What happens if an assured fails to disclose to the insurer the fact that special conditions were imposed by another insurer as part of another insurance contract? Could that amount to an actionable non-disclosure under s. 18 of the Marine Insurance Act (MIA) 1906? This was the main issue in Niramax Group Ltd v. Zurich Insurance plc  EWHC 535 (Comm). The assured, Niramax, is a company carrying out the business of waste collection and waste cycling from various sites in north-east England. Niramax held a suite of insurance policies with the insurer, Zurich, which provided cover for a variety of risks relating to its plant and machinery. One of these policies was a contractor’s plant policy which provided all risks cover for a mobile plant owned by the assured (the Policy). Niramax also held buildings cover separately with a variety of other insurers. One of these insurers was Millennium Insurance. In the process of providing insurance cover for a building owned by Niramax in 2014, a risk survey report was prepared by Millennium which laid out seven risk requirements. One of these requirements was the installation of a fire suppression system at the main recycling facility of Niramax located at Hartlepool. Even though the assured was reminded by Millennium of the need to install the fire suppression system on several occasions, the system was never installed and as a result special conditions stipulated by the policy came into force on 22 October 2014 increasing the deductible to £ 250,000 and requiring Niramax to self-insure for thirty five percent of the balance of any loss.
In December 2014, Niramax renewed its policy with Zurich on the mobile plant. In 2015, Niramax acquired another mobile plant (Eggersmann plant) and in September 2015, Zurich was persuaded to amend the Policy to extend cover to the newly acquired plant until the renewal date of mid-December 2015. On 4 December 2015, a fire broke out at Niramax’s premises and the Eggersmann plant along with the other plant was destroyed. Niramax made a claim, which, at trial was valued at around £ 4.5 million, under the Policy. The majority of the claim related to the loss of the Eggersmann plant, which was valued around £ 4.3 million. Zurich refused to pay stating that it was entitled to avoid the Policy for material non-disclosure and/or misrepresentation. Niramax brought the current proceedings against Zurich.
It was held that the assured’s non-compliance with risk requirements under the buildings policy with Millennium and the imposition of special terms under that policy were materials facts which needed to be disclosed under s. 18(1) of the MIA 1906. However, the insurer (Zurich) failed to demonstrate that, if the facts had been fully disclosed, the Policy for the plant (effected in December 2014) would have been renewed. On the other hand, Zurich was able to demonstrate that, if the facts had been fully disclosed (especially imposition of special circumstances for the assured company (Niramax) by another insurer), the extension of cover for the Eggersmann plant would have been refused. Accordingly, it was held that the insurer, Zurich, was entitled to avoid the cover for the endorsement under the Policy and no indemnity was due for the loss of the Eggermanns plant. The insurer was required to return the premium received for the endorsement. Otherwise, the original Policy stood and the insurer was bound to indemnify Niramax for the items of mobile plant which were covered by the original Policy (as renewed in December 2014) and damaged in the fire.
Two comments are in order. First, it is interesting to see that the trial judge (Mrs Justice Cockerril) found that the original policy stood (i.e. there was no inducement) even though it would have not been written on the same terms (i.e. with higher premium to reflect the correct multiplier) if full disclosure had been made by the assured. This certainly raises an interesting question going forward on the application of the test of inducement and seems to be at odds with the sentiments expressed by Clarke, LJ, in Assicurazioni Generali SpA v. Arab Insurance Group  EWCA Civ 1642;  Lloyd’s Rep IR 131, at  (emphasis added): In order to prove inducement the insurer or reinsurer must show that the non-disclosure or misrepresentation was an effective cause of his entering into the contract on the terms on which he did. He must therefore show at least that, but for the relevant non-disclosure or misrepresentation, he would not have entered into the contract on those terms. On the other hand, he does not have to show that it was the sole effective cause of his doing so.
Second, the contract was obviously concluded before the Insurance Act 2015 (IA) came into force but is highly unlikely that the application of the AA 2015 would have led to a different outcome. The materiality test applicable under the IA 2015 (under s. 7(3) of the IA 2015) is practically the same and there is still a need to prove inducement for actionable non-disclosure under the 2015 Act.
Another cyber-attack labelled ‘Microsoft Exchange Email hacks’ hits the news again! This attack has been concerningly described as ‘zero day’ attack. A zero-day attack means that the points of vulnerability were unknown before the attack therefore the cyber-attack occurs on the same day that the weakness is discovered in the software. Like so many things happening around the world at this point, the race is on to get on top of these attacks which are believed to be state sponsored and cultivated in China by the hacking group Hafnium. Chinese government denies any involvement. This method of attack has already been replicated and used to infiltrate companies and public bodies in more than 115 countries around the world. It is still early days, so many UK companies may still be unaware that their systems have been hacked. The European Banking Authority has reported that their system has been compromised and that there is a possibility that personal data has been exposed.
Microsoft announced that the hacking group exploited four (4) zero-day vulnerabilities in the server’s system to enter the Microsoft Exchange Server which is used by large corporations and public bodies across the world. The calendar software of governments and data centres were also compromised. The hackers also sometimes used stolen passwords to gain unauthorized access to the system. The hackers would then take control of the server remotely and steal data from the network. The attack has affected thousands around the world.
Tom Burts, a VP at Microsoft described in a sequential order how the attack was carried out;
First, it would gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access.
Second, it would create what’s called a web shell to control the compromised server remotely.
