2025 IL App (1st) 241909-U
NOTICE: This order was filed under Supreme Court Rule 23 and is not precedent except in the limited circumstances allowed under Rule 23(e)(1).
FIRST DIVISION July 28, 2025 No. 1-24-1909 ______________________________________________________________________________
IN THE APPELLATE COURT OF ILLINOIS FIRST DISTRICT ______________________________________________________________________________
CERTAIN UNDERWRITERS AT LLOYD’S, LONDON ) Subscribing to Policy No. PSK0139439706, ) ) Plaintiffs/Counterdefendants- ) Appeal from the Appellees, ) Circuit Court of ) Cook County v. ) ) No. 22 CH 7483 GALEY CONSULTING, LLC, BRIAN GALEY, and ) MONROE INFRASTRUCTURE, LLC, ) The Honorable ) Cecelia A. Horan, Defendants ) Judge Presiding. ) (Monroe Infrastructure, LLC, Defendant/Counterplaintiff- ) Appellant). )
PRESIDING JUSTICE FITZGERALD SMITH delivered the judgment of the court. Justice Cobbs concurred in the judgment. Justice Pucinski dissented.
ORDER
¶1 Held: Insured’s summary to insurer notifying it of a potential claim stemming from an incident of e-mail hacking and wire fraud was properly considered on the question of whether the policy’s “cyber events” exclusion negated insurer’s duty to defend, even though the underlying complaint did not mention these events.
¶2 The defendant/counter-plaintiff, Monroe Infrastructure, LLC (hereinafter Monroe), appeals No. 1-24-1909
from the trial court’s entry of summary judgment in favor of the plaintiffs/counter-defendants, the
Certain Underwriters at Lloyd’s, London Subscribing to Policy No. PSK0139439706 (hereinafter
the Underwriters), in which the trial court found that the Underwriters had no duty to defend their
insureds, Brian Galey and Galey Consulting, LLC, in an underlying lawsuit that Monroe had filed
against Galey Consulting. Monroe’s primary contention on appeal is that the trial court improperly
looked to evidence extrinsic to the allegations of the underlying complaint to determine that
Monroe’s claim was for losses that arose out of a “cyber event” that was excluded from coverage
under the policy. We affirm the judgment of the trial court.
¶3 BACKGROUND
¶4 In 2021, Monroe became engaged in a project to construct roads and other infrastructure
improvements within a development in Nashville, Tennessee. Thereafter, Monroe engaged the
services of Galey Consulting, which provides professional construction management services to
builders, developers, and others. The parties entered into a contract dated February 22, 2021. In
summary, Galey Consulting had broad oversight responsibilities under this contract to effectuate
decisions made by Monroe in implementing the project. These responsibilities included, inter alia,
overseeing and managing all construction activities as well as “pay application management.”
Generally speaking, pay application management included reviewing and approving requests by
subcontractors and others to receive payment by Monroe for work done on the project.
¶5 Galey Consulting and its principal Brian Galey are the named insureds under a policy of
architects and engineers’ insurance to which the Underwriters subscribe. On March 23, 2022, an
agent on the insureds’ behalf gave notice to the Underwriters’ claims manager, CFC Underwriting
Limited, that an incident had occurred which had the potential to give rise to a claim under the
policy. Included with that notice was a summary of the incident written by Brian Galey.
-2- No. 1-24-1909
¶6 Galey’s summary explained that around approximately November 2021, his work e-mail
account had been hacked. After he ultimately engaged an information technology professional, it
was discovered that the hackers had added a mechanism within his e-mail account to divert e-mails
that he received from accounts associated with Nashville Electric Service (NES) so that he would
not see them. Following Galey’s receipt of a legitimate invoice from NES on November 12, 2021,
the hackers sent him an e-mail from a fraudulent account, purporting to be from NES, stating that
NES had changed its procedures to require payments through electronic funds transfer only and
that checks would no longer be accepted. Galey attempted to verify this fact by sending an e-mail
to Josh Pike, who was his contact at NES. A few days later, Galey received a fraudulent e-mail
purporting to be from Josh Pike confirming the accuracy of the change by NES to requiring
electronic payments.
