In what may be one of the first court filings of its kind, insurer Travelers is asking a district court for a ruling to rescind a policy because the insured allegedly misrepresented its use of multifactor authentication (MFA) — a condition to get cyber coverage.
According to a July 6 filing in U.S. District Court for the Central District of Illinois, Travelers said it would not have issued a cyber insurance policy in April to Decatur, Illinois-based, electronics manufacturing services company International Control Services (ICS) if the insurer knew the company was not using MFA as it said. Additionally, Travelers wants no part of any losses, costs, or claims from ICS — including from a May ransomware attack ICS suffered.
Travelers alleged ICS submitted a cyber policy application signed by its CEO and “a person responsible for the the applicant’s network and information security” that the company used MFA for administrative or privileged access. However, following the May ransomware event, Travelers learned during an investigation that the insured was not using the security control to protect its server and “only used MFA to protect its firewall, and did not use MFA to protect any other digital assets.”
Therefore, statements ICS made in the application were “misrepresentations, omissions, concealment of facts, and incorrect statements” — all of which “materially affected the acceptance of the risk and/or the hazard assumed by Travelers,” the insurer alleged.
ICS told the insurer during the application process it had improved the company’s cybersecurity following a December 2020 ransomware attack.
The case is Travelers Property Casualty Co. of America v. International Control Services Inc., No. 22-cv-2145.
Was this article valuable?
Here are more articles you may enjoy.