Tag Archives: partial summary judgment

Cyber Challenges Under NIST's Framework

On Feb. 12, the National Institute of Standards and Technology (NIST) released its long-anticipated Framework for Improving Critical Infrastructure Cybersecurity together with a companion Roadmap for Improving Critical Infrastructure Cybersecurity.The framework is issued in accordance with President Obama’s Executive Order 13636, Improving Critical Infrastructure Cybersecurity Version 1.0., which gave NIST the task of developing a cost-effective framework “to reduce cyber risks to critical infrastructure.” The companion roadmap discusses NIST’s next steps with the framework and identifies key areas of development, alignment of cybersecurity standards and practices within the U.S. and globally and collaboration with private and public sector organizations and standards-developing organizations.

The framework applies to organizations in critical infrastructure. But, given the pervasiveness of cybersecurity incidents, and the ever-present, increasing and evolving cyber risk threat, all organizations should consider whether their current cybersecurity risk management practices would pass muster under the framework. In addition, although the framework is “voluntary”—at least so far—organizations are advised to keep in mind that creative class action plaintiffs (and even some regulators) may nevertheless assert that the framework provides a de facto standard for cybersecurity and risk management even for noncritical infrastructure organizations. One thing that companies should consider as they review the framework is what “tier” of cybersecurity risk management they wish to achieve. The tiers—which range from “informal, reactive” responses to “agile and risk-informed” are addressed below, together with an overview of the framework and additional detail regarding certain of its key aspects.

Overview

At a high level, as its name indicates, the framework provides a structure for critical infrastructure organizations to achieve a grasp on their current cybersecurity risk profile and risk management practices, to identify gaps that should be addressed to progress toward a desired target state of cybersecurity risk management and to internally and externally communicate efficiently about cybersecurity and risk management.

Building from global standards, guidelines and practices, the framework provides a common taxonomy and mechanism for organizations to:

  1. Describe their current cybersecurity posture;
  2. Describe their target state for cybersecurity;
  3. Identify and prioritize opportunities for improvement within the context of a continuous and repeatable process;
  4. Assess progress toward the target state;
  5. Communicate among internal and external stakeholders about cybersecurity risk.
NIST has emphasized that the framework “complements, and does not replace, an organization’s risk management process and cybersecurity program.” In addition, NIST properly notes that the framework “is not a one-size-fits-all approach” to managing cybersecurity risk, given that organizations” have unique risks—different threats, different vulnerabilities, different risk tolerances.

In releasing the framework, NIST explained that it provides a structure that organizations, regulators and customers can use to create, guide, assess or improve comprehensive cybersecurity programs and “a common language to address and manage cyber risk in a cost-effective way” based on business needs, without placing additional regulatory requirements on businesses.” NIST also notes that organizations can use the framework “to determine their current level of cybersecurity, set goals for cybersecurity that are in sync with their business environment and establish a plan for improving or maintaining their cybersecurity.” Moreover, because it refers to globally recognized standards for cybersecurity, the framework can also be used by organizations located outside the U.S. and can serve as a model for international cooperation on strengthening critical infrastructure cybersecurity.

Although applying to organizations in critical infrastructure, the framework may be used by any organization as part of its effort to assess cybersecurity practices and manage cybersecurity risk.

Three-Part Approach

The framework adopts a risk-based approach composed of three parts: the core, the profile and implementation tiers.
Framework Core

The framework relies on existing global cybersecurity standards, guidelines and practices as a basis to build or enhance an organization’s cybersecurity risk management practices.

The framework core presents five high-level “functions,” which, as stated by NIST, “organize basic cybersecurity activities at their highest level.” The five functions are: (1) identify, (2) protect, (3) detect, (4) respond and (5) recover. NIST explains that these five high-level functions “provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk” and will provide “a concise way for senior executives and others to distill the fundamental concepts of cybersecurity risk so that they can assess how identified risks are managed, and how their organization stacks up at a high level against existing cybersecurity standards, guidelines and practices.”