¶7 Galey’s summary continued that on December 29, 2021, Galey informed Don Allen, who is
the owner of Monroe, that it was an appropriate time to for the above invoice to be paid but that
NES was now requiring that all payments be made by electronic transfer. Allen thereafter
contacted his banker at CIBC to send an electronic payment, but his banker responded that a wire
transfer was necessary given the payment’s size. Galey then sent an e-mail to Ron Russell of NES
asking for its wire transfer information. A few hours later, Galey received a fraudulent e-mail
response purporting to be from Ron Russell containing instructions to wire the funds to an account
at Chase Bank. Allen then sent an e-mail telling Galey and the CIBC banker to “verify wire info
over phone to avoid fraud please.” Galey responded to Allen by e-mail, stating that he had already
confirmed with his contact at NES that “this was a legit request.” Galey’s summary also stated that
the CIBC banker had left a voicemail for Ron Russell and followed up with an e-mail asking him
to call back and verify the wire information. The summary contains no information that Russell
-3- No. 1-24-1909
ever returned the banker’s call. On January 3, 2022, Galey received a fraudulent email purporting
to be from Ron Russell stating that the wire transfer had been received.
¶8 The above-described incident apparently led to $673,384.18 being wire-transferred out of
Monroe’s account to a fraudulent account at Chase Bank. That money was never recovered. The
fraudulent nature of this transaction was not discovered until March 18, 2022, when Josh Pike
contacted Galey to ask about the unpaid invoice. This led to the above investigation by the
information technology professional, at which time the incident of e-mail hacking was discovered
and CFC Underwriting was informed of the incident.
¶9 On March 28, 2022, a claims adjustor with CFC Underwriting issued an initial coverage
determination to Galey, which stated that the policy at issue “does not carry any cyber and privacy
cover which would respond to the funds loss.” On April 27, 2022, an agent working on behalf of
Galey asked the claims adjustor from CFC Underwriting to have coverage evaluated under the
errors and omissions portion of the policy and to provide a formal coverage opinion. On May 3,
2022, a different claims adjustor from CFC Underwriting responded that the errors and omissions
policy would not apply unless a claim was made against the insured arising out of an alleged
negligent act or breach of contract, and no such claim had been made as of that time.
¶ 10 On June 6, 2022, Don Allen of Monroe sent an e-mail to Brian Galey, demanding that Galey
Consulting reimburse Monroe the amount of $673,384.17, plus its incurred costs.
¶ 11 On August 2, 2022, the Underwriters sent a letter denying coverage and filed the present
insurance coverage action, naming as defendants Galey Consulting, Brian Galey, and Monroe. The
Underwriters’ complaint sought a declaratory judgment that no coverage was available under the
policy at issue for the reimbursement demand that Monroe had made against Galey Consulting,
due to an exclusion in the policy that precluded coverage for any claim “arising directly or
-4- No. 1-24-1909
indirectly out of any cyber event.” Relevant here and stripped of its excess verbiage, the policy’s
definition of “cyber event” includes “any actual or suspected unauthorized access to *** any
computer systems *** including a *** hacking attack.” 1 The policy’s definition of “computer
systems” means “all electronic computers including operating systems, software, hardware,
microcontrollers and all communication and open system networks and any data or websites
wheresoever hosted, off-line media libraries and data back-ups and mobile devices including but
not limited to smartphones, iPhones, tablets or personal digital assistants.” The Underwriters’
complaint asserted that the summary of events that had been provided by Brian Galey
demonstrated that Monroe’s demand for reimbursement arose out of a “cyber event,” that being
the unauthorized accessing of Galey Consulting’s e-mail system by a fraudster, who then used
Galey Consulting’s impaired e-mail system to intercept and redirect real e-mails from NES and
who sent a series of fraudulent e-mails that directed payment of the NES invoice to be made to the
fraudster’s account. Because of this, the Underwriters asserted, coverage for the claim by Monroe
was excluded under the policy.