Third, it would use that remote access – run from the U.S. based private servers to steal data from an organization’s network.
What is not affected?
The identified vulnerabilities do not affect Exchange Online, Microsoft’s cloud-based email and calendar services that’s included in commercial Office 365 and Microsoft 365 subscriptions.
In response Microsoft issued a software update for its 2010, 2013, 2016 and 2019 versions of Exchange. The UK National Cybersecurity Centre, the US and the Norwegian governments are already issuing warnings and guidelines to businesses about the hacks.
But what does this mean for insurers?
This is an extra dent in the cyber security efforts of companies and public bodies yet another opportunity for a lesson to the insurance market of the potential global and high aggregate loss from just one attack. This incident is another illustration of how susceptible computer systems and servers are to cyber-attacks. Similarly, it is another indication to corporations and public bodies that foreign entities are working assiduously to identify and exploit vulnerabilities within their systems to achieve their motives, whatever they may be. So far, the impact is widespread, and victims include organisations such as infectious disease researchers, law firms, higher education institutions, defence contractors, NGOs. Cybersecurity group Huntress has reported many of their partners servers have been affected and they include small businesses for example small hotels, ice cream company, senior citizen communities, banks, local government and electricity companies.
In light of the recent business interruption decision from the Supreme Court, it will be interesting to see how many of these UK companies will present their claims to insurers and how insurers will respond to claims from assured whose businesses may have been interrupted by the Exchange Email hacks.
There will be gaps and exclusions in these Business Interruption policies which may not provide adequate protection against cyber risks so it is the assured with a cyber risk policy / insurance coverage who will be the most protected during and after these attacks.
Applicable cyber insurance clauses and possible response of insurers
Most cyber insurance policies cover data loss and business interruption as a result of a security breach so this will not be much of an issue for assureds with cyber insurance coverage. There are exclusions in most cyber insurance policies which may leave an assured vulnerable when hacking of this nature (Microsoft Exchange hack) occurs. Let us consider some of these exclusions and their potential impact further:
for repairing, replacing or restoring the Insured’s Computer System to a level beyond that which existed prior to any Claim or Loss;
The inclusion of this or any clause with similar wording means the assured may not be covered for the expenses and cost incurred to hire experts to identify or remediate vulnerabilities within their IT systems. Consequently, the assured will not be indemnified for the expenses or costs incurred to install the patches as recommended by Microsoft as these will be classified as updates or enhancement to the computer system beyond a level that which existed prior to the security breach.
We will not make any payment for any claim, loss or any other liability under this section directly or indirectly due to:
Any failure or interruption of service provided by an internet service provider, telecommunications provider, utilities supplier or other infrastructure provider. However, this exclusion does not apply where you provide such services as part of your business.
ii. failure or malfunction of satellites or of power, utility, mechanical or telecommunications (including internet) infrastructure or services that are not under the insured organization’s direct operational control.
Third party providers
arising out of the failure of any third party provider including any utility, cloud, internet service provider or telecommunications provider, unless arising from a failure of the Insured to protect against unauthorised access to, unauthorised use of, or a denial of service attack or damage, destruction, alteration, corruption, copying, stealing or misuse by a Hacker of the Insured’s Computer system;
ii. The Insurer shall not be liable to indemnify the Insured against any Loss arising as a result of the failure of a third party service provider or cloud provider unless they are hosting hardware or software that is owned by the Insured.
Could the relationship between Microsoft and its clients fall into the category of ‘other infrastructure provider’ to relieve the insurer of any liability to the assured? As software service providers of Microsoft 365 and Azure it will be no surprise to see claims being denied based on clauses with the same or similar wording. However, the assured may object to the insurer’s denial of the claim by the applying ejusdem generis rule in stating that ‘or other infrastructure provider’ should be limited to companies such as Virgin Media, British Gas or Welsh Water and not extend to software providers. According to Cambridge dictionary, infrastructure as it relates to IT means the ‘equipment, software, etc. that a computer system needs in order to operate and communicate with other computers.’ If this definition is accepted by the parties, the challenge for the insurer will be to establish that the Microsoft Exchange Server qualifies as a software needed for a computer system to operate and communicate with other computers. Rather, the function of the Microsoft exchange server is to aid with email storage and calendaring and is unrelated to other operational functions necessary to communicate with other computers.
Certainly ‘infrastructure or services that are not under the insured organization’s direct operational control’ will create less problems for the insurer to establish that the exclusion applies as this broad construction will exclude losses and expenses from incidents such as Microsoft Email Exchange Hack.
which results, directly or indirectly, from access to, confiscation or destruction of the Insured’s Computer system by any government, governmental agency or sub-agency, public authority or any agents thereof;
Since the Microsoft Exchange Email are believed to be carried out by Hafnium which is a government backed group, it is reasonable to identify them as agents of the government of China. Therefore, assureds whose policies include a government intrusion exclusion may be denied coverage for their loss or expenses arising directly or indirectly from access to or destruction of the assured’s computer system by groups such as Hafnium.
Conclusion and the way forward
As aforementioned, it is early days and the real financial impact if any from these attacks are not yet known. However, what is certain is that hackers, whether state sponsored are not are using very sophisticated techniques to identify and exploit vulnerabilities within computer servers and networks. Therefore, companies and public bodies must continue to invest in employee training and take reasonable steps to manage and mitigate their losses from potential cyber-attacks which unfortunately will happen at one point. Among those decisions should be the purchase of cyber insurance policies that addresses the needs of the business with particular attention being placed on the exclusions clauses and ensuring that as an assured you are adequately protected against the cybersecurity risks to which you are most directly and indirectly prone .
