Jump to Navigation | Jump to Content
 American Bar Association - Defending Liberty, Pursuing Justice ABA Logo

ABA Section of Business Law


ABA Section of Business Law
Business Law Today
September/October 1998

A Healthy Policy

What kind of insurance does your client company need against the Y2K bug?

By JAY W. EISENHOFER

Eisenhofer is a partner in Grant & Eisenhofer in Wilmington, Del.

At the turn of the century, thousands of businesses will be facing the Millennium Bug.

The cost of repair has been estimated at more than $600 billion. The actual impact on the economy will be much larger since it is inevitable that some companies will not adequately address the problem and that come the year 2000, those companies will suffer computer melt-downs and business interruptions that may cause lost sales as well as losses for their customers and suppliers. The costs of these computer failures and their ripple effect may dwarf the estimated $600 billion that corporate America will spend to try and alleviate the problem before the Bug strikes.

Whenever this much money is at stake, a legal dispute over blame and financial responsibility is sure to follow. One of the first places companies will look is to their insurance policies. Indeed, the insurance industry has already warned that it will not provide coverage for Y2K claims under existing policies. This article briefly explains the Millennium Bug and explores the battle lines already being drawn between insureds and insurers.

There are three possible sources of legal redress for businesses afflicted with the Bug: (1) software developers; (2) computer software systems consultants or outsourcing companies; and (3) insurance companies.

Each of these potential claims is fraught with legal and factual uncertainty as to liability and damages. For example, even if a customer can establish that its software developer or provider is liable for selling a defective product, the extent of that responsibility may still be an important issue. Litigation may not be worth the risk and expense if the customer's recovery will be limited to a refund of the software purchase price rather than full consequential damages for repair of the Bug.

This article focuses on possible insurance recoveries for Y2K-related costs. Before analyzing the different policies that may provide coverage, however, it is necessary to examine the various costs that may arise.

The first cost is that of fixing the problem, or remediation. That is currently estimated at approximately $600 billion for the economy as a whole.

Inevitably, some companies will fail to adequately address the problem. For example, a computer malfunction may cause a manufacturing plant to shut down, causing a business interruption. Or even worse, safety equipment may shut down, allowing a hazardous discharge. An oft-cited example is that cash registers may crash because of an inability to process credit cards. Here's a frightening prospect: A utility that suffers a computer shut down in the middle of winter, depriving an entire city of heat.

These types of problems will give rise to first-party losses as well as third-party claims. First-party losses will include lost sales for the business with the malfunctioning computer system. Third-party claims in the examples given above could include personal injury and property damage claims by persons affected by the hazardous discharge or business interruption claims by customers who do not receive their goods when they are due. The type and number of claims that could result from the utility example are, of course, practically unlimited.

All of these claims, in turn, may lead to shareholder claims against a company's officers and directors based either on inadequate disclosure of potential Y2K costs or failure to exercise appropriate oversight by failing to ensure that the company adequately and timely addressed the problem.

A number of insurance policies could possibly cover the types of damages and costs described above. This analysis is divided into first-party and third-party claims. First-party claims are claims for losses to the insured's own business and property. Third-party claims are claims for reimbursement or indemnity when an individual or company makes a claim against the insured.

One type of first-party insurance that could cover damages and costs associated with the Millennium Bug is property insurance or "all-risk" insurance. Property damage policies typically cover physical loss or damage to covered property. A typical "all-risk" policy covers all risks resulting from physical loss or damage. One of the "perils" included in some "all-risk" or property policies may be "physical loss or damage from any cause . . . to . . . [d]ata processing systems, computer systems or other electronic control equipment including component parts thereof." See Datatab Inc. v. St. Paul Fire and Marine Ins. Co., 347 F. Supp. 36, 37 (S.D.N.Y. 1972) (all-risk policy covered suspension of business due to loss of use of computer system).

Most all-risk and property policies also provide coverage for losses from the negligent provision of services. The issues that will be litigated with regard to coverage are whether the Millennium Bug falls into any of the above categories and whether the insured has suffered physical loss or damage.