1 Monroe’s argument on appeal does not challenge whether the incident described in Brian Galey’s summary qualifies as a “cyber event” under the policy’s definition. The full definition is as follows: “ ‘Cyber event’ means any actual or suspected: a. unauthorized access to or electronic attack designed to damage, destroy, corrupt, overload, circumvent or otherwise impair the functionality of: i. in respect of INSURING CLAUSE 2, computer systems used directly by you; and ii. in respect of all other INSURING CLAUSES, any computer systems; including a denial of service attack, cyber terrorism, hacking attack, Trojan horse, phishing attack, man-in-the-middle attack, application-layer attack, compromised key attack, malware infection (including spyware or ransomware) or computer virus; or b. privacy breach. ‘Cyber event’ does not mean technology error.” We add also that this case involves an insuring clause other than “INSURING CLAUSE 2,” which provides coverage for claims that do arise out of “cyber events” under certain terms and conditions.
-5- No. 1-24-1909
¶ 12 On November 9, 2022, Monroe’s counsel sent a letter to the Underwriters’ counsel asserting
that coverage under the policy was available for the negligent acts, errors and omissions of Galey
Consulting, which existed in at least two forms. First, as part of its responsibilities for providing
“pay application management” services to Monroe, Galey Consulting had acted unreasonably by
failing to have in place a protocol and system to ensure that invoices presented were properly paid.
Second, Galey had acted negligently by failing to “utilize telephonic conformation” prior to
making electronic payment of the NEC invoice.
¶ 13 On February 22, 2023, Monroe filed a lawsuit against Galey Consulting, seeking to recover
“the diverted payment of $673,384.17, that was erroneously and at the instruction of Galey sent to
an improper wire account that was not owned or in the control of NES.” Monroe’s complaint does
not allege that an e-mail hacking or wire fraud incident played any role in causing the loss it
suffered. Instead, its allegations are that, pursuant to the parties’ agreement, Galey Consulting was
to provide Monroe with “construction management” and “pay application” services. Construction
management services included project phasing, logistical planning, schedule oversight,
subcontractor selection oversight, review of materials procurement, quality control oversight, and
cost management. Pay application services included reviewing and approving contractor pay
applications, forwarding pay applications to Monroe for processing, and providing cost tracking
of applications. The complaint alleged that the parties understood that “pay applications” referred
to the detailed documents used by subcontractors and others to request payment on the project.
The complaint alleged that the parties’ contract required Galey Consulting to provide its
professional services in a “commercially responsible” manner and to serve Monroe’s interests in
the performance of its services.
¶ 14 Monroe’s complaint went on to allege that on December 29, 2021, pursuant to instructions
-6- No. 1-24-1909
and information provided to it by Galey Consulting in the performance of the above-described
services, Monroe caused $673,384.17 to be wired to an account that Galey Consulting had
represented to be that of NES, which had done work for Monroe on the project. It alleged that in
March 2022, the parties had discovered that the account information that Galey Consulting had
provided to Monroe for the payment of this invoice was not in fact the account of NES and that
the money had therefore not reached NES as intended. It alleged that Monroe then had to make a
new payment of $673,384.17 to NES, and the first diverted payment had never been recovered.
