Tektrol v. Int'l Ins. Co of Hanover
If a loss has two causes and one of them is excluded from the cover and the other not, the loss is excluded in its entirety. But if policy exclusions are to be effective, they need to be very clearly worded, as they will generally be construed against the insurer. Thus, in this case, the Court held that an exclusion in the policy of loss from "malicious persons" was not apt to exclude loss of computer data caused by a computer virus emanating from a third party. Neither was an exclusion referring to "other erasure, loss, distortion or corruption of information on computer systems" applicable to the physical theft of the computers on which the data was held
DMC Category Rating: Confirmed
This case note is based on an Article in the August 2005 Edition of the ‘(Re)insurance Bulletin’, published by the Reinsurance and Insurance teams at the international firm of lawyers, DLA Piper Rudnick Gray Cary. DLA Piper is an International Contributor to this website
On 19 December 2001, Tektrol received an email from a firm of solicitors attaching a Christmas card. The managing director opened the attachment on his laptop, only to discover that it was a virus sent inadvertently by the solicitors, whose system had been corrupted. The virus program, which immediately disabled the keyboard and started deleting files, was designed to email itself to all contacts in the recipient's Microsoft Outlook address book.
The managing director quickly pulled out the network cable, but the virus had already deleted the source code on his laptop. Believing, however, that files stored on the remote server were still intact, he repaired and reloaded his laptop from the remote site and left for his Christmas holidays.
On about 2 January 2002, Tektrol's business premises were burgled and various items taken, including the two computers that held the source code and the hard copy printout. Because of the New Year holiday, the theft was not discovered until 7 January. It was then that the insured realised that the virus had deleted the source code held at the remote site and that all copies of the source code had been lost.
7(b) in respect of Section 2:
(ii) other erasure, loss, distortion or corruption of information on computer systems or other records, programs or software unless resulting from a Defined Peril in so far as it is not otherwise excluded".
Clause 13 excluded damage or consequential loss in respect of computers or data processing equipment unless caused by:
"(i) a Defined Peril
The Defined Perils included fire, flood, explosion, riot, civil commotion and "malicious persons".
If a loss has two causes and one of them is excluded from the cover and the other is not, the loss is excluded in its entirety. This was the principle applied by the Court of Appeal in Wayne Tank & Pump v Employers Liability Ltd  1 QB 57 where there were two proximate causes of the loss. The judge in this case saw no reason why the same principle should not apply where there was one direct and one indirect cause, and the point was not disputed on appeal. The crucial issue was whether the virus and/or the burglary fell within the exclusions.
Applying the exclusions
The insured argued that 7(b)(i) did not apply to the loss caused by the virus because the virus had not been deliberately aimed at or intended to harm the insured. Exclusion 7(b)(ii) did not apply because it dealt only with electronic loss, not the loss of physical items, which was covered by exclusion 13. Exclusion 13 applied to the physical loss of the computers, but not to losses caused by a Defined Peril or by theft from the insured's premises.
At first instance, the judge agreed with insurers and held there
could be no recovery under the policy. The insured appealed.
On appeal, the insured argued that the list of people deliberately causing damage ("rioters, strikers, locked-out workers, persons taking part in labour disturbances or civil commotion or malicious persons") suggested the draftsman was thinking of acts aimed specifically at the insured's computers and committed on or near the insured's premises. To tag on a category, which, if insurers were right, included remote hackers, introduced a completely different kind of attack.
The Court of Appeal unanimously agreed. Even though the hacker could be described as malicious, the exclusion did not extend to damage not specifically aimed at the insured's computer systems on the insured's premises. If insurers wanted to exclude all damage caused, however indirectly, by a computer hacker, they should put that exclusion into a separate clause rather than bundling it together with rioters and locked-out workers.
The majority of the Court of Appeal, however, disagreed. Lord Justice Buxton and Sir Martin Nourse thought the judge's interpretation imputed too precise a use of language to the draftsman. Those drawing up policy wordings frequently use overlapping phrases to ensure they leave nothing out. The list of events in 7(b)(ii) – "other erasure loss distortion or corruption of information" - was an example of this "linguistic overkill".
Taken together, the words suggested loss by means of electronic interference. It seemed inherently unlikely that the word "loss" in this context introduced a completely new concept of loss of information due to the physical loss of the physical medium on which the information was carried. That event fell much more naturally into exclusion 13, which, however, did not apply in cases of burglary.
Since neither the virus nor the burglary was excluded, the insured could recover from insurers. The appeal succeeded on both counts.
Back to Top
These Case Notes have been prepared with care, but neither the Editor nor the International and other Contributors can guarantee that they are free from error, nor that they contain every pertinent point. Reliance should not therefore be placed upon them without independent verification. The Editor and the International and other Contributors disclaim all liability for any loss of whatsoever nature and howsoever arising as a result of others acting or refraining from acting in reliance on the contents of this website and the information to which it gives access. The Editor claims copyright in the content of the website.