For each of the five functions, the framework core identifies underlying key categories and subcategories of cybersecurity outcomes, then matches those outcomes with “informative references” that will assist organizations in achieving the outcomes, such as existing cybersecurity standards, guidelines, and practices. By way of example, categories within the “protect” function include access control, awareness and training, data security, information protection processes and procedures and protective technology. Subcategories under the “access control” category within the protect function include “identities and credentials are managed for authorized devices and users” and “[n]etwork integrity is protected, incorporating network segregation where appropriate.” “Informative references” for “identities and credentials are managed for authorized devices and users” include:

  • CCS CSC 16
  • COBIT 5 DSS05.04, DSS06.03
  • ISA 62443-2-1:2009 4.3.3.5.1
  • ISA 62443-3-3:2013 SR 1.1, SR 1.2, SR 1.3, SR 1.4, SR 1.5, SR 1.7, SR 1.8, SR 1.9
  • ISO/IEC 27001:2013 A.9.2.1, A.9.2.2, A.9.2.4, A.9.3.1, A.9.4.2, A.9.4.3
  • NIST SP 800-53 Rev. 4 AC-2, IA Family20

Figure 1 from the framework depicts the core:

NIST explains that the core “presents industry standards, guidelines and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level.”

Implementation Tiers

The implementation tiers describe the degree to which an organization's cybersecurity risk management practices exhibit the characteristics defined in the framework. The tiers range from partial (tier 1) to adaptive (tier 4) and describe an increasing degree of rigor and sophistication in cybersecurity risk management practices and “the extent to which cybersecurity risk management is informed by business needs and is integrated into an organization’s overall risk management practices.” By way of example, considering the risk management aspect, at tier 1, “[o]rganizational cybersecurity risk management practices are not formalized, and risk is managed in an ad hoc and sometimes reactive manner.” At tier 2, “[r]isk management practices are approved by management but may not be established as organizational-wide policy.” At tier 3, “[t]he organization’s risk management practices are formally approved and expressed as policy” and “[o]rganizational cybersecurity practices are regularly updated based on the application of risk management processes to changes in business/mission requirements and a changing threat and technology landscape.” At tier 4, “[t]he organization adapts its cybersecurity practices based on lessons learned and predictive indicators derived from previous and current cybersecurity activities” and “[t]hrough a process of continuous improvement incorporating advanced cybersecurity technologies and practices, the organization actively adapts to a changing cybersecurity landscape and responds to evolving and sophisticated threats in a timely manner.”

Profile

In essence, the framework profile assists organizations to progress from a current level of cybersecurity sophistication to a target improved state that meets the organization’s business needs. As stated by NIST, a profile is used to “identify opportunities for improving cybersecurity posture by comparing a current profile (the “as is” state) with a target profile (the “to be” state).” Comparison of profiles may reveal gaps to be addressed to meet cybersecurity risk management objectives. NIST states that the framework profile “can be characterized as the alignment of standards, guidelines and practices to the framework core in a particular implementation scenario.”
Framework Implementation

The framework is voluntary—at least for now. NIST also has explained that the framework “complements, and does not replace, an organization’s risk management process and cybersecurity program.” Organizations can use the framework as a reference to establish a cybersecurity program, or leverage the framework to “identify opportunities to strengthen and communicate its management of cybersecurity risk while aligning with industry practices.” The framework recognizes that “[o]rganizations may choose to handle risk in different ways, including mitigating the risk, transferring the risk, avoiding the risk, or accepting the risk, depending on the potential impact to the delivery of critical services.”

Importantly, the framework can be used as a means to communicate an organization’s required cybersecurity standards to business partners. As stated by NIST, “[t]he framework provides a common language to communicate requirements among interdependent stakeholders responsible for the delivery of essential critical infrastructure services,” such as the use of a target profile to “express cybersecurity risk management requirements to an external service provider (e.g., a cloud provider to which it is exporting data).” This is significant, because the cybersecurity shortcomings of “cloud” and other providers can have a profound impact on supply chains. As noted by NIST in the roadmap:

All organizations are part of, and dependent upon, product and service supply chains. Supply chain risk is an essential part of the risk landscape that should be included in organizational risk management programs. Although many organizations have robust internal risk management processes, supply chain criticality and dependency analysis, collaboration, information sharing and trust mechanisms remain a challenge. Organizations can struggle to identify their risks and prioritize their actions—leaving the weakest links susceptible to penetration and disruption. Supply chain risk management, especially product and service integrity, is an emerging discipline characterized by diverse perspectives, disparate bodies of knowledge and fragmented standards and best practices.

