The situation: Businesses that use or invest in cryptocurrencies face a variety of risks, including digital theft, ransomware attacks, and market volatility. The availability of insurance cover for these risks is changing rapidly.
The result: In addition to evaluating new forms of coverage that may be available for these risks, policyholders facing cryptocurrency-related losses should also carefully review their traditional insurance policies for potential protection against such losses.
Look forward: As with many emerging losses, the insurance industry has already begun trying to develop and add language to traditional policies aimed at limiting or changing the extent of cryptocurrency risk coverage while simultaneously marketing new forms of specialist hedging tailored to cryptocurrency risks. Policyholders should be mindful of this language when purchasing traditional forms of insurance and consider whether to purchase additional specialty coverage.
Cryptocurrency, such as Bitcoin, is a decentralized, virtual-only currency that is cryptographically secured. Companies that use or invest in cryptocurrency face various risks, such as market volatility, ransomware attacks, and digital theft. Losses resulting from these risks may be covered by existing insurance policies, such as property insurance, cyber insurance and/or directors and officers (“D&O”) insurance policies. For example, property insurance can cover monetary losses in the event of cryptocurrency theft; cyber insurance can cover ransom payments to hackers targeting cryptocurrency; and D&O insurance can cover legal costs related to claims against directors or officers for their decisions and actions related to the use and/or investments of cryptocurrency. Because cryptocurrency is relatively new, courts and government agencies have yet to come to a consensus on how to categorize it. For example, some courts and/or agencies have classified cryptocurrency as property, while others have classified it as funds or money. And, whether cryptocurrency constitutes security is currently the subject of litigation in Securities and Exchange Commission v Ripple Labs Inc., Case No. 20-cv-10832 (SDNY 2020). Policyholders facing cryptocurrency-related losses should carefully evaluate these variable and evolving characterizations of cryptocurrency and analyze the potential coverage of their existing insurance policies.
Policyholders may be able to recoup cryptocurrency-related losses under their property insurance policies. Property policies generally cover physical damage or loss of tangible property. Internal Revenue Service (“IRS”) guidelines and some court rulings suggest that cryptocurrency is considered “property.” For example, the IRS has indicated that for federal tax purposes, virtual currency is treated as property.
To see Tax Notice 2014-21. An Ohio court relied on this advice from the IRS to Kimmelmann v. Wayne Ins. Group., 2018 Ohio Miscellaneous. LEXIS 1953 (Ct. Comm. Pl. 2018) to confirm coverage under a homeowner’s property policy for stolen Bitcoins. There, the policyholder suffered a loss of $16,000 when his bitcoin wallet was stolen. The insurer attempted to characterize Bitcoin as money, which was subject to a $200 sub-limit under the policy. The court rejected this argument, finding that the policyholder’s bitcoin wallet constituted property, which was not subject to the $200 sublimit. The court held that “‘virtual currency’ is recognized as property by the IRS and must be recognized as such by this Court”. Identifier. at 2 o’clock.
Although cryptocurrency is virtual, it can also exist as physical, tangible property in the form of “cold cryptocurrency”. Cold cryptocurrency is stored offline on hard drives or flash drives, which can be physically damaged or stolen. Such damage must satisfy any “physical damage to tangible property” requirement covered by the property policies. Insurers may attempt to distinguish physical hard drives from data stored on hard drives. For example, the Fourth Circuit labeled data stored in physical hard drives as “abstract ideas, logic, instructions and information” and not as “tangible goods”. A m. Online, Inc. c. St. Paul Mercury Ins. Co., 347 F.3d 89, 96 (4th Cir. 2003). However, the courts have rejected insurers’ arguments that data, such as cryptocurrency, is not property subject to physical loss or damage. See, for example, EMOI Servs., LLC v. Owners Ins. Co.180 NE3d 683, 693-96 (Ohio Ct. App. 2021) (stating that a ransomware attack that encrypted insured’s software and data (and only decrypted it during a Bitcoin payment) caused “direct physical loss or damage” to the insured property, rejecting the insurer’s arguments that “the software and data have no physical existence and therefore are not susceptible to loss or physical damage”).
Losses related to cryptocurrency can also be covered by cyber insurance policies. Cyber policies generally cover cyber risks such as losses caused by malicious code and viruses, attacks, unauthorized access, theft, defacement of websites and cyber extortion (i.., payment of ransoms). The meteoric rise in value of several types of cryptocurrency, including Bitcoin, is making cryptocurrency an increasingly popular target and/or demand among ransomware hackers.
Fortunately, many IT policies expressly cover cryptocurrency losses or are worded broadly enough to clearly encompass cryptocurrency-related losses. However, to the extent that cyber policies use terms such as “money” or “securities”, insurers may argue that these terms do not include cryptocurrency. In response, policyholders can point to several favorable characterizations of cryptocurrency by courts and administrative agencies. For example, courts have ruled in criminal cases that Bitcoins are both funds and money. See, for example, United States vs. Ulbricht, 31 F. Supp. 3d 540, 570 (SDNY 2014); United States vs. Ologeanu, no. 5:18-CR-81-REW-MAS, 2020 WL 1676802, at *11 (ED Ky. 4 April 2020). In addition, the question of whether cryptocurrency can constitute a security is currently the subject of litigation in
Securities and Exchange Commission v Ripple Labs Inc., no. 20-cv-10832 (SDNY 2020).
Directors and Officers Insurance
Companies and their directors and officers could face claims from investors and other third parties arising from their decisions and actions related to the use and/or securing of cryptocurrency. Indeed, SEC Chairman Gary Gensler has compared the crypto landscape to the “Wild West” because the unregulated cryptocurrency market is so full of scammers. A business with deficient storage, security, and recovery protocols related to its use of cryptocurrency may face not only lost or stolen assets, but also potential claims against it for negligence and breach of duty. fiduciary duty. Additionally, directors and officers may face additional risks arising from increasing cryptocurrency regulation.
D&O policies generally cover claims arising from management decisions with adverse financial consequences. Thus, claims against companies and/or their officers or directors in connection with their investment and/or the use and security of cryptocurrency may be covered by D&O policies. Policyholders evaluating coverage for their D&O policies should pay particular attention to any exclusions that could potentially limit the extent of cryptocurrency-related loss coverage, such as electronic data exclusions and/or exclusions for criminal conduct.
Three key points:
- Because cryptocurrency is relatively new, traditional insurance policies may not expressly address cryptocurrency risks. However, this does not mean that losses related to cryptocurrency are not covered.
- Actual policy language, relevant case law, and guidance from government agencies and/or other resources regarding the characterization of cryptocurrency should be evaluated to determine the potential availability of coverage under traditional policies. It is important to note that the same loss of cryptocurrency can be covered by several different types of policies. For example, the theft of cryptocurrency due to allegedly insufficient security measures could lead to claims under proprietary, cyber, and D&O policies.
- Therefore, it is important for policyholders to consider how the characterization of cryptocurrency (e.g., as property, data, money and/or securities) may affect coverage for all policies. potentially applicable.
The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.