Photo of Ben Duke

Ben Duke

Ben Duke advises and advocates for insurance policyholders in a broad range of complex litigation, arbitration and other matters involving all types of insurance, from general liability to D&O, professional liability, fidelity bond, and other specialized coverages.

Ben has helped obtain significant insurance recoveries on behalf of clients in many industries, including the financial services, technology, energy, and pharmaceutical industries. He is currently handling major coverage litigation in New York courts and has nationwide experience litigating in state and federal courts and in numerous arbitration forums. As co-lead trial and appellate litigation counsel, Ben recently helped a major technology company recover over $150 million in coverage for a massive government-mandated environmental remediation in Wisconsin’s Fox River.

Complementing his insurance recovery expertise, Ben also has extensive trial experience representing financial institutions in the defense of securities-related claims and other financial disputes. He was lead trial and appellate counsel in multiple federal cases and arbitrations arising from a massive “Ponzi” scheme, and he has represented securities issuers in litigation and investigations involving complex financial instruments and transactions.

Cyber insurers commonly require insureds to complete detailed applications, often including extensive technical disclosure and risk self-assessments. The complaint recently filed by the insurer in Columbia Casualty Co. v. Cottage Health System illustrates the pitfalls in these requirements.

Cottage Health, an operator of a hospital network, suffered a data breach in 2013 resulting in thousands of its patients’ private medical information being publicly disclosed. In addition to other losses, Cottage Health paid $4.125 million to settle a putative class action in 2014 and faces additional proceedings arising from the breach. Columbia’s lawsuit denies all coverage for the breach and seeks to rescind its policy due to the insured’s alleged failure to comply with the cybersecurity practices described in its application.
Continue Reading Cyber Insurer Seeks to Void Data Breach Coverage Because of Purported Misstatements in Policy Application

Data breaches suffered by retailers and other businesses that handle payment cards can result in substantial assessments by card brands such as MasterCard and Visa. Retailers typically do not process payment card transactions directly with the banks that issue their customers’ cards. Instead, they contract with an intermediary—called an acquiring or servicing bank—to process their customers’ card transactions with the card-issuing banks. In the event of a payment card data breach, the card brands typically impose assessments on the retailer’s acquiring bank, which in turn pursues indemnification under its service contract with the retailer.

That was the situation in P.F. Chang’s v. Federal Insurance Co., in which a federal district court in Arizona recently held that Chang’s had no cyber coverage for over $1.9 million in credit card assessments that it had to pay as a result of a data breach. The Chang’s court found that the Federal cyber policy’s “Privacy Injury” coverage did not respond to an acquiring bank’s claim against Chang’s for reimbursement of card brand assessments, because the Federal policy’s definition of “Privacy Injury” required that the compromised confidential records at issue be the claimant’s. As is typical, the payment card information stolen by the hackers belonged to Chang’s customers and the card-issuing banks, not the acquiring bank that made the actual claim for reimbursement by Chang’s.
Continue Reading P.F. Chang’s Ruling Highlights Potential Pitfalls of Cyber Insurance