Incentives—and Cybersecurity Insurance

As-of-yet-unspecified governmental incentives will be offered to organizations that adopt the framework. The executive order directs the secretary of Homeland Security, in coordination with sector-specific agencies, to “establish a voluntary program to support the adoption of the framework by owners and operators of critical infrastructure and any other interested entities,” and to “coordinate establishment of a set of incentives designed to promote participation in the program.”

On Aug. 6, 2013, the White House previewed a list of possible incentives, including cybersecurity insurance at the top of the list. If cybersecurity insurance is adopted as an incentive, organizations that participate in the program may, for example, enjoy more streamlined underwriting and reduced cyber insurance premiums. As stated by Michael Daniel, special assistant to the president and cybersecurity coordinator, agencies have “suggested that the insurance industry be engaged when developing the standards, procedures and other measures that [make up] the framework and the program” and that “[t]he goal of this collaboration would be to build underwriting practices that promote the adoption of cyber risk-reducing measures and risk-based pricing and foster a competitive cyber insurance market.” Mr. Daniel states that NIST “is taking steps to engage the insurance industry in further discussion on the framework.”

The placement of cybersecurity insurance at the top of a list of possible incentives underscores the important role that insurance can play in an organization’s overall strategy to manage and mitigate cybersecurity risk, including supply chain disruption. Adam Sedgewick, senior information technology policy advisor at NIST, stated that NIST views “the insurance industry as a major stakeholder [in] helping organizations manage their cyber risk.” All of this is consistent with the SEC’s guidance on cybersecurity disclosures under the federal securities laws, which advises that “appropriate disclosures may include” a “[d]escription of relevant insurance coverage” for cybersecurity risks.

Going Forward

The framework is a “living document,” which states that it “will continue to be updated and improved as industry provides feedback on implementation.” As the framework is put into practice, lessons learned will be integrated into future versions to ensure it is “meeting the needs of critical infrastructure owners and operators in a dynamic and challenging environment of new threats, risks and solutions.” NIST will receive and consider comments about the framework informally until it issues a formal notice of revision to version 1.0, at which point it will specify a focus for comments and specific deadlines that will allow it to develop and publish proposed revisions. In addition, NIST intends to hold at least one workshop to provide a forum for stakeholders to share experiences in using the framework, and will hold one or more workshops and focused meetings on specific areas for development, alignment and collaboration. Therefore, organizations will continue to have the opportunity to potentially shape the final framework.

Interpleader Not a Defense To Negligence

When Stakeholder Causes Dispute It Can Still Be Sued For Negligence Not Related to Dispute
The Ninth Circuit Court of Appeal was asked to determine whether the federal interpleader remedy shields a negligent stakeholder from tort liability for its creation of a conflict over entitlement to the interpleaded funds? The Ninth Circuit resolved the issue in Robert S. Lee; Gina Stevens; Laura Stevens v. West Coast Life Insurance Company, No. 11-55026 (9th Cir. 07/31/2012).

Facts
On March 13, 1998, West Coast Life Insurance Company (“West Coast”) issued a life insurance policy with a death benefit of $800,000 to the late Steve Lee, Sr. Steve Sr. was the original owner of the policy. William Lee, Steve Sr.’s brother, was the original beneficiary. In the subsequent years, West Coast received numerous changes of ownership and beneficiary forms from members of the Lee family. At issue is a policy change form signed and executed in July 2005, purporting to change the ownership and beneficiaries of the policy to Robert Lee, Bobbie Bill Lee, and Steve Lee, Jr. Bobbie and Steve Jr. are Steve Sr.’s nephews. Robert is Steve Sr.’s grandson.