While large corporations and government entities may have the requisite IT expertise to support them, the real concern remains for those small and medium sized businesses that do not have the resources for a complete check and cleaning of their systems. Therefore, larger corporations within the supply chain must offer their expertise to the small and medium sized businesses with which they trade to respond to this and other cyber security threats. Since Microsoft Exchange Online servers have not been affected, many small and medium sized businesses may begin to switch to using cloud-based email storage. However, this does not mean they will be immune from cyber-attacks.
Tokio Marine in their Cybersecurity Insurance Policy wording 0417 went as far as to include a list of reasonable steps that an insured should take to avoid / mitigate their loss and these along with government and industry guidelines should be a good starting point in your fight against cyber attacks and their debilitating impacts.
Reasonable steps to avoid Loss
The Insured shall protect its Computer system by:
a. having Virus protection software operating, correctly configured and regularly or automatically updated;
b. updating Computer systems with new protection patches issued by the original system or software manufacturer of supplier;
c. having a fire wall or similar configured device to control access to its Computer system;
d. encrypting and controlling the access to its Computer system and external devices including plug-in devices networked to its Computer system;
e. controlling unauthorised access to its Computer system by correctly configuring its wireless network;
f. changing all passwords on information and communication assets at least every 60 days and cancel any username, password or other security protection once an Employee’s employment has been terminated or after it knew or had reasonable grounds to suspect that it had become available to any unauthorised person;
g. taking regular back-up copies of any data, file or programme on its Computer system are taken and held in a secondary location;
h. having an operational system for logging and monitoring user activity on its Computer system;
i. remote wipe functionality is installed and enabled on all portable devices where such functionality is available
So far, P&I Insurance has operated continued to afford liability cover without any specific exclusions for incidents arising out of COVID-19. However, fixed premium and Charterers’ P&I covers are reinsured outside the International Group’s Pooling Agreement and with effect from 20.2.2021 and will be subject to the Coronavirus Exclusion Clause (LMA 5395) and The Cyber Endorsement (LMA 5403) in the Rules for Mobile Offshore Units (MOUs).
The coronavirus exclusion for marine and energy provides:
“This clause shall be paramount and shall override anything contained in this insurance inconsistent therewith.
This insurance excludes coverage for:
1) any loss, damage, liability, cost, or expense directly arising from the transmission or alleged transmission of:
a) Coronavirus disease (COVID-19);
b) Severe Acute Respiratory Syndrome Coronavirus 2 (SARS-CoV-2); or
c) any mutation or variation of SARS-CoV-2;
or from any fear or threat of a), b) or c) above;
2) any liability, cost or expense to identify, clean up, detoxify, remove, monitor, or test for
a), b) or c) above;
3) any liability for or loss, cost or expense arising out of any loss of revenue, loss of hire,
business interruption, loss of market, delay or any indirect financial loss, howsoever
described, as a result of any of a), b) or c) above or the fear or the threat thereof.
All other terms, conditions and limitations of the insurance remain the same.”
Gard have recently announced that they will offer Members and clients in respect of the categories of covers listed below a special extension of cover. The extension of cover (hereinafter referred to as the ‘Special Covid-19 Extension’) shall comprise liabilities, losses, costs and expenses falling within the scope of terms of entry agreed but for the Coronavirus Exclusion Clause (LMA 5395) and subject to a sub-limit of USD 10 million per ship or vessel per event. This extension does not apply to the Cyber Endorsement.
Financial Conduct Authority v. Arch Insurance (UK) and Others  UKSC 1
This was a test case brought by the Financial Conduct Authority (FCA) on behalf of holders of business interruption policies. During the spring national lock-down (in 2020), businesses which held such policies made claims from their insurers but most of these claims were denied on the premise that the wording used in such policies was not broad enough to provide indemnity to the policy holders. In particular, the focus turned on business interruption policies that provided cover for infectious and notifiable diseases (disease clauses) and prevention of access and public authority clauses and restrictions (prevention of access clauses). The FCA selected a representative sample of 21 types of policies issued by eight insurers for the test case. It is believed that the outcome of the case could be relevant for 370,000 businesses holding similar policies issued by 60 different insurers. The High Court delivered its judgment on 15 September  EWHC 2448 (Comm) mainly in favour of the assureds. Using leapfrog appeal procedure, the FCA and six insurers appealed to the Supreme Court composed of Lords Reed, Hodge, Briggs, Hamblen and Leggatt.
The judgment of the Supreme Court is very technical and lengthy (112 pages) but is no doubt a great victory for holders of such policies. The analysis below will focus on the key points made by the Supreme Court.
When a business interruption policy provides cover for losses emerging from “any occurrence of a Notifiable Disease within a radius of 25 miles of the premises” what does that exactly mean? Does it mean that cover is available for business interruption losses as long as it could be shown that they resulted from the occurrence of the disease within the radius? Or does the clause provide cover as long as there is one case of illness caused by the disease within that radius? Naturally, the former construction would restrict the limit of cover as in most cases it would be impossible to show that the losses resulted from the localised occurrence of the disease as opposed to the wider pandemic and government restrictions generally. The High Court went along with the latter construction which the Supreme Court was prepared to accept with a slightly different reasoning. The Supreme Court by making reference to the wording of the clause, especially the emphasis in the clause on “any occurrence of a Notifiable disease”, indicated that the wording of the clause is adequate to provide cover for the business interruption caused by any cases of illness resulting from Covid-19 that occur within 25 miles of the business premises.