¶ 15 Monroe’s complaint sought recovery under three theories of liability: professional
negligence, errors and omissions; breach of contract; and breach of fiduciary duty. Each theory of
liability is premised on the following factual allegations of wrongdoing by Galey Consulting:
“a) Improperly and erroneously providing Monroe with the improper bank account
information for NES for purposes of making payment to NES;
b) Improperly and erroneously instructing Monroe to wire payment to NES to a bank
account not owned or in the control of NES;
c) Failing to put into place a risk management policy designed to prevent the
misdirected payment of invoices to contractors, sub-contractors and other vendors who were
owed money for their work on the Project;
d) Failing to implement a protocol or management system for the Project that ensured
that contractors, sub-contractors and vendors who had performed work on the Project were
properly and accurately paid;
e) Failing to implement a protocol or management system designed to ensure that
payments it approved were being safely and securely made to the proper recipients who had
presented invoices approved by Galey;
-7- No. 1-24-1909
f) Failing to implement a protocol or management system that ensured the matching of
approved invoices to the payees presented to Monroe for transfer of funds;
g) Failing to utilize telephonic confirmation of wire instructions to known individuals
at NES before instructing Monroe to transfer funds;
h) Failing to exercise commercially reasonable checks on purported instructions
received for pay applications and payment of invoices;
i) Failing to carefully read and review correspondence detailing purported instructions
for pay applications and payment of invoices;
j) Improperly and erroneously approving payment of an invoice to an improper and
unapproved recipient.”
¶ 16 After Monroe filed its lawsuit against Galey Consulting, the Underwriters filed an amended
complaint for declaratory judgment in the present action. The amended complaint includes greater
detail than the initial complaint, but its material allegations remain that it was clear from Brian
Galey’s initial summary of events that Monroe’s demand for reimbursement and underlying
lawsuit arose out of an event of e-mail hacking and wire fraud that constitutes a “cyber event”
excluded from coverage under the terms of the policy. It characterized the omission in Monroe’s
underlying complaint of any reference to wire fraud as “an improper and transparent attempt to
plead into coverage.”
¶ 17 On July 20, 2023, in the underlying litigation between Monroe and Galey Consulting, the
trial court granted a motion for entry of a consent judgment pursuant to settlement. By its order,
the trial court entered a consent judgment in favor of Monroe and against Galey Consulting in the
amount of $725,000. The trial court’s order also included findings that Galey Consulting had
agreed to the consent judgment in reasonable anticipation of liability, to settle a disputed claim
-8- No. 1-24-1909
and avoid the possibility of a default judgment being entered against it in a larger amount; that the
consent judgment was fair and reasonable; that the decision of Galey Consulting to end this
litigation pursuant to a consent judgment was reasonable and conformed to the standard of a
prudent uninsured; and that $725,000 was consistent with what a reasonably prudent uninsured in
Galey Consulting’s position would settle for, given the facts and merits of the claims in the case.
Finally, the order approved the assignment to Monroe from Galey Consulting of all of its rights
against its insurance carriers with respect to the claims at issue, and it limited Monroe to collecting
the consent judgment only from those insurers and not from Galey Consulting or its principals.
¶ 18 On July 24, 2023, in the present action, Monroe filed on behalf of itself and as assignee of
Galey Consulting and Brian Galey, an answer to the amended complaint and a counterclaim
against the Underwriters. In its answer, Monroe denied the material allegations of the amended
complaint and denied that the Underwriters were entitled to the declaratory judgment sought.
¶ 19 In its counterclaim, Monroe alleged that the Underwriters had breached the terms of the
policy by refusing to defend Galey Consulting in the underlying litigation. It alleged that for the
policy’s cyber events exclusion to apply, a loss must “arise” out the cyber event; however,
Monroe’s allegations against Galey Consulting in the underlying lawsuit involved various acts of
negligence, breaches of contract, and breaches of fiduciary duty that caused Monroe’s loss, and
these are outside the limited scope of causation in the policy’s cyber events exclusion. Its
counterclaim also sought a declaratory judgment that the policy’s “cyber events” exclusion was
ambiguous and unenforceable. It also sought attorney fees and a statutory penalty under section
155 of the Illinois Insurance Code (215 ILCS 5/155 (West 2022)). The Underwriters filed an
answer and affirmative defenses to the counterclaim, denying its material allegations.