Robert, Bobbie, and Steve Jr. executed the aforementioned change forms in West Coast’s San Francisco office with the help of West Coast’s Director of Policy Administration, James Davis. Davis erroneously instructed Bobbie and Robert to sign as the existing owners of the policy, when in fact Steve Jr. was an existing owner and Robert was not. Davis also erroneously failed to ask Steve Jr. to sign a change of beneficiary form which would have transferred a 62.5% interest to Robert as a beneficiary.

The Lee family members made several additional, subsequent changes to the policy’s ownership and beneficiaries. The final change occurred in December of 2008 when Robert Lee and Gina Stevens became the sole beneficiaries. Steve Sr. died in January 2009. Robert and Gina then submitted claim forms to West Coast. In response, West Coast informed Robert and Gina that the July 2005 changes were improperly executed, and therefore that they had no interest in the policy. In March 2009, upon learning that he retained the interest in the policy that he held in 2005, Bobbie submitted a claim form to West Coast. In April of 2009, West Coast responded by contacting all parties involved regarding the disputed claims, urging them to reach a mutual agreement regarding payment of the insurance policy benefits, and informing them that it would file an interpleader action if no agreement could be reached. The parties were unable to reach an agreement.

In August of 2009, Steve Jr., Bobbie, and William Lee (collectively, “plaintiffs”) filed suit against West Coast in the Los Angeles Superior Court alleging claims for breach of contract and breach of the covenant of good faith and fair dealing under California law. West Coast removed the case to federal court invoking diversity jurisdiction, filed an answer and counterclaim in interpleader, deposited $800,000 plus accrued interest with the district court, and added Gina and Laura Stevens as counterdefendants. Robert, Gina, and Laura (collectively, “counterclaimants”) filed counterclaims for negligence and declaratory relief against West Coast, and cross-claims against the plaintiffs.

West Coast moved for partial summary judgment, which the district court granted in West Coast’s favor as to its interpleader claim and on the claims sounding in contract. The plaintiffs and counterclaimants then reached a settlement to distribute the interpleaded funds amongst themselves, and the district court entered an order approving the distribution. The district court concluded that counterclaimants’ negligence claim against West Coast was the only claim remaining to be tried. The court did not address the merits of counterclaimants’ negligence claim, reasoning that they had failed to allege any cognizable damages flowing from West Coast’s alleged negligent conduct.

The Purpose of Interpleader
Both Rule 22 and the interpleader statute allow a party to file a claim for interpleader if there is a possibility of exposure to double or multiple liability. The purpose of interpleader is for the stakeholder to protect itself against the problems posed by multiple claimants to a single fund. This includes protecting against the possibility of court-imposed liability to a second claimant where the stakeholder has already voluntarily paid a first claimant. But it also includes limiting litigation expenses, which is not dependent on the merits of adverse claims, only their existence.

The protection afforded by interpleader takes several forms. Most significantly, it prevents the stakeholder from being obliged to determine at his peril which claimant has the better claim. It is thought that the stakeholder should not be compelled to run the risk of guessing which claimants may recover from the fund.

The stake marks the outer limits of the stakeholder’s potential liability where the respective claimants’ entitlement to the stake is the sole contested issue; however, where the stakeholder may be independently liable to one or more claimants, interpleader does not shield the stakeholder from tort liability, nor from liability in excess of the stake. Congress, in the enactment of the interpleader statute, did not intend thus to wipe out the substantial claims of persons asserting rights against insurance companies. The purpose of the interpleader statute was to give the stakeholder protection, but in nowise to change the rights of the claimants by its operation. Congress had no intention to permit destruction of acquired rights under state law, if indeed it had power so to do.

Many courts have held that those who have acted in bad faith to create a controversy over the stake may not claim the protection of interpleader. Interpleader, which is an equitable remedy, is not available to one who has voluntarily accepted funds knowing they are subject to competing claims. It is the general rule that a party seeking interpleader must be free from blame in causing the controversy, and where he stands as a wrongdoer with respect to the subject matter of the suit or any of the claimants, he cannot have relief by interpleader.

