Cyber subrogation, finally

Thank you to Travelers Casualty and Surety Company. In Travelers v. Ignition Studio, Inc., No. 1:15-cv-00608 (N.D. Ill.), Travelers brought a subrogation suit against Ignition Studio, Inc., a web design company, for allegedly negligently maintaining a community bank’s website and enabling hackers to steal bank customers’ information.

As discussed, insurers who pay claims have the legal right to initiate and pursue legitimate subrogation claims.  Regrettably, too many are foregoing this right. Travelers is the exception.

In the case, filed in January 2015, the insurer accused Ignition of failing to deploy basic anti-malware software on the server where the bank’s website was hosted. A breach occurred and Travelers paid its insured’s claim for resulting Loss. According to Travelers’ complaint, Ignition’s security applications were inappropriate for a bank website as Ignition did not install key software patches or adequately encrypt customer data. Following the breach, the bank incurred $150,00 to notify customers of the incident. Travelers paid and then chased. The Court denied Ignition’s motion to dismiss.  In April, the parties settled for an undisclosed amount. The Court has ratified the settlement.

I’ll say it again.  Subrogation is a legitimate and real option in appropriate cases.  Why many insurers fail to exercise this right is difficult to understand (except, perhaps, where the underlying contract has a limitation of liability clause).  Insurers subrogate in other contexts.  Why aren’t they also doing so in the cyber realm?  I would.