Prevention of Access
It has been stressed that such clauses generally provide cover for business interruption losses resulting from public policy intervention preventing access to or use of the insured premises. A legal deliberation was necessary to determine the nature of public policy intervention required to trigger such clauses. The Supreme Court agreed with the High Court’s analysis on this point to the effect that “restrictions imposed” by a public authority should be understood as ordinarily meaning mandatory measures “imposed” by the authority pursuant to its statutory or other legal powers and the word “imposed” connotes compulsion and a public authority generally exercises compulsion through the use of such powers. On that premise, Prime Minister’s instructions in a public statement of 20 March 2020 to named businesses to close was capable of being a “restriction imposed” regardless of whether it was legally capable of being enforced as it was a clear, mandatory instruction given on behalf of the UK government.
In some hybrid policies a different wording is used such as “inability to use” or “prevention of access” or “interruption”. The Supreme Court was inclined to construe such wordings broadly. For example, in policies where the insurance provides cover when there is “inability to use” the premises, the Supreme Court was adamant that the requirement is satisfied either if the policyholder is unable to use the premises for a discrete part of its business activities or it is unable to use a discrete part of its premises for its business activities as in both of these situations there is a complete inability to use. This construction opens the door for businesses in hospitality sector which can do only take-away meals for the loss of their in-person business. Similarly, the Supreme Court rejected insurers’ argument that the hybrid policy that refer to “interruption” implies a “stop” or “break” to the business as distinct from an interference, holding that the ordinary meaning of “interruption” is capable of encompassing interference or disruption which does not bring about a complete cessation of business activities, and which may even be slight.
Insurers argued that traditional causation test applied in insurance law should not be adopted as the appropriate test in the context of construing relevant provisions of business interruption policies. Instead, it was argued, that is should be necessary to show, at a minimum, that the loss would not have been sustained “but for” the occurrence of the insured peril. In their view, it was necessary for the business to show that the insured peril had operated to cause the loss; otherwise due to the widespread nature of the pandemic it would be very easy for holders of such policies to show business interruption losses even if the insured risk had not occurred. The obvious objective for developing this contention was to limit the scope of cover provided by such policies as otherwise (if the traditional causation rules were to apply in this context) businesses operating in locations which have no or few cases of the illness could still recover under the policy even though the loss in those instances is caused by disruption occurring outside the radius (or nationally).
In developing their argument, insurers relied heavily on the decision in Orient-Express Hotels Ltd v Assicurazioni General SpA  EWHC 1186 (Comm);  Lloyd’s Rep IR 531. In that case, the claim was for business interruption losses caused by Hurricanes Katrina and Rita. The insured premises in question were a hotel in New Orleans. There was no dispute that the insured property suffered physical damage as a result of the hurricanes. When it came to the business interruption losses, however, insurers in Orient-Express case successfully argued that there was no cover because, even if the hotel had not been damaged, the devastation to the area around the hotel caused by the hurricanes was such that the business interruption losses would have been suffered in any event. Accordingly, the necessary causal test for the business interruption losses could not be met because the insured peril was the damage alone, and the event which caused the insured physical damage (the hurricanes) could be set up as a competing cause of the business interruption. The High Court chose to distinguish Orient Express from the current litigation on matters of construction. The Supreme Court went further and decided that Orient-Express was wrongly decided and should be overruled. Analysing the facts of Orient-Express case the Supreme Court reached the conclusion that business interruption loss arose there because both as a result of damage to the hotel and also damage to the surrounding area as a result of hurricanes. Therefore, there two concurrent causes were in operation, each of which was by itself sufficient to cause the relevant business interruption but neither of which satisfied the “but for” test because of the existence of the other. In such a case when both the insured peril and the uninsured peril which operates concurrently with it arise from the same underlying fortuity (i.e. the hurricanes), then provided that damage proximately caused by the uninsured peril (i.e. damage to the rest of the city) is not excluded, loss resulting from both causes operating concurrently is covered.
Accordingly, the Supreme Court rejected insurers’ argument, holding that the “but for” test was not determinative in ascertaining whether the test for causation has been satisfied under the insuring clauses analysed as part of the test case. The traditional principles of causation should, therefore, be applied. The Supreme Court on this point concluded at 
“there isnothing in principle or in the concept of causation which precludes an insured peril that in combination with many other similar uninsured events brings about a loss with a sufficient degree of inevitability from being regarded as a cause – indeed as a proximate cause – of the loss, even if the occurrence of the insured peril is neither necessary nor sufficient to bring about the loss by itself.”
Applying the traditional proximity test, essentially enables business to recover under such policies simply by proving a link between the local occurrences and the national reaction even if the “but for test” is not satisfied.