Counterclaimants did not allege that West Coast acted in bad faith, nor do they contend that the interpleader remedy was, or should have been, unavailable. Rather, they allege that West Coast’s negligent actions in 2005 caused the instant controversy, and claim damages flowing from that negligence. The district court’s conclusion that counterclaimants were required to show that West Coast acted in bad faith in order to claim attorney’s fees as damages that flow from West Coast’s negligence is without support.

Nor does counterclaimants’ negligence claim arise from West Coast’s failure to resolve the controversy over entitlement to the insurance proceeds in their favor. But for Davis’ erroneous recording of the July 2005 change forms, counterclaimants allege that they would not have been forced to litigate their adverse claims against the plaintiffs. In other words, West Coast’s alleged negligence directly and proximately caused counterclaimants to forgo $290,000 to which they claim they were rightfully entitled, and caused them to incur attorney’s fees in litigating this action. Their damages flowed not from West Coast’s filing of an interpleader claim but from its alleged negligent conduct.

Conclusion
Interpleader is an important tool to insurers who have competing claims against a particular benefit where it would not be safe to pay the sums out to one only to be sued by the other. It protects the stakeholder – if filed in good faith – against the competing claims. It does not protect the insurer from independent claims of negligence.

In this case the insurer negligently dealt with the request of the parties to change the beneficiaries and owners of the life insurance policy. As a result of its negligence there was a dispute that was only resolved by litigating the interpleader. The plaintiffs — after resolving the interpleader — had the right to sue and prove damages against the insurer for its negligence.

If, on the other hand, the insurer had done nothing other than determine that there existed multiple claims from disparate parties to the benefits of the life insurance policy and could not safely determine which were entitled to the benefits, the interpleader would have resolved all disputes between those seeking benefits and the insurer.

Deny Defense And Lose The Right To Belatedly Control Defense

An Insurer Should Never Deny A Defense Unless Absolutely Certain There Is No Potential For Coverage

The District Court, Northern District of California, granted a motion for summary judgment in favor of KB Home in part against the Travelers in Kaufman & Broad Monterey Bay, et v. Travelers Property Casualty, No. : 5:10-CV-2856 EJD (N.D.Cal. 07/18/2012)

Background
Travelers issued commercial general liability policies to Norcraft Companies, L.P., (“Norcraft”) a cabinet installer. The Norcraft policies provide coverage for “property damage” arising out of an occurrence that takes place in the coverage territory and that occurs during the policy period.

Subcontract And Aldrich Action
On or about January 22, 2003, and February 5, 2003, KB Home and Norcraft entered into subcontracts to furnish, deliver and install cabinets at certain homes within two housing developments in Monterey, California. The subcontracts required Norcraft to name KB Home as an additional insured under its commercial general liability policies.

On October 21, 2008, a number of homeowners commenced a lawsuit in Monterey County Superior Court against KB Home, Aldrich, et al. v. KB Home, et al. (“Aldrich Action”). The homeowners alleged a number of construction defects, including “cabinet and wood trim” defects, that resulted in damage to the homes and their component parts.

KB Home filed a cross-complaint against various parties, including Norcraft, alleging among other things that Norcraft is contractually required to defend and indemnify KB Home with regard to the Aldrich action.

Travelers’ Acceptance, Withdrawal, And This Action
On April 1, 2009, Glaspy & Glaspy, counsel for KB Home, tendered the defense and indemnity of KB Home as additional insureds under the Norcraft policies in the Aldrich action. This initial tender included copies of the original Complaint, First Amended Complaint, KB Home’s Cross-Complaint, a Stipulation and Order of Reference to the Special Master, the Subcontract and additional insured documentation.

On April 6, 2009, Patricia E. Dlugokenski (“Dlugokenski”), a senior technical specialist for Travelers, acknowledged receipt of the tenders and requested additional information, including: a statement of claims or documentation related to the alleged defects and deficiencies, expert investigation reports into defects or damages, current pleadings and any Case Management Order or Pre-Trial Order documents, and the location of any document depository.

