Out-Law News 2 min. read
01 Aug 2005, 10:01 am
The ruling of 21st July overturns a High Court decision in favour of the insurer last year.
Tektrol Limited provides energy-saving control devices for industrial motors. These devices rely on software, and Tektrol had taken precautions to protect the source code for that software: the code was held at its business premises on two computers and also as a hard copy that was stored in a pilot case; it was held at a remote site operated by an independent company, Compwise Systems; and it was also stored on the laptop of its Managing Director, Mr Shlaimoun.
But in December 2001, disaster struck. Mr Shlaimoun opened a Christmas e-card and triggered a mass-mailing computer virus. The virus wiped the source code from his laptop. Believing the remote site's computer to be secure, Shlaimoun loaded its backup source code onto his laptop.
A few weeks later, burglars entered Tektrol's business premises and stole the two computers and the hard copy of the source code. Only then was it discovered that the virus had also corrupted the remote site's computer – meaning all copies of the source code were lost.
Tektrol claimed on its insurance for the business interruption caused by the losses. However, the policy excluded, among other things, consequential losses resulting from the “erasure, loss, distortion or corruption of information on computer systems or other records programmes or software caused deliberately by rioters strikers locked-out workers persons taking part in labour disturbances or civil commotion or malicious persons.”
It also excluded consequential loss for theft.
Lord Justice Buxton, giving the majority opinion of the court, followed a rule established in a 19th Century case that, in cases of real doubt, exclusions in insurance policies had to be interpreted “most strongly against the insurers; they frame the policy and insert the exceptions.”
With this in mind, he looked at the exclusions in the policy from the International Insurance Company of Hanover Limited.
Lord Buxton wrote:
"It will be immediately apparent that the list 'rioters strikers locked-out workers persons taking part in labour disturbances or civil commotion or malicious persons' introduces at its end a significantly different category of person from what has gone before. The concept of rioters, etc, causing damage to information on the computers at the insured's premises suggests strongly that the context envisaged by the draftsman is of interferences directed specifically at those computers and committed on or near the insured's premises. 'Deliberately' fits well into that context, because such persons might well damage information accidentally or carelessly in the course of other depredations. But suddenly to tag on at the end of the excepting clause a reference to remote hackers, a completely different category of person making a completely different kind of attack, significantly changes the thrust of the exception, in a way that one would expect to be done only by much more specific wording.
"I am therefore driven to the conclusion that although, as agreed between the parties, the author of the virus was a 'malicious person', the clause does not extend to interferences by such people that are not directed at the computer systems, etc, used by the insured at the premises. If the insurer wished to exclude all damage caused however indirectly by a computer hacker he needed to place that exclusion in a separate clause, and not refer to malicious persons in the same terms as rioters or locked-out workers."
Lord Buxton was also unhappy with the wording in the consequential loss for theft exclusion. A true reading of the clause did not exclude the software loss, he said.
Tektrol was therefore covered by the policy.
John Salmon, a partner with Pinsent Masons, the law firm behind OUT-LAW.COM, said:
"Businesses should check their insurance policies to see what cover they have in such circumstances. And insurers should take from this judgment that if they want to exclude damage caused by viruses, they must use specific, unambiguous wording in their policies."