Some Further Remarks
The judgment is legally binding on the eight insurers that agree to be parties to the test case but it provides guidance for the interpretation of similar policy wordings and claims. However, it should not be ignored that there are still many policy wordings not tested or considered by this decision. There is no doubt that the decision is welcomed by businesses that have been adversely affected from the global pandemic and have failed to rely on their business interruption policies. Was this a case simply concerning construction of certain insurance contracts or other considerations (i.e. impact of the pandemic on social and economic life) played a significant role? The answer is probably the latter even though insurers throughout the litigation maintained that “one simply should not be allowed to rewrite an insurance contact to expand the scope of the indemnity”. But isn’t this the nature of test cases, i.e. judges are usually required to pass moral, ethical judgments on an issue that has significant implications on a part of the society? The global pandemic had significant implications on our lives and economy and at times like this it is inevitable that a judgment needs to be made as to where the economic loss resulting from the pandemic should fall. This is what the UK Supreme Court did here!
As expected the UK government has made a fresh declaration agreeing to be bound by the Hague Convention on Choice of Law 2005 in its own right from the end of the transition period at 11pm, UK time, on 31 December 2020. It states “With the intention of ensuring continuity of application of the 2005 Hague Convention, the United Kingdom has submitted the Instrument of Accession in accordance with Article 27(4) of the 2005 Hague Convention. Whilst acknowledging that the Instrument of Accession takes effect at 00:00 CET on 1 January 2021, the United Kingdom considers that the 2005 Hague Convention entered into force for the United Kingdom on 1 October 2015 and that the United Kingdom is a Contracting State without interruption from that date.”
It has also made a reservation under art 21 of the Convention that it will not apply the Convention to insurance contracts except as stated below.
(a) where the contract is a reinsurance contract;
(b) where the choice of court agreement is entered into after the dispute has arisen;
(c) where, without prejudice to Article 1 (2) of the Convention, the choice of court agreement is concluded between a policyholder and an insurer, both of whom are, at the time of the conclusion of the contract of insurance, domiciled or habitually resident in the same Contracting State, and that agreement has the effect of conferring jurisdiction on the courts of that State, even if the harmful event were to occur abroad, provided that such an agreement is not contrary to the law of that State;
(d) where the choice of court agreement relates to a contract of insurance which covers one or more of the following risks considered to be large risks:
(i) any loss or damage arising from perils which relate to their use for commercial purposes, of, or to:
(a) seagoing ships, installations situated offshore or on the high seas or river, canal and lake vessels;
(c) railway rolling stock;
(ii) any loss of or damage to goods in transit or baggage other than passengers’ baggage, irrespective of the form of transport;
(iii) any liability, other than for bodily injury to passengers or loss of or damage to their baggage, arising out of the use or operation of:
(a) ships, installations or vessels as referred to in point (i)(a);
(b) aircraft, in so far as the law of the Contracting State in which such aircraft are registered does not prohibit choice of court agreements regarding the insurance of such risks;
(c) railway rolling stock;
(iv) any liability, other than for bodily injury to passengers or loss of or damage to their baggage, for loss or damage caused by goods in transit or baggage as referred to in point (ii);
(v) any financial loss connected with the use or operation of ships, installations, vessels, aircraft or railway rolling stock as referred to in point (i), in particular loss of freight or charter-hire;
(vi) any risk or interest connected with any of the risks referred to in points (i) to (v);
(vii) any credit risk or suretyship risk where the policy holder is engaged professionally in an industrial or commercial activity or in one of the liberal professions and the risk relates to such activity;
(viii) any other risks where the policy holder carries on a business of a size which exceeds the limits of at least two of the following criteria:
(a) a balance-sheet total of EUR 6,2 million;
(b) a net turnover of EUR 12,8 million;
(c) an average number of 250 employees during the financial year.
2. The United Kingdom of Great Britain and Northern Ireland declares that it may, at a later stage in the light of the experience acquired in the application of the Convention, reassess the need to maintain its declaration under Article 21 of the Convention.”
Last year we commented on Young v. Royal and Sun Alliance plc  CSOH 32 which was the first case to be decided under the Insurance Act (IA) 2015. The Scottish appeal court (Inner House, Court of Session) has recently upheld the first instance decision  CSIH 25.
Let us remind our readers the facts of the case briefly. The co-assureds (Mr Young and Kaim Park Investments Ltd, a company of which Mr Young was a director) brought a claim of £ 7.2 million for extensive fire damage to commercial premises insured. The insurer, Royal and Sun Alliance plc, rejected the claim on the basis that the assured failed to disclose material information in breach of the duty of fair presentation under the Insurance Act (IA) 2015. The policy had been entered through an insurance broker. The assured was requested by the insurance broker to fill in a proposal form which was prepared using the broker’s software. One part of the proposal form required the proposer to select from various options in a drop-down menu. The instruction read: “Select any of the following that apply to any proposer, director or partner of the Trade or Business or its Subsidiary Companies if they have ever, either personally or in any business capacity: …” The drop-down menu that followed this instruction included an option that any of the persons identified had been declared bankrupt or insolvent. Neither Mr Young nor Kaim Park Investments had been declared bankrupt or insolvent, however, Mr Young had previously been a director of four other companies which had entered into insolvency. The option which was selected on the proposal form was “None”. Accordingly, the proposal forwarded to the insurer showed the option selected, i.e. “None”, and the list of persons to which the declaration related. Once receiving the presentation, the insurer sent an e-mail to the brokers providing a quote for cover and a list of conditions. The conditions, inter alia, included: “Insured has never been declared bankrupt or insolvent.”
Before the commercial judge, Lady Wolffe, the assured’s argument was that the insurer’s e-mail response amounted to a waiver by the insurer of its right to receive the undisclosed information regarding the four insolvent companies. Section 3(5)(e) of the IA stipulates that the assured is not required to disclose a circumstance “if it is something as to which the insurer waives information.”
