Insured succeeds in declaration that lower retention applies, and for coverage for replacement items

The Court found in favour of the insured, a corporate victim of a cyberattack, that the lower of two possible retentions applied to the claim and that it was reasonable for the insured to purchase new laptops to mitigate its loss.

Insurance law – Liability insurance – Exclusions – First party coverage – Third parties – Interpretation of policy; Duties and liabilities of insurer.

Panasonic Canada Inc. v. XL Specialty Insurance Co., [2025] O.J. No. 3644, Ontario Superior Court of Justice, July 30, 2025, J. Leiper J.

Application to the Court by the insured for a declaration that a claim for indemnity under an insurance policy was subject to $1.5 million US retention and for coverage for replacement laptops as a reasonable mitigation. The insured had a policy with the insurer containing various coverages that were subject to an applicable retention amount of $1.5 million US. First party coverage included an endorsement which provided cyber-extortion coverage at a higher retention rate of $3 million to claims involving ransomware event losses.

The insured was a victim of a mal-ware attack which breached their system and confidential information was stolen. The attackers asked the insured to contact them, which they did not. The insured immediately shut its system down and hired external companies to assist in remediating their system from the attack. The insured retained law firms to give legal advice including with respect to a demand letter from a customer. The insured spent approximately $270,000 in mitigation efforts. The insured also spent $242,000 to purchase new laptops, which they determined were required as reasonable steps to mitigate losses under the insurance policy.

The insurer took the position that a $3 million retention applied to the entire policy due to the ransomware event, the replacement laptops were a betterment and not a reasonable mitigation, and alternatively that an exclusion applied to the replacement laptops as the claim arose out of property damage. The insured conceded that the claim arose from an incident which met the definition of ransomware event loss, but took the position that the endorsement did not apply.

The Court held that the endorsement had clear language that limited definitions within the endorsement to the endorsement only, and therefore did not apply to the grants of coverage sought by the insured as they did not include claims for cyber-extortion coverage. The retention rate of $1.5 million applied to the coverage sought. The Court also held that purchase of replacement laptops was reasonable and necessary, and occurred within the period of restoration, based on evidence provided by the insured. Lastly, the Court held that the property damage exclusion did not apply to the replacement laptops because the insurer could not prove the first party incident arose out of property damage, since the network breach preceded the damage to the network.

This case was digested by Mark A. McPhee and edited by Steven W. Abramson of Harper Grey LLP.  If you would like to discuss this case further, please feel free to contact them directly at [email protected] or [email protected].