In what may be one of the first court filings of its kind, insurer Travelers is asking a district court for a ruling to rescind a policy because the insured allegedly misrepresented its use of multifactor authentication (MFA)—a condition to get a cyber policy.
According to a July 6 filing in U.S. District Court for the Central District of Illinois, Travelers said it would not have issued a cyber insurance policy in April to Decatur, Ill.-based electronics manufacturing services company International Control Services (ICS) if the insurer knew the company was not using MFA as it said. Additionally, Travelers wants no part of any losses, costs, or claims from ICS—including from a May ransomware attack ICS suffered.
Travelers alleged ICS submitted a cyber policy application signed by its CEO and “a person responsible for the the applicant’s network and information security” that the company used MFA for administrative or privileged access. However, following the May ransomware event, Travelers first learned during an investigation that the insured was not using the security control to protect its server and “only used MFA to protect its firewall, and did not use MFA to protect any other digital assets.”
Therefore, statements ICS made in the application were “misrepresentations, omissions, concealment of facts, and incorrect statements”—all of which “materially affected the acceptance of the risk and/or the hazard assumed by Travelers,” the insurer alleged in the filing.
ICS was the victim of a ransomware attack in December 2020 when hackers gained access using the username and password of an ICS administrator, Travelers said. ICS told the insurer of the attack during the application process and said it improved the company’s cybersecurity.
Travelers aid it wants the court to declare the insurance contract null and void, rescind the policy, and declare it has no duty to indemnify or defend ICS for any claim.
Travelers Property Casualty Co. of America v. International Control Services Inc., No. 22-cv-2145
(This article was originally published on our sister site, Insurance Journal. Reporter Chad Hemenway is the national editor of Insurance Journal)