When Cyber Sublimits Work: Cowbell and the Drafting Lessons After CiCi
In February's CiCi Enterprises LP v. HSB Specialty Insurance Co. decision, the Northern District of Texas addressed whether a ransomware sublimit endorsement capped losses otherwise covered under a cyber policy. The court concluded that the endorsement did not apply to limit coverage under the policy’s extortion and other insuring agreements. As we discussed, the decision turned on how the endorsement was framed and how it interacted with the policy’s insuring agreements and defined terms.
On March 9, the Western District of Texas issued its decision in Perry & Perry Builders, Inc. v. Cowbell Cyber, Inc., enforcing a $250,000 cybercrime sublimit. Cowbell addresses the same general question presented in CiCi — how and when a sublimit endorsement applies — but reaches a different result based on the language and structure of the endorsement at issue.
Perry & Perry Builders, Inc. v. Cowbell Cyber, Inc.
In Cowbell, the policyholder fell victim to a fraudulent fund transfer scheme, paying $874,863.70 through two separate electronic fund transfers. Cowbell paid $250,000 under the policy’s cybercrime incident limit. The policyholder argued that each transfer constituted a separate covered incident, entitling it to an additional $250,000 payment.
The court rejected that argument, relying on the scope and structure of the sublimit endorsement, which stated:
| The Limits of Liability set forth in Item 5. of the Declarations [i.e. $250,000] is the maximum amount the Insurer will be liable to pay for all Claims, First Party Loss, First Party Expense, and Liability Expense under each Insuring Agreement, regardless of the number of Claims, Privacy Incidents, Network Security Incidents, Cyber Crime Incidents, Media Incidents, or Insureds. Such Limits of Liability are part of, and not in addition to, the Aggregate Limit of Liability. |
The court focused on two aspects of the endorsement. The endorsement stated that the sublimit applied “under each Insuring Agreement,” and it limited recovery “regardless of the number of . . . Cyber Crime Incidents.” Based on that language, the court concluded that the sublimit capped recovery across the policy and did not permit limits to be multiplied based on the number of transfers or invoices.
The court further noted that allowing recovery to turn on the number of payments would be inconsistent with the structure of the endorsement and the policy’s aggregate limits.
From CiCi to Cowbell: Different Endorsement Language, Different Result
Read together, CiCi and Cowbell show that courts assessing cyber sublimit endorsements focus on how those endorsements are incorporated into the policy and how they function alongside existing insuring agreements and definitions. The differing outcomes reflect differences in endorsement language and structure rather than differences in the underlying cyber events.
Practical Implications
For insurers, Cowbell highlights the types of endorsement language courts may rely on when determining whether a sublimit applies across insuring agreements and aggregates losses arising from related acts. For policyholders, the decision is a reminder to look closely at endorsement language and how limits apply.
Read alongside CiCi, Cowbell reinforces that the effect of a cyber sublimit depends on how the endorsement is written and how it fits within the policy as a whole.
Please contact Marissa Torres, Caroline Crosby or any member of the Phelps insurance or cybersecurity, privacy and data protection teams with questions or for advice or guidance.