It needs to be stressed that the introduction of the IA 2015 does not alter the legal position with regard to waiver established by case law pre-dating the 2015 Act. On that basis, with reference to Doheny v. New India Assurance Co  1 All ER (Comm) 382, the commercial judge indicated that waiver could be established in a case where the insurer had asked a “limiting question” such that the assured could reasonably infer that the insurer had no interest in knowing information falling outwith the scope of the question. The classic example is where the proposal form asks about convictions within the last 5 years and which can instruct waiver of information about convictions more than 5 years ago. This was not held to be the case here and accordingly it was held that there was no waiver on the part of the insurer with regard to the information not fully disclosed (i.e. the involvement of Mr Young in four insolvent companies).
The assured appealed. The main argument brought forward by the assured was that by showing that it was interested in one aspect of Mr Young’s experience of insolvency, the insurer had impliedly demonstrated that it was not interested in others, and, therefore restricted Mr Young’s duty of disclosure. The Court of Session indicated that the commercial judge successfully identified relevant legal principles in that to found implied waiver of the insurer of this nature it is necessary to show that it made an inquiry directing the assured to provide certain information but no other information. This means that the appeal turned on the construction of a single email sent by the insurer to the brokers when providing a quote (during the pre-contractual stage). The Inner Court found that there was nothing in the email that amounted to an inquiry. Essentially, the insurers were responding to the broker’s request to provide a quotation based on the information provided. The response of the insurers in the relevant email was, therefore, an offer to insure on a variety of terms and conditions. It was not an inquiry and did not amount to limited concern of Mr Young’s past experience of insolvency that excluded the undisclosed information from which he was required to disclose for fair presentation of the risk. The insurer was accordingly entitled to avoid the policy.
It is hard to suggest that the case establishes any novel point with regard to “implied waiver” of the duty of disclosure on the part of the assured by the insurer. Although, this is a Scottish case, it is very much in line with the pre-Act English law authorities and essentially turns on the impression an insurer’s response to a disclosure might create on the mind of a reasonable assured. If it can be said that insurer’s answer amounts to an inquiry (judged from the perspective of a reasonable assured) there could be a possibility of arguing that the relevant assured could infer that the insurer had no interest in knowing information falling outside the scope of that inquiry. Otherwise, there will be no issue of waiver by asking “limiting questions”. The judgment is obviously not binding on English courts but one suspects that it is one that will be referred to not only because it is the first case under the IA 2015 but also as it relies on principles developed by English courts pre-dating the IA 2015 which obviously remain relevant at least in the context of establishing “waiver of disclosure” by the insurer.
The Spanish government and SS Mutual are clearly digging in for the long haul over the Prestige pollution debacle eighteen years ago. To recap, the vessel at the time of the casualty was entered with the club under a contract containing a pay to be paid provision and a London arbitration clause. Spain prosecuted the master and owners and, ignoring the arbitration provision, came in as partie civile and recovered a cool $1 bn directly from the club in the Spanish courts. The club meanwhile obtained an arbitration award in London saying that the claim against it had to be arbitrated not litigated, which it enforced under s.66 of the AA 1996 and then used in an attempt to stymie Spain’s bid to register and enforce its court judgment here under Brussels I (a bid now the subject of proceedings timed for this coming December).
In the present proceedings, London Steam-Ship Owners’ Mutual Insurance Association Ltd v Spain (M/T PRESTIGE)  EWHC 1582 (Comm) the club sought essentially to reconvene the arbitration to obtain from the tribunal an ASI against Spain and/or damages for breach of the duty to arbitrate and/or abide by the previous award, covering such things as its costs in the previous s.66 proceedings. By way of machinery it sought to serve out under s 18 of the 1996 Act. Spain claimed sovereign immunity and said these further claims were not arbitrable.
The immunity claim nearly succeeded, but fell at the last fence. There was, Henshaw J said, no agreement to arbitrate under s.9 of the State Immunity Act 1978, which would have sidelined immunity: Spain might be bound not to raise the claim except in arbitration under the principle in The Yusuf Cepnioglu  EWCA Civ 386, but this did not amount to an agreement to arbitrate. Nor was there, on the facts, any submission within s.2. However, he then decided that s.3, the provision about taking part in commercial activities, was applicable and allowed Spain to be proceeded against.
Having disposed of the sovereign immunity point, it remained to see whether the orders sought against Spain — an ASI or damages — were available in the arbitration. Henshaw J thought it well arguable that they were. Although Spain could not be sued for breach of contract, since it had never in so many words promised not to sue the club, it was arguable that neither Brussels I nor s.13 of the 1978 Act barred the ASI claim in the arbitration, and that if an ASI might be able to be had, then there must be at least a possibility of damages in equity under Lord Cairns’s Act.
No doubt there will be an appeal. But this decision gives new hope to P&I and other interests faced with opponents who choose, even within the EU, to treat London arbitration agreements as inconsequential pieces of paper to be ignored with comparative immunity.
More than 300 small and medium sized businesses have formed an action group (Hiscox Action Group) with a view to bringing a class action against Hiscox’s decision to refuse payment under its commercial business interruption policies. It now looks like the Financial Conduct Authority (FCA) will also be involved in the ongoing debate by seeking clarity from the courts about whether the wording of some business interruption insurance policies should provide cover as a result of the pandemic. Although this particular class action might involve Hiscox, there is no doubt that other insurers, such as AXA, Allianz, RSA, QBE and Zurich, might face potential multi-million pound lawsuits from businesses such as hotels, pubs, restaurants and leisure groups that allege legitimate business interruption claims have been rejected by their insurers.
