The United States Court of Appeals for the Sixth Circuit in Ohio has upheld an earlier judgment passed by a district court, ruling that the National Union Fire Insurance Company, a subsidiary of AIG (NYSE:AIG), must pay DSW Shoe Warehouse over $7 million for a computer hacking insurance claim.  AIG attempted to deny the claim citing that the direct loss provision in its policy did not cover the computer hacking related claim.
Although the claim incurred is not very big, the ruling is of particular importance as it sets a precedent for future hacking related claims as the court rejected the insurers defense citing that “The phrase ‘resulting directly from’ does not unambiguously limit coverage to loss resulting ‘solely’ or ‘immediately’ from the theft itself.” This ruling will impact AIG’s commercial insurance unit which provides risk management services to businesses and organizations and is the company’s biggest bread-winner, accounting for 42% of its net revenues in 2011.
We believe that AIG is fairly valued as our $35 valuation of the AIG’s stock is in-line with the current market price.
In 2005, hackers gained access to DSW’s network and downloaded credit card and checking account information of more than 1 million customer transactions. Fraudulent transactions followed leading to false credit card charges and other operating costs for the retail store. Customers filed class actions suits were filed and the Federal Trade Commission (FTC) started a formal inquiry. DSW filed a claim for the expenses it had occurred due the hacking, which was denied by AIG that claimed that the retailer’s losses were not a direct result of the theft.
AIG also stated exclusion for the loss of “proprietary information, Trade Secrets, Confidential Processing Methods or other confidential information of any kind.” The legal authorities have ruled that this argument was invalid stating the customer data is not proprietary information as it is held by many, including the customers.
So How Does This Impact AIG
The court’s ruling sets a precedent for future cases and is particularly important for businesses that accept card payments and store customer information. AIG currently provides Fidelity and Crime Insurance (CrimeGuard) for small and medium-sized businesses in the U.S. but uses the direct loss argument to deny claims related to computer hacking. With computer hacking on the rise, this could mean significant losses for the division in the long-term.
The Internet Crime Complaint Center (IC3), a partnership between the FBI and the National White Collar Crime Center, reported a huge increase in reported losses due to online fraud in 2009. The figure increased more than two-fold, from $265 million in 2008 to nearly $560 million in 2009.  This trend continued in 2010 and 2011, with more than $485 million in losses reported in the latter year. 
The financial lines division of AIG, which offers the crime and fidelity insurance accounted for 15% of the net premiums written by AIG’s property and casualty unit, Chartis, in the U.S., in the second quarter of 2012. The loss ratio, measuring the claims incurred divided by net premiums earned, for the entire consumer insurance division in the U.S. during the period was around 83%. This might be set to increase as online crime in the country increases. We currently forecast a near-term increase in the property and casualty operating margin, which we expect will settle in the long-term to around 29%. There is potential downside of 10% to our price estimate should the margin fall to around 26%. You can modify the interactive chart below to gauge the effect of a change in forecast on our price estimate.
Wait A Minute, Doesn’t AIG Offer Protection Against Hacking
AIG currently offers protection against identity theft for individuals under its personal lines insurance business, which is a part of the consumer insurance division. This protection is currently not extended for businesses and companies.
So this DSW hacking case could set a precedent for other cases where businesses can claimNotes:
- U.S. Sixth Circuit Orders AIG Subsidiary to Cover Retailer’s Computer Hacking Claim, Rejecting “Direct Loss” Defense, Anderson Kill & Olick, P.C., law firm representing DSW in the case 19th September, 2012 [↩]
- FBI: Online Fraud Costs Skyrocketed in 2009, KrebsonSecurity, 2009 [↩]
- ID Theft, Online Fraud Rose Slightly In 2011, Information Week, 14th May, 2012 [↩]