On April 6, 2009, in response, KB Home provided an updated Homeowner matrix, the amended complaint, and the dismissal of one of the plaintiffs’ homes. KB also informed Travelers that the Pre-Trial Order had not yet been filed and there was no defect list but that KB Home would forward the defect list as soon as it is received. On July 6, 2009, Dlugokenski noted in the internal Claims Notes that “it is likely some, although minor damages resulted from [cabinet] installation. Damages to the walls or pulling away from the walls could be attributed to installation.” (Emphasis added) Also on July 6, 2009, Dlugokenski issued a letter accepting KB Home’s tender as additional insureds under the Norcraft policies.

The letter also requested information that would assist Travelers in its evaluation of the demand for payment of defense expenses, such as contact information for all carriers who have been provided a tender of defense, their responses, the amounts they have paid, the percentage they agreed to pay, a litigation budget, and an additional insured matrix showing the carriers tendered as well as their responses.

On October 20, 2009, Dlugokenski sent an email to KB Homes’ counsel requesting “documentation of damage caused by our named insured (defect report, etc.)” KB Home’s counsel informed Travelers that no defect list was available to date.

On November 5, 2009, Tom Frazier (“Frazier”), Travelers’ unit manager conducted a review of KB Home’s tenders and found that they lacked documentation of damage or liability arising out of Norcraft’s work. On December 1, 2009, KB Home contacted Travelers about its outstanding balance and requested payment. On December 10, 2009, Dlugokenski responded with a single-sentence email stating, “We will be withdrawing our acceptance.” On February 9, 2010, Hartford Casualty Company (“The Hartford”), another insurance company, accepted KB Home’s tenders of defense and issued a payment of $30,000 for KB Home’s defense in the Aldrich action. The Hartford made no further payments.

On March 9, 2010, Dlugokenski sent a letter to KB Home advising that Travelers was withdrawing from KB Home’s defense.

On May 27, 2010, KB Home filed this action against Travelers. On July 8, 2010, Fred Adelman, counsel for the Aldrich plaintiffs, signed a letter stating that “[t]he plaintiffs in this action are pursuing recovery for damages arising out of the cabinets.”

On August 4, 2010, KB Home provided the Aldrich plaintiffs’ preliminary defect list regarding cabinets, entitled “Aldrich, et al. v. KB Home, et al., Preliminary Defect List.” On December 17, 2010, based on the August 4, 2010 defect list, Travelers sent a letter to KB Homes in which it agreed to participate in the defense of KB Homes as an additional insured from August 4, 2010 forward and that it was appointing Christian Lucia of Seller Hazard Manning Ficenac & Lucia (“Sellar Hazard”) to represent KB Home in the Aldrich action. Travelers added that if KB Home wished to continue to retain Glaspy & Glaspy to provide it with a defense it could do so, but at its own expense.

On January 4, 2011, KB Home sent a letter to Travelers stating that Travelers has forfeited any right to control KB Home’s defense because it breached its duty to defend KB Home. KB Home also stated that Sellar Hazard had “a clear conflict of interest and is currently representing a subcontractor directly adverse to KB Home in a pending construction defect lawsuit and that under no circumstances will KB Home waive the conflict.

On January 28, 2011, Travelers issued payment of $73,654.54 to KB Home as payment for its one-half share of KB Home’s defense fees and costs in the Aldrich action pursuant to its equal shares allocation with The Hartford. On July 19, 2011, Norcraft and the Aldrich plaintiffs reached a settlement in the Aldrich action by the terms of which plaintiffs agreed to an issue release related to all cabinet issues, in exchange for the lump sum payment of $30,000. Travelers claims that, as of August 25, 2011, it had paid in excess of $187,418 in the defense of KB Home in the Aldrich action, which it claims is the amount of all outstanding invoices presented.

