Calfee Insurance Coverage Attorney Tae Andrews Quoted in Law360 Insurance Authority Article "Home Depot's 6th Circ. Loss Reveals Cyber Coverage Gaps"

Mentioned and Quoted

Calfee Insurance Coverage Senior Counsel Tae Andrews was quoted in the January 17, 2025, Law360 Insurance Authority article, "Home Depot's 6th Circ. Loss Reveals Cyber Coverage Gaps," which reviews a Sixth Circuit decision this week that an "electronic data exclusion in Home Depot's insurance policies barred coverage for a $50 million claim" stemming from a data breach. This finding "marks an important distinction in litigation over whether multiple types of policies can cover the same loss."

In an interview with reporter Jennifer Mandato, Tae commented on Home Depot, Inc., et al. v. Steadfast Insurance Company, et al., in which a three-judge panel upheld the lower court's ruling that the insurance companies were not required to cover Home Depot for defense and settlement costs related to a data breach the national retailer experienced in 2014, affecting millions of customers' payment cards. "The panel determined that the commercial general liability excess policy's plain language, in particular an exclusion which barred coverage for damages resulting from the loss of use electronic data, was unambiguous."

Tae shared the opinion that the Sixth Circuit erred in its evaluation of the issues in interpreting the insurer's duty to defend. He stated, "In essence, courts are supposed to put a thumb on the scale in favor of the policyholder, but here the court put a thumb on the scale in favor of insurers," noting that this decision follows a trend from federal courts to narrow an insurer's defense obligations.

He also noted that the court's interpretation of the contested electronic data exclusion essentially added "language to the electronic data exclusion by holding that it applies to loss of 'safe' use of electronic data." 

Tae further stated that he didn't necessarily expect policy language to change as a result of this Court finding since most noncyber policies more recently address "silent cyber" exposures, which refers to potential cyber exposures that may be triggered within traditional liability policies.

Quoting the article, "Still, any changes to policy language highlights a practical difference between CGL and cyber policies, Andrews told Law360, as CGL policies are form policies and often have the same policy wording, but cyber policies are not." He recommended that policyholders consider talking to their brokers to understand the specific plan for coverage in the event of a data breach to avoid their insurers from fighting over the duty to cover such breaches.

Read the full Law360 Insurance Authority article.

Note that this publication may require a subscription to access the referenced article. Contact info@calfee.com if we can be of assistance.