At least some courts have held that damage to, or loss of, data does not constitute "physical" damage to tangible property as required by most property or all-risk policies. See, for example, Rockport Pharmacy Inc. v. Digital Simplistics Inc., 53 F.3d 195, 198 (8th Cir. 1995) (loss of data in a computer system is a commercial loss and not property damage); Lucker Mfg. v. Home Ins. Co., 23 F.3d 808, 818 (3d Cir. 1994) (tangible property does not include system designs); St. Paul Fire and Marine Ins. Co. v. National Computer Systems Inc., 440 N.W. 2d 626, 631 (Minn. Ct. App. 1992) (paper is tangible property but information on the paper is not tangible); State Farm Fire and Cas. Ins. Co. v. White, 777 F. Supp. 952, 955 (N.D.Ga. 1991) (same). These rulings suggest that data contained in a computer system is intangible and is thus incapable of physical injury.

An insured should not necessarily accept the result of these cases as gospel, however. Some courts have held that computer data is property, although most, but not all, of these cases were in the noninsurance context. See, for example, Retail Systems Inc. v. CNA Ins. Co., 469 N.W.2d 735, 737 (Minn. Ct. App. 1991) (computer tape and data are tangible property); Stern Electronics Inc. v. Kaufman, 669 F.2d 852, 856 (2d Cir. 1982) (sights and sounds of a computer game qualify for copyright protection).

Even assuming that computer data were to be deemed insured property, there will be the further question of whether the Bug causes physical loss or damage to the insured property. First, carriers will assert that there must be physical destruction of the insured property, which here would be either the computer, the computer program or the software data. The policyholder must argue that the Bug does physically damage the insured property since the Bug corrupts the program and data.

Insureds may also assert that the Bug causes a loss of use of insured property. Loss of use, without physical destruction, has been held in some cases as sufficient to establish physical loss or damage. See, for example, Sentinel Management Co. v. New Hampshire Ins. Co., 563 N.W.2d 296, 300 (Minn. Ct. App. 1997); Farmers Ins. Co. of Or. v. Trutnich, 858 P.2d 1332, 1335-36 (Or. Ct. App. 1993); American Motorists Ins. Co. v. Trane Co., 544 F. Supp. 669, 683 (W.D.Wis. 1982); Western Fire Ins. Co. v First Presbyterian Church, 437 P.2d 52, 55 (Colo. 1968); Hughes v. Potomac Ins. Co. of District of Columbia, 18 Cal. Rptr. 650, 655 (Cal. Ct. App. 1962).

Finally, there is a viable argument that Y2K remediation costs should be covered under what one court has described as the "ticking time bomb" scenario. In Eljer Mfg. Inc. v. Liberty Mut. Ins. Co., 972 F.2d 805, 810 (7th Cir. 1992), the Seventh Circuit ruled that physical injury may include the costs of fixing a dangerous product that "must be removed in order to prevent danger from materializing." The Eljer court compared the situation to a "ticking time bomb" in an airplane luggage compartment. Id. at 807. It makes no sense to rule that an insured is not entitled to coverage if it acts responsibly and incurs the costs of dismantling the bomb but is entitled to coverage if it allows the bomb to explode. Id. at 811-12.

The analogy to the Bug is readily apparent. The Bug is a problem set to occur in the year 2000. Failure to fix the problem will cause tremendous losses such as those described above as well as others we can only begin to imagine. Like the situation in Eljer, it makes no sense to deny coverage for the costs of Y2K remediation when failure to remediate will result in certain, catastrophic loss.

Another type of first-party insurance that could be called on to cover damages associated with the Millennium Bug is business interruption insurance. Under business interruption policies, the insurer agrees to indemnify the insured for any loss sustained from inability to continue to use the insured premises. The purpose of business interruption coverage is to compensate the insured for the loss of profits or earnings or to cover continuing expenses during the period of repair or restoration of the affected property. A business interruption policy may protect the insured against several types of hazards, including computer malfunction, but most policies do not provide coverage unless the lost income results from physical loss or damage. See Harry's Cadillac-Pontiac-GMC v. Motors Ins. Corp., 486 S.E.2d 249, 252 (N.C. Ct. App. 1997) (snowstorm does not constitute physical loss, so lost profits are not covered).