On August 26, 2011, KB Home filed its Motion for Partial Summary Judgment. Also on August 26, 2011, Travelers filed is Motion for Summary Judgment or, in the Alternative, Partial Summary Judgment. On September 16, 2011, Travelers filed counterclaims against KB Homes for reimbursement, unjust enrichment, breach of contract, and declaratory relief.

Discussion
KB Home sought partial summary judgment that:

  1. Traveler’s duty to provide KB Home a defense was triggered from the date of tender, April 1, 2009;
  2. Travelers breached its duty to provide KB Home a defense; and,
  3. Belated payment of the costs of the defense in the Aldrich action did not cure Traveler’s breach of its duty to defend KB Home.

Travelers sought summary judgment in its favor on KB Home’s breach of contract claim because:

  1. KB Home breached its duty to cooperate by refusing to accept Travelers’ appointed counsel;
  2. KB Home cannot prove a duty was owed when Travelers denied coverage because Travelers’ duty to defend had not been triggered;
  3. KB Home has not presented any evidence of resulting damages. Travelers also sought summary judgment in its favor on KB Home’s breach of covenant of good faith and fair dealing because:
    1. Travelers never withheld benefits due under the policy;
    2. Any delay in paying benefits was based on a genuine dispute regarding coverage; and,
    3. Travelers conducted a reasonable investigation of KB Home’s tender.

The District Court considered both motions and ruled against Travelers and in favor of KB Home in most parts of its motion. It reasoned about the various issues:

Breach Of Contract
For an insurer, the existence of a duty to defend turns not upon the ultimate adjudication of coverage under its policy of insurance, but upon those facts known by the insurer at the inception of a third party lawsuit. Hence, the duty may exist even where coverage is in doubt and ultimately does not develop. The defense duty is a continuing one, arising on tender of defense and lasting until the underlying lawsuit is concluded or until it has been shown that there is no potential for coverage.

The Norcraft policies provide coverage for “property damage.” The Norcraft polices do not cover property damage to Norcraft’s work arising out of it or any part of it.

Travelers argued that the complaint does not allege that other property was damaged as a result of the cabinets. Specifically, Travelers argues that the Aldrich complaint only alleges the existence of cabinet and wood trim defects at the homes and that the cabinets were installed so as to interfere with the cabinets’ useful life.

Travelers’ reading of paragraph 17, however, appears to consider only the final sentence of the allegation which list the defects, including cabinet and wood trim defects, to which the rest of the paragraph makes reference. The immediately preceding sentence states that the “defects … have resulted in damage to the homes and their component parts. Thus, the complaint alleges that cabinet and wood trim defects caused damage to the homes and their component parts, which potentially includes parts of the homes other than the cabinets.

The District Court concluded that as a result of the Aldrich complaint tendered on April 1, 2009, Travelers was required to defend KB Home unless and until Travelers could demonstrate, by reference to undisputed facts, that the claim cannot be covered. KB Home’s motion for partial summary judgment that Travelers owed it a duty to defend as of April 1, 2009 was granted.

Travelers failed to present evidence showing a genuine issue of fact regarding whether, at the time of its March 9, 2010 withdrawal, there was no potential for a covered liability.

To be excused from its duty to defend by KB Home’s alleged breach of the duty to cooperate, Travelers must show prejudice that resulted from KB Home’s withholding these documents. Travelers has not identified any related prejudice, much less provided evidence upon which a reasonable jury could find prejudice. KB Home, however, has pointed to evidence that Travelers was not prejudiced by these documents because, even if these documents had been produced earlier, Travelers would have acted no differently.

Travelers’ expert, Gene Irizarry, declared that “even though KB [Home] did not provide the Lot Files to Travelers, had it done so, no duty to defend would have been triggered.” This evidence indicates that, with or without the documents, Travelers still would have determined that it did not have a duty to defend. Thus, assuming that KB Home withheld these documents, Travelers has not raised a genuine issue of fact regarding whether Travelers was excused from its duty to defend as a result.

The undisputed facts demonstrate that Travelers breached its duty to provide KB Home with a complete and immediate defense of the Aldrich action when it withdrew from KB Home’s defense on March 9, 2010. Therefore the District Court granted KB Home’s motion and denied Travelers’ motion.

