Playback speed
Share post
Share post at current time

No Financial Loss – No Coverage

Cybersecurity Policy Requires Direct Financial Loss

Thank you for reading Excellence in Claims Handling. This post is public so feel free to share it.


Leave a comment

Get a group subscription

Read the full article at, see the full video at and at and at plus more than 4800 posts.

Post 4819

Insured Cannot Claim for Loss Incurred by Customer

After suffering from a phishing scam, Door Systems, Inc. (appellant) sought coverage under a cybersecurity insurance policy (policy) it obtained from CFC Underwriting Limited, Underwriters at Lloyd’s, London, and Evolve Cyber Insurance Services, LLC. The parties disputed the scope of coverage, and appellant filed a complaint against respondents alleging, among others, breach of contract. The trial court sustained a demurrer concluding the SAC did not plead a “direct financial loss” sustained by appellant.

In Door Systems, Inc. v. CFC Underwriting Limited, et al., G062645, California Court of Appeals, Fourth District, Third Division (June 3, 2024) the Court of Appeal resolved the dispute.


On May 13, 2021, appellant, a leading distributor of integrated fire doors and fire protection smoke curtains, filed a complaint against its cyber security insurers, alleging causes of action for: (1) breach of contract; (2) breach of the covenant of good faith and fair dealing; and (3) declaratory judgment – duty to indemnify. The trial court sustained a demurrer without leave to amend.

Insured Event

The complaint alleged that on January 20, 2021, someone impersonated appellant’s President and sent electronic correspondence to “one of [appellant’s] clients, X-Act Finish & Trim, Inc.” (X-Act). At the time, X-Act owed appellant at least $395,000 for products ordered from appellant. The impersonator demanded $395,000 and provided wire directions for payment. X-Act complied but was later informed by appellant that the money had not been deposited into appellant’s account. Subsequently, appellant and X-Act conducted an investigation and were able to recover $160,419.20, leaving a balance of $234,580 that appellant sought to recover from respondents.

Order Sustaining Demurrer without Leave to Amend

The trial court sustained the demurrer to the second amended complaint (SAC) without leave to amend ruling that the SAC failed to state facts sufficient to constitute a claim. The plaintiff failed to allege a loss sustained by the appellant. Instead still appellant alleged X-Act paid the fraudster.”

Direct Financial Loss Sustained by the Company

The allegation that appellant cannot collect the funds from X-Act because of the UCC’s “imposter rule” is unfounded. A wire transfer is a “payment order.” Thus, the “imposter rule” did not apply. The imposter rule would not prevent appellant from recovering the lost funds from X-Act.

When the imposter later demanded payment of the invoiced amount, X-Act wired the monies to an account not controlled by appellant. Appellant and X-Act later recovered a portion of the wired funds. Even if the transferred funds were specifically earmarked to pay X-Act’s debt to appellant, because money is fungible, X-Act still has an obligation to pay its remaining debt to appellant.

The Court of Appeals concluded that appellant did not suffer a direct financial loss from the phishing scam. Without a direct financial loss, coverage is not triggered. Thus, the trial court properly sustained the demurrer to the First Cause of Action for breach of contract.

Without a breach of contract, there is no breach of the covenant of good faith and fair dealing. The trial court properly sustained the demurrer to the Second Cause of Action.

The judgment is affirmed. Respondents are entitled to their costs on appeal.


An insurance policy, like the cybersecurity policy involved here, promises to indemnify the insured in case of an insured against loss. Since only X-Act suffered a loss by paying the phisher and sent money it owed to the appellant to a criminal, the appellant incurred no loss and it can still collect what it is owed from X-Act who did not have a cyber security policy.

(c) 2024 Barry Zalma & ClaimSchool, Inc.

Please tell your friends and colleagues about this blog and the videos and let them subscribe to the blog and the videos.

Subscribe to my substack at or Go to Barry Zalma

Go to X @bzalma; Go to; Go to Barry Zalma videos at at; Go to Barry Zalma on YouTube-

Go to the Insurance Claims Library –

Subscribe to my substack at; videos at at

Go to X @bzalma; Go to the Insurance Claims Library –

Excellence in Claims Handling
Zalma on Insurance
Blog posts digesting new appellate decisions and free videos about insurance claims and insurance law.