Moreover, most courts require a suspension of the insured's business in order for business interruption insurance to apply. In Home Indem. Co. v. Hyplains Beef, L.C., 893 F. Supp. 987, 991 (D.Kan. 1995), the court refused to provide coverage for lost income resulting from a computer system failure because the failure caused only a slowdown or reduction in business but not a suspension of operations. Some courts, however, have found coverage in other contexts based on a partial suspension of operations. See Georgia-Pacific Corp. v. Allianz Ins. Co., 977 F.2d 459, 463 (8th Cir. 1992); Studley Box & Lumber Co. v. Nat'l Fire Ins. Co., 154 A.337, 340 (N.H. 1931). Repairing the Millennium Bug problem may not involve the halting of all business operations until the problem is solved, but a partial suspension of certain computer operations is likely to occur.

Although first-party insurers will raise a plethora of defenses to Y2K coverage requests, their primary defenses are likely to be fortuity and the known loss doctrine. These related rules are often confused and lumped together, but they do differ in some important aspects.

The doctrine of fortuity provides that every insurance contract contains an implied requirement that a loss must be "fortuitous" for it to be a covered event. The Restatement defines fortuity as follows: [A] fortuitous event . . . is an event which, so far as the parties to the contract are aware, is dependent on chance. It may be beyond the power of any human being to bring the event to pass; it may be within the control of third persons; it may even be a past event . . . provided that the fact is unknown to the parties.

Restatement of Contracts § 291 cmt. a (1932). This definition emphasizes that the occurrence must be unplanned and unintentional in nature.

In most jurisdictions, fortuity is evaluated from a subjective standpoint - it is based on the knowledge of the insured. United States Liab. Ins. Co. v. Selman, 70 F.3d 684, 691 (1st Cir. 1995). However, there are a number of jurisdictions in which constructive knowledge of a loss (the insured should have known about it) has been held to render a loss nonfortuitous. Outboard Marine Corp. v. Liberty Mut. Ins. Co., 607 N.E.2d 1203, 1210-12 (Ill. 1992). If the insured knows (or, in a minority of jurisdictions, should have known) at the time the policy is issued that a loss has already occurred, that loss is not fortuitous. Pre-existing losses can, however, be fortuitous if they are not known to the insured when the policy is obtained.

A variation on the rule of fortuity is the known loss or loss-in-progress doctrine. Under the known loss (or loss in progress) doctrine, a loss that began to occur before the policy period began will be covered unless (1) the insured actually knew that the loss had begun to occur, or (2) "the insured [was] aware of a threat of loss so immediate that it might fairly be said that the loss was in progress and that the insured knew it at the time the policy was issued or applied for." Inland Waters Pollution Control Inc. v. National Union Fire Ins. Co., 997 F.2d 172, 176-78 (6th Cir. 1993). Mere knowledge of the risk of potential losses is generally not enough to negate coverage. After all, the purpose of insurance is to protect against known risks. The fact that in hindsight, a loss may now appear to have been certain, is not enough to defeat coverage.

Every commercial insured, subject to the notice provisions included in its policies, should have some policies that provide Y2K coverage that cannot be defeated by the doctrines of fortuity and known loss. Certainly, no insured intended to experience Y2K problems. Just as certainly, no commercial policyholder suffering Y2K problems purchased computers or software with knowledge that those computers and software would fail in the year 2000 because of the Y2K problem. However, since the Y2K problem has received tremendous publicity recently, companies may have purchased their most recent insurance policies with knowledge that the Y2K problem was looming before them and may even have purchased those insurance policies after already having begun to incur the costs of fixing the problem. The insurance companies providing coverage under such policies will have a much better argument that coverage under those policies, at least, is barred because, as to those recent policies, the Y2K problem is a nonfortuitous event and a known loss.