Whether Travelers Cured Its Breach By Its Belated Payment
KB Home also moved for summary judgment that Travelers’ belated acceptance of its duty to defend does not cure its prior breaches. In opposition, Travelers argued that KB Home has not provided any evidence of damages. KB Home sought judgment that Travelers’ failure to take up KB Home’s defense when its duty was triggered is not cured because Travelers did so after KB Home filed this action.

A belated offer to pay the costs of defense may mitigate damages but will not cure the initial breach of duty. KB Home’s motion for summary judgment that Travelers did not cure its breach by its belated payment for KB Home’s defense was, therefore, granted by the District Court.

“The insurer’s right to control the insured’s defense extends to the right to select legal counsel.” Travelers Property Cas. Co. of America v. Centex Homes, No. 11-3638-SC, 2012 WL 1657121, at *4 (N.D. Cal. May 10, 2012). However, “[w]hen an insurer wrongfully refuses to defend, the insured is relieved of his or her obligation to allow the insurer to manage the litigation and may proceed in whatever manner is deemed appropriate.” Eigner v. Worthington, 57 Cal. App. 12 4th 188, 196 (1997).

Here, the Aldrich action was tendered to Travelers on April 1, 2009 and triggered Travelers’ duty to defend. On March 9, 2010, Travelers declined to participate in the Aldrich defense. Travelers, however, agreed to defend KB Home on December 17, 2010, after KB Home had provided Travelers with a defect list from the Aldrich plaintiffs on August 4, 2010 and after KB Home filed this lawsuit.

Duty To Defend Arose Immediately Upon Tender
Since Travelers’ duty to defend arose immediately upon the April 1, 2009 tender, Travelers’ withdrawal and delay in providing KB Home with a defense divested it of the right to control KB Home’s defense. Thus, Travelers failed to demonstrate that the undisputed evidence shows KB Home’s rejection of Travelers’ chosen counsel was a breach of the cooperation clause.

During the time the insurer had rejected the tender of the defense, the insured arranged and paid for its own defense. The belated tender did not fully remedy the harm caused by the insurer’s refusal to defend by later paying the insured’s attorney fees, though this belated decision unquestionably mitigated its damages.

Breach Of Duty To Investigate
An unreasonable failure to investigate amounting to such unfair dealing may be found when an insurer fails to consider, or seek to discover, evidence relevant to the issues of liability and damages. Based on KB Home’s initial tender, on July 6, 2009, Travelers’ Claim Notes document Traveler’s decision to accept KB Home’s defense because of a likelihood of covered damages.

An insurer’s early closure of an investigation and unwillingness to reconsider a denial when presented with evidence of factual errors will fortify a finding of bad faith. KB Home, therefore, presented evidence sufficient to create a genuine issue of fact regarding whether Travelers acted in bad faith in refusing to defend KB Home.

Conclusion
For the reasons discussed above, the District Court ordered as follows:

  1. KB Home’s motion for partial summary judgment that Traveler’s duty to provide KB Home a defense was triggered from the date of tender, April 1, 2009;
  2. Travelers breached its duty to provide KB Home a defense; and
  3. belated payment of the costs of the defense in the Aldrich action did not cure Traveler’s breach of its duty to defend KB Home.

Travelers’ has been found to breach its duty to defend in two cases in California because of its failure to thoroughly investigate upon tender of defense and that, when it had second thoughts and agreed to defend, found it had lost its right to control the defense.

If, as in KB Homes, there is a small potential for coverage, a defense should be provided promptly subject to a reservation of rights. Withdrawing that defense when there is no additional investigation or new facts is not within the custom and practice of Commercial General Liability insurers in California and most of the country.

Travelers then added insult to the injury caused by its withdrawal of defense by coming back and offering to defend with control of counsel and the defense and ignoring the conflict of interest between it, its chosen counsel, and the additional insured. In addition, had it done a thorough investigation, it could have accelerated the settlement negotiations and resolved the Aldrich case for less than the amount of defense costs.