Insurance Company Files Action Against Cybersecurity Vendors
p3ppppFind Your Next Job pp
ppWhen a cyber incident occurs and the insurer pays out the claim they often face the frustrating reality that pursuing the actual criminals the threat actors for indemnification is virtually impossible Thus insurers are now turning to subrogation claims against the very cybersecurity vendors entrusted by policyholders to protect their systems Indeed insurers are increasingly examining whether outsourced cybersecurity providers may have breached their contractual obligations or failed to deliver adequate protection leading to the loss This shift means policyholders may find their cybersecurity vendors facing legal action from their own insurer creating a new layer of risk in vendor relationshipsppLast month Ace American Insurance Company filed a subrogation action against its insureds cybersecurity and technology vendors alleging missteps by the technology companies See Ace American Insurance Company v Congruity 360 Trustwave Holdings Case No 225cv15657 DNJ Sep 15 2025 Ace seeks to recover the 500000 in damages it paid to its insured CoWorx under the cybersecurity policy issued by Ace Ace alleges that its insureds cyber incident occurred as a result of Congruity 360 and Trustwaves negligence Ace also asserts breach of contract against both defendantsppThe complaint details several alleged bases for Aces subrogation action against the technology companies contracted by its insured Against Congruity 360 Ace claims that the contract between CoWorx and Congruity 360 required Congruity 360 to set up multifactor authentication and secure network servers for CoWorx Ace further alleges that Congruity 360 failed to do so leading to installation of ransomware The claims against Trustwave are similar Ace alleges that Trustwave failed to properly notify the appropriate parties of the cyber incident preventing CoWorx from being able to take relevant proactive action and significantly increasing CoWorxs damages from the incidentppSubrogation actions by cyber insurers are becoming more prevalent and indeed we are seeing cyber insurers frequently request vendor contracts from their insureds following a cyber incident so that the insurer can evaluate potential subrogation rights Insurers are likewise scrutinizing a policyholders security controls during policy underwriting looking for evidence that policyholders are managing vendor risk proactively and contractually to help set premiums and respective policy language This underscores that in todays cyber insurance landscape the quality of your vendor contracts can directly impact coverage claims and your exposure to thirdparty litigationpp
ppMore Upcoming Eventspp ppSign Up for any or all of our 25 Newsletterspp ppYou are responsible for reading understanding and agreeing to the National Law Reviews NLRs and the National Law Forum LLCs Terms of Use and Privacy Policy before using the National Law Review website The National Law Review is a freetouse nologin database of legal and business articles The content and links on wwwNatLawReviewcom are intended for general information purposes only Any legal analysis legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice No attorneyclient or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms attorneys or other professionals or organizations who include content on the National Law Review website If you require legal or professional advice kindly contact an attorney or other suitable professional advisor ppSome states have laws and ethical rules regarding solicitation and advertisement practices by attorneys andor other professionals The National Law Review is not a law firm nor is wwwNatLawReviewcom intended to be a referral service for attorneys andor other professionals The NLR does not wish nor does it intend to solicit the business of anyone or to refer anyone to an attorney or other professional NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us ppUnder certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements Attorney Advertising Notice Prior results do not guarantee a similar outcome Statement in compliance with Texas Rules of Professional Conduct Unless otherwise noted attorneys are not certified by the Texas Board of Legal Specialization nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional CredentialsppThe National Law Review National Law Forum LLC 2070 Green Bay Rd Suite 178 Highland Park IL 60035 Telephone 708 3573317 or tollfree 877 3573317 If you would like to contact us via email please click hereppCopyright 2025 National Law Forum LLCp
ppWhen a cyber incident occurs and the insurer pays out the claim they often face the frustrating reality that pursuing the actual criminals the threat actors for indemnification is virtually impossible Thus insurers are now turning to subrogation claims against the very cybersecurity vendors entrusted by policyholders to protect their systems Indeed insurers are increasingly examining whether outsourced cybersecurity providers may have breached their contractual obligations or failed to deliver adequate protection leading to the loss This shift means policyholders may find their cybersecurity vendors facing legal action from their own insurer creating a new layer of risk in vendor relationshipsppLast month Ace American Insurance Company filed a subrogation action against its insureds cybersecurity and technology vendors alleging missteps by the technology companies See Ace American Insurance Company v Congruity 360 Trustwave Holdings Case No 225cv15657 DNJ Sep 15 2025 Ace seeks to recover the 500000 in damages it paid to its insured CoWorx under the cybersecurity policy issued by Ace Ace alleges that its insureds cyber incident occurred as a result of Congruity 360 and Trustwaves negligence Ace also asserts breach of contract against both defendantsppThe complaint details several alleged bases for Aces subrogation action against the technology companies contracted by its insured Against Congruity 360 Ace claims that the contract between CoWorx and Congruity 360 required Congruity 360 to set up multifactor authentication and secure network servers for CoWorx Ace further alleges that Congruity 360 failed to do so leading to installation of ransomware The claims against Trustwave are similar Ace alleges that Trustwave failed to properly notify the appropriate parties of the cyber incident preventing CoWorx from being able to take relevant proactive action and significantly increasing CoWorxs damages from the incidentppSubrogation actions by cyber insurers are becoming more prevalent and indeed we are seeing cyber insurers frequently request vendor contracts from their insureds following a cyber incident so that the insurer can evaluate potential subrogation rights Insurers are likewise scrutinizing a policyholders security controls during policy underwriting looking for evidence that policyholders are managing vendor risk proactively and contractually to help set premiums and respective policy language This underscores that in todays cyber insurance landscape the quality of your vendor contracts can directly impact coverage claims and your exposure to thirdparty litigationpp
ppMore Upcoming Eventspp ppSign Up for any or all of our 25 Newsletterspp ppYou are responsible for reading understanding and agreeing to the National Law Reviews NLRs and the National Law Forum LLCs Terms of Use and Privacy Policy before using the National Law Review website The National Law Review is a freetouse nologin database of legal and business articles The content and links on wwwNatLawReviewcom are intended for general information purposes only Any legal analysis legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice No attorneyclient or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms attorneys or other professionals or organizations who include content on the National Law Review website If you require legal or professional advice kindly contact an attorney or other suitable professional advisor ppSome states have laws and ethical rules regarding solicitation and advertisement practices by attorneys andor other professionals The National Law Review is not a law firm nor is wwwNatLawReviewcom intended to be a referral service for attorneys andor other professionals The NLR does not wish nor does it intend to solicit the business of anyone or to refer anyone to an attorney or other professional NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us ppUnder certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements Attorney Advertising Notice Prior results do not guarantee a similar outcome Statement in compliance with Texas Rules of Professional Conduct Unless otherwise noted attorneys are not certified by the Texas Board of Legal Specialization nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional CredentialsppThe National Law Review National Law Forum LLC 2070 Green Bay Rd Suite 178 Highland Park IL 60035 Telephone 708 3573317 or tollfree 877 3573317 If you would like to contact us via email please click hereppCopyright 2025 National Law Forum LLCp
