because it will be interpreted by the insurer as a warranty. Rather, the insurance application should document the company's efforts to achieve Y2K compliance, but also should warn against the possibility of unforeseen problems that may exist in the company's systems as well as problems that could exist externally with its customers, suppliers and service providers. Even more preferable than signed statements are face-to-face meetings or conference calls addressing a company's compliance efforts.
3.Y2K Exclusions
Now that Y2K problems are beginning to materialize, the industry that derives its revenue from convincing policyholders to pay significant premiums now to avoid problems later, is scurrying around the country trying to gain permission from state regulators for exclusions that purport to abandon the very customers it promised to protect. The ISO has drafted these exclusions for virtually every conceivable type of insurance.
This effort has an "Alice in Wonderland" quality to it. On one hand, the industry has been desperately trying to convince people that there is no Y2K coverage under these policies. On the other hand, the industry is madly trying to engineer applicable exclusions for coverage they say does not exist.
What's really happening is that the industry has realized that most policies are ambiguous at best, and may even implicate coverage by their silence on the issue of Y2K claims. Moreover, the ISO has publicly conceded that the reason for Y2K exclusions is that insurers had not collected premiums to cover Y2K risk.
4.Y2K Specialty Policies
A small number of insurance companies are selling Y2K insurance policies. These policies are very expensive and are difficult to secure. Typically, underwriters of these policies will require the policyholder to spend many tens of thousands of dollars in audits in order to qualify for the policy.
AIG, Lloyds, Axa Global Risks, and AON Risk Managers are offering these policies. They provide coverage for (1) direct business interruption; (2) contingent business interruption; (3) third-party liability coverage; (4) D&O; and (5) vicarious liability. Policy limits up to $100 million are available.
The parallel developments of exclusion-drafting and Y2K specialty policies may indicate that insurers believe that present policies are either ambiguous or provide coverage. These developments also undercut the insurance industry's assertion that Y2K losses are uninsurable because they are not fortuitous.
CONCLUSION
Policyholders cannot ignore Y2K implications on insurance issues. Early review of remediation efforts and careful reporting to your insurer about these efforts will position your company for making a Y2K claim in the event a loss occurs. Now, before those claims arise, is the time to become aware of the potential insurance policies available for a Y2K loss and how to maximize recovery under those policies.
If your company believes that it may have Y2K risk it should examine its insurance situation now. Our office can help you analyze your best course of action in light of the coverages that you have. As a beginning, you should review attached Exhibit A, which is a checklist of preliminary insurance tasks that policyholders should undertake.