Hard Market Strategy Bundle! 📦 Cyber Monday Deal Get the Bundle

Travelers Wants Out of Contract With Insured That Allegedly Misrepresented MFA Use

By | July 12, 2022

In what may be one of the first court filings of its kind, insurer Travelers is asking a district court for a ruling to rescind a policy because the insured allegedly misrepresented its use of multifactor authentication (MFA) – a condition to get cyber coverage.

According to a July 6 filing in U.S. District Court for the Central District of Illinois, Travelers said it would not have issued a cyber insurance policy in April to Decatur, Illinois-based, electronics manufacturing services company International Control Services (ICS) if the insurer knew the company was not using MFA as it said. Additionally, Travelers wants no part of any losses, costs, or claims from ICS – including from a May ransomware attack ICS suffered.

Travelers alleged ICS submitted a cyber policy application signed by its CEO and “a person responsible for the the applicant’s network and information security” that the company used MFA for administrative or privileged access. However, following the May ransomware event, Travelers first learned during an investigation that the insured was not using the security control to protect its server and “only used MFA to protect its firewall, and did not use MFA to protect any other digital assets.”

Therefore, statements ICS made in the application were “misrepresentations, omissions, concealment of facts, and incorrect statements” – all of which “materially affected the acceptance of the risk and/or the hazard assumed by Travelers,” the insurer alleged in the filing.

ICS also was the victim of a ransomware attack in December 2020 when hackers gained access using the username and password of an ICS administrator, Travelers said. ICS told the insurer of the attack during the application process and said it improved the company’s cybersecurity.

Travelers said it wants the court to declare the insurance contract null and void, rescind the policy, and declare it has no duty to indemnify or defend ICS for any claim.

Travelers Property Casualty Co. of America v. International Control Services Inc., No. 22-cv-2145

Was this article valuable?

Here are more articles you may enjoy.

Latest Comments

  • January 25, 2023 at 1:22 pm
    Carl "The Cyber Security Guy" de Prado says:
    It is no secret that cyber security risks are on the rise. The more devices and data we put on the Internet, the higher the risk of a breach or attack. No one wants to be the ... read more
  • July 19, 2022 at 3:35 pm
    Steve says:
    Tell all your clients there a Misrepresentation clause in all the policies, not just Cyber. It can used, rightly so, to deny the claim.
  • July 16, 2022 at 4:54 pm
    Tom says:
    This is why I tell people who get cyber insurance to read and comply with the policies. I see it periodically where people want cyber insurance but don't read the policy's co... read more

Add a CommentSee All Comments (3)Add a Comment

Your email address will not be published. Required fields are marked *


More News
More News Features