The legal issue at stake here is a matter of construing the scope of such policies. Several assureds claim that their policies specifically provide cover for the “inability to use the insured premises due to restrictions imposed by a public authority following an occurrence of any human infectious or human contagious disease.” However, Hiscox and other insurers are arguing that cover is only available under such policies if “there is an incident within a mile radius of the insured building” and therefore unless the businesses are closed by authorities due to outbreak of the disease at the premises, the relevant business interruption policy will not respond.
On several occasions, courts have adopted purposive interpretation techniques when construing terms in commercial contracts. Lord Clarke, famously, in Rainy Sky S.A. and others v. Kookmin Bank  UKSC 50 stipulated [at 14]: “The ultimate aim of interpreting a provision in a contract, especially a commercial contract, is to determine what the parties meant by the language used, which involves ascertaining what a reasonable person would have understood the parties to have meant”.
On that basis, taking into account the wording in question, it will be hard to say that a reasonable person would not have understood the parties to have meant that cover would not be available if the commercial activities of a business are restricted due to restrictions imposed by authorities following an occurrence of any human infectious or human contagious disease. That said, more recently the Supreme Court seemed to be trending back towards the literal approach moving away from the contextual approach. See, for example, Arnold v. Britton  UKSC 36 where Lord Neuberger [at 17] stated that “the reliance placed in some cases on commercial common sense and surrounding circumstances … should not be invoked to undervalue the importance of the language of the provision which is to be construed.”
The Supreme Court in Wood v. Capita Insurance Services Ltd  UKSC 24 attempted to reconcile these authorities by confirming the validity of both literal and contextual approaches to contract construction. Lord Hodge [at 13] explained the appropriate approach in the following fashion:
“The extent to which [textualism or contextualism] will assist the court in its task will vary according to the circumstances of the particular agreement or agreements. Some agreements may be successfully interpreted principally by textual analysis, for example because of their sophistication and complexity and because they have been negotiated and prepared with the assistance of skilled professionals. The correct interpretation of other contracts may be achieved by a greater emphasis on the factual matrix, for example because of their informality, brevity or the absence of skilled professional assistance. But negotiators of complex formal contracts may often not achieve a logical and coherent text because of, for example, the conflicting aims of the parties, failures of communication, differing drafting practices, or deadlines which require the parties to compromise in order to reach agreement. There may often therefore be provisions in a detailed professionally drawn contract which lack clarity and the lawyer or judge in interpreting such provisions may be particularly helped by considering the factual matrix and the purpose of similar provisions in contracts of the same type. …”
This approach indicates that a more contextual approach can be adopted in construing some commercial contracts. The key question will be whether standard business interruption policies sold to small and medium sized businesses can be viewed as sophisticated contracts negotiated and prepared with the assistance of skilled professionals? That is highly doubtful! So, there might be room for the courts to adopt a more contextual approach when it comes to construing such contracts bearing in mind the factual matrix. Defining the factual matrix in this context will not be an easy task but the approach taken by courts when construing the scope of professional indemnity policies in actions brought by those who suffered from mesothelioma or their families (Employers’ Liability Policy Trigger Litigation Durham v. BAI  UKSC 14) might give clues as to the likely direction of travel in this context as well.
On the other hand, one appreciates the genuine concerns of insurers- providing indemnity for losses they did not intend to cover- will have implications on their businesses and also their re-insurance arrangements. They can plausibly argue that higher rate of premium would have been charged if they were expected to cover the financial losses emerging from a global pandemic.
One feels that a lengthy and tough legal battle lies ahead!
Although cyber risks insurance in the London market is fast growing, more clarity is needed as various types of clauses drafted by different insurers are in use creating an enormous degree of confusion for assureds as to the scope of the cover on offer. With the objective of providing added clarity, from 1 January 2020, Lloyd’s underwriters will be required to clarify whether first-party property damage policies affirm or exclude cyber cover.
This is certainly a positive development and with the aim to assisting in this process, the Lloyd’s Market Association (LMA) has recently published a number of new clauses for the property and marine markets that can be used with traditional lines of business, e.g. hull & machinery policies, war risks insurance policies for vessels and other offshore structure. It should be noted that clauses published by LMA are designed to act as “models” and are distributed for the guidance of its members, who are free to agree to different conditions or amend as they see fit.
The new clauses published by the LMA comprise a cyber endorsement (LMA5400) and exclusion clause for Property D&F (LMA5401) and a cyber endorsement (LMA5403) and exclusion clause for Marine (LMA5402). All clauses explicitly supersede or replace conflicting policy wording related to cyber loss and data.
Both the property endorsement and exclusion clauses exclude coverage for any cyber loss, as well as any costs related to the use or replacement of data. The endorsement does, however, affirm coverage for physical loss or damage to property caused by fire or explosion that results directly from a cyber incident, as well as coverage for physical damage related to data processing media owned by a policyholder.
