Skip to Content

Policyholder Files Suit for Cyber Attack and Argues Endorsement is Not Part of Policy

03.27.2025

In Conesys, Inc., et al. v. Palomar Excess and Surplus Ins. Co. a policyholder filed a lawsuit alleging breach of contract and bad faith, among others, based on an insurer's application of an “Extortion Threat Sublimit Endorsement” to a cyber attack.  

Factual Background

The policyholder experienced a cyber attack. A hacker breached its computer system and implanted malicious code, halting business operations. The attacker demanded a ransom, which the insured negotiated and paid with the knowledge of the insurer. The majority of the data was eventually accessed. The policyholder alleged millions of dollars in damages in addition to the ransom payment.  

Legal Arguments

The policyholder argued that the “Extortion Threat Sublimit Endorsement” does not apply because: 

  1. The “Extortion Threat Sublimit Endorsement” was not properly formed as part of the policy. The quote for the policy required the policyholder to place multi-factor authentications on its systems to remove the “Extortion Threat Sublimit Endorsement.” The insured alleges that it did have multi-factor authentication on its systems, and it informed the insurer within 60 days of the effective date of the policy. Because the policyholder met the condition to remove the Endorsement, the Endorsement was not properly part of the policy. 
  2. The plain terms of the “Extortion Threat Sublimit Endorsement” do not apply. The Endorsement states that it only applies to losses “based upon, arising out of, directly or indirectly resulting from, or in the consequence of an Extortion Threat.” (Compl. ¶ 36). The policyholder argued that the sublimit only applies to the ransom payment, not the millions of dollars in business losses. 

Policyholder Takeaways

  1. Do you have arguments that the portion of the policy relied on by the insurer is not part of the policy? This is often an overlooked step in a coverage analysis. In this case, the policyholder alleges it met the conditions to remove a partial endorsement to the policy. Policyholders can also make this argument when an endorsement is not listed on the declaration page or when an insurer cannot produce a complete copy of a policy. 
  2. It is always helpful to argue whether the plain terms of the policy apply. Policyholders should look for cases interpreting similar language to support their argument that the Endorsement does not apply. 

The case is Conesys, Inc., et al. v. Palomar Excess and Surplus Ins. Co., Superior Court of Los Angeles County, Case No. 25STCV07078 (March 12, 2025). 

"As detailed herein, Conesys maintains that the Threat Endorsement does not properly form a part of the Policy, and on that basis asserts claims for declaratory relief or, in the alternative, equitable reformation. That said, even if, arguendo, the Threat Endorsement does properly form a part of the Policy, as Defendants contend, Palomar’s conduct still amounts to a breach of the Policy and its implied covenant of good faith and fair dealing, for the reasons detailed herein." (Compl. ¶ 19).

Media Contact

If you have any media inquiries or would like additional information, please click here.

Featured People