Simply put, the argument will be that the insureds knew about the problem, and in some cases had even begun to fix the problem, so it was a loss that had already taken place or was in progress. However, this will not prevent insureds, subject to notice provisions and statutes of limitations, to assert claims against earlier first-party insurance policies that provided coverage before the insureds knew about the Y2K problem.

Insurance company lawyers have already begun to publicly preach the party line. For example, insurance company lawyers have publicly predicted that there may not be first-party coverage for Y2K losses because those losses are not the sudden or unexpected events insurance is intended to protect against. They have stated that they expect insurers to take the position that losses are continuing, or that insureds now expect or know those losses are likely to occur, so there is no coverage.

In addition to first-party insurance, there are several types of third-party insurance that may provide coverage for Y2K-related losses. One of these types of insurance is commercial general liability (CGL) coverage. A typical CGL policy provides: We [the insurer] will pay those sums that the insured becomes legally obligated to pay as damages because of "bodily injury" or "property damage" to which this insurance applies.

Therefore, CGL coverage is available for the costs of defense and indemnity for claims brought by third parties for personal injury or property damage.

Under CGL policies, property damage is typically defined as "physical injury to tangible property, including all resulting loss of use of that property." Claims for lost profits and loss of use of computer equipment will raise the very same issues under CGL policies concerning the definition of property damage as was discussed above under first-party policies. Similarly, insurers will raise the defenses of fortuity and known loss.

Depending on how a court rules on trigger-of-coverage issues, these defenses may be even stronger in the third-party context than under first-party policies. For instance, if a court were to rule that the only CGL policy under which coverage is triggered is the policy that is actually in effect when a third-party makes a claim against the insured, the insurer will surely argue that the policyholder's failure to adequately address the Y2K problem rendered the claim "expected or intended."

However, that argument will not necessarily be available to insurance companies that provided coverage during earlier time periods. Thus, it will be crucial to determine which policies are triggered by Y2K claims. There are numerous possibilities:

  • Policies in effect when the defective software was purchased or installed.
  • Policies in effect when the defective software should have been discovered, i.e., when diligent companies first began to learn of the Y2K problem.
  • Policies in effect when a defect in a company's software was actually discovered.
  • Policies in effect from the point going forward when the insured thought that it had corrected the problem, in situations where the insured later finds out that the corrective measures were insufficient.
  • Policies in effect when damage or injury actually occurs and claims are brought, subject to the known loss or fortuity doctrines, as described above.
  • All policies in effect from the time the software was first sold or installed to the date of damage or injury.

Another type of third-party liability insurance is directors' and officers' liability (D&O) coverage. These policies are typically claims-made policies, covering claims against corporate officers and directors. The policies usually provide that: The insurer agrees to reimburse the individual insureds for the amount of loss . . . which such insured shall have sustained resulting from any claim which alleges any act, error, omission, misstatement, misleading statement, or neglect or breach of duty by the insured solely in their capacities as directors and/or officers of the company insured and which is first made against the individual insureds during the policy period. . . .

Unless specifically excluded, D&O policies should provide coverage for any claims against corporate officers and directors personally that seek to hold those officers and directors personally responsible to either the corporation or its shareholders for losses suffered by the corporation or its shareholders as a result of the Bug. These losses could include the costs of any third-party claims that have occurred because the company failed to fix its Y2K problem.

Or, these claims could arise from a drop in a company's stock price once it is discovered that the company has not adequately addressed its Y2K problem. Some insurers may respond to these claims by asserting a misrepresentation defense if the policyholder has failed to disclose on its insurance application a fair estimate of its potential liability in failing to remediate the Y2K problem.

In conclusion, the Millennium Bug is a huge problem looming over corporate America. Because statute of limitation periods may be running, corporate legal departments and their outside advisers should be proactive and take steps now to determine the insurance coverage and other means of legal redress potentially available to their companies and clients.

Back to Top

Copyright American Bar Association. http://www.abanet.org