The marine clauses, meanwhile, rule out coverage for any loss or expense related to the “failure, error or malfunction of any computer, computer system, computer software programme, code, or process or any other electronic system.” Similarly, they exclude coverage for “the use or operation, as a means for inflicting harm, of any computer, computer system, computer software programme, malicious code, computer virus or process or any other electronic system.” However, marine cyber endorsement clause makes it clear that if the clause is used with policies covering risks of war, civil war, revolution, rebellion, insurrection, or civil strife arising therefrom, or any hostile act by or against a belligerent power, or terrorism or any person acting from a political motive, the cover will be available for losses arising from the use of any computer, computer system or computer software programme or any other electronic system in the launch and/or guidance system and/or firing mechanism of any weapon or missile.
It should be noted that liability and treaty reinsurance policies will also be required to clarify whether they affirm or exclude cyber cover and these requirements will come into effect in two phases during 2020 and 2021.
Now briefly the facts! On 5 July 2011, on route to China with a cargo of fuel oil, the Brillante Virtuoso was boarded by pirates off Gulf of Aden. The pirates directed the vessel to Somalia but when the engine stopped and could not be re-started, they allegedly placed a detonator in the engine room causing huge damage to the vessel. The vessel was insured for $US 55 million with an additional $US 22 million increased cover with ten Lloyd’s underwriters. The underwriters refused to indemnify the assured (Suez Fortune Investments Ltd). The assured and its bank (Pireus Bank AE) as a co-assured under a composite policy brought a claim against the insurers.
In the first stage of the trial, the claimants were successful and Flaux, J, (as he then was) held that the vessel was a constructive total loss under s. 60(2)(i) of the Marine Insurance Act 1906 as she was damaged by an insured peril and the cost of repairs would exceed the insured value of the ship when repaired  EWHC 42 (Comm). In 2015, war risk underwriters alleged wilful misconduct. As the case proceeded the owner of the vessel, Mr Marios Iliopoulos, declined to provide electronic documents related to the case to his own counsel or to the counsel of underwriters, raising questions for the court. In 2016, the owner’s claim was struck out for a failure to comply with disclosure obligations and Flaux, J, was adamant that Mr Iliopoulos had invented a false story in an attempt to explain his failure to make disclosure. The claim was then pursued by the bank alone. The underwriters resisted the claim put forward by the bank alleging that the loss was caused deliberately by the assured and hence was not covered by the policy.
The case does not alter established legal principles in any significant manner. The burden of proving wilful misconduct or scuttling, on balance of probabilities, lies upon the insurers and as stressed by Neill, LJ, in The Captain Panagos DP  1 Lloyd’s Reports 33 at p. 43, “an inference of the owner’s guilt can properly be drawn if the probabilities point clearly and irresistibly towards his complicity.” On that premise, Teare, J, was convinced that the cause of loss was on balance of probability was “wilful miscounduct” of the assured. He pointed out to several inconsistencies in the owners’ account of the attack. For example, the incident occurred within Yemeni waters off Aden, a location where Somali pirates had never attempted a boarding before (and have not since). In VDR recordings, the attackers identified themselves as “security,” suggesting that if they were pirates, they would have had to have known that the vessel was awaiting a security detail. They brought with them an incendiary device. The master allowed them to come aboard, even though they were masked and armed and the ship was awaiting an unarmed security team. When directed to steer towards Somalia, the master selected a very different course, but the attackers did not detect this or correct it!
Accordingly, it was held that the supposed attack by pirates was a “fake attack”, and that in reality it was a charade orchestrated by the owner of the vessel, Mr Iliopoulos. It was also held that the vessel’s master and chief engineer were complicit in the scheme, alongside local Aden-based salvors, Poseidon Salvage, and current or former members of the Yemeni coast guard or navy.
An interesting point was raised by the bank in its submissions. On the assumption that the bank is insured under the policy as a composite co-assured, was it possible to argue that in the popular or business sense the owner of the vessel was a pirate, since they carried out the attack on a vessel (or instructed that the attack was to be carried out) with a motive of personal gain/to satisfy personal senses of vengeance/hatred? Teare, J was quick to dismiss this argument indicating that the violence to the vessel and the threat of violence to the crew would not qualify as piracy if carried out by the owners (or the conspirators) with the intention to defraud the insurers. This might seem an obvious point to some but is another clarification on the meaning of “piracy” for the purposes of marine insurance law. The bank’s attempt to argue that the loss was caused by “persons acting maliciously” also failed. Teare, J, quoting from the Supreme Court judgment in The B Atlantic UKSC 26 stressed that this peril involves an element of “spite or ill-will or the like in relation to the property insured or at least to other property or perhaps even a person” but he rightly indicated that those who were permitted to board the vessel did not act out of “spite or ill-will or the like” in relation to the vessel but did so on the request of the owner in order to assist him in his fraudulent plan to deceive the underwriters. Put differently, here the owner sought to damage his own property and the armed men sought to assist the owner, not to harm him.
The finding of the trial judge on the “wilful misconduct”
point was adequate to decide the case in favour of the war risk underwriters
insurers but it was briefly stated in the judgment that underwriters were also
successful on a number of subsidiary and alternative defences such as the
insured vessel being outside the geographical limits of policy (the so called
“Aden agreement” point) at the time of the alleged loss and breach of a
warranty that required compliance with advice and recommendations of an IMO
Circular concerning planning and operational practices for ship operators and
masters of ships transiting the Gulf of Aden and the Arabian Sea.
The case does not necessarily establish novel legal points
but a 52 day trial and a very lengthy judgment is a good illustration of the
work that needs to be carried out by lawyers and judges in cases where insurers
raise “fraud” as a defence to a claim under the policy.