¶ 20 On October 20, 2023, Monroe filed a motion for summary judgment as to all counts of the
-9- No. 1-24-1909
amended complaint and the counterclaim. On December 7, 2023, the Underwriters filed a
combined cross-motion for summary judgment and response to the motion by Monroe. The
parties’ arguments largely turned on the effect of the policy’s “cyber events” exclusion on the duty
to defend and whether Brian Galey’s summary of events could be considered given that no e-mail
hacking or wire fraud incident is referenced in the underlying complaint. Monroe’s motion further
raised the argument that the Underwriters’ breach of the duty to defend the insureds meant that
they were liable as a matter of law for the amount of the consent judgment in the underlying
litigation plus a penalty under section 155 of the Insurance Code (id.). Both motions were fully
briefed, and the trial court conducted oral argument on June 13, 2024.
¶ 21 On September 3, 2024, the trial court entered an order denying Monroe’s motion for summary
judgment and granting the Underwriters’ motion for summary judgment. In so doing, the trial court
found that the Underwriters had no duty to defend either Galey Consulting or Brian Galey in
relation to the underlying lawsuit filed by Monroe. It further found that the Underwriters did not
have a duty to indemnify Monroe with regard to the consent judgment that was entered in the
underlying lawsuit. No transcript further articulating the trial court’s reasoning is included in the
record on appeal. Monroe thereafter filed a timely notice of appeal.
¶ 22 ANALYSIS
¶ 23 On appeal, Monroe’s primary argument is that the duty-to-defend analysis in this case cannot
include consideration of Brian Galey’s summary of events, whereby he explained that an incident
had occurred in which his work e-mail had been hacked in a way that caused him to believe that
he was acting pursuant to a legitimate instruction from NES when he directed Monroe to authorize
a wire transfer of $673,384.17 to a bank account that turned out to be fraudulent. Monroe’s position
is that the Underwriters’ duty to defend Galey Consulting and Brian Galey in the underlying
- 10 - No. 1-24-1909
litigation must be determined exclusively by comparing the allegations of the underlying
complaint against the terms of the policy at issue. When this correct approach is followed, Monroe
contends, the allegations of its underlying complaint against Galey Consulting raised allegations
of negligence, breach of contract, and breach of fiduciary duty that triggered coverage under the
policy’s errors and omissions coverage. Monroe contends that, because its underlying complaint
contains no factual allegations along the lines of the information contained in Brian Galey’s
summary, that summary is extrinsic evidence that cannot be considered on the question of whether
the policy’s exclusion for “cyber events” negates the duty to defend.
¶ 24 Where a trial court has granted summary judgment in favor of an insurer based upon the
determination that it owes no duty to defend its insured in underlying litigation, this presents a
question of law that we review de novo. Pekin Insurance Co. v. McKeown Classic Homes, Inc.,
2020 IL App (2d) 190631, ¶ 15. Summary judgment is properly granted where the pleadings,
depositions, and admissions on file, together with any affidavits, show that there is no genuine
issue as to any material fact and that the moving party is entitled to a judgment as a matter of law.
735 ILCS 5/2-1005(c) (West 2024). The filing of cross-motions for summary judgment indicates
the parties’ agreement that only questions of law are presented, which the court can decide based
upon the record. Pielet v. Pielet, 2012 IL 112064, ¶ 28.
¶ 25 “In a declaratory judgment action such as that presented here, where the issue is whether the
insurer has a duty to defend, a court ordinarily looks first to the allegations in the underlying
complaint and compares those allegations to the relevant portions of the insurance policy.” Pekin
Insurance Co. v. Wilson, 237 Ill. 2d 446, 455 (2010). “If the facts alleged in the underlying
complaint fall within, or potentially within, the policy’s coverage, the insurer’s duty to defend
arises.” Id. This is true even if the allegations are groundless, false, or fraudulent, and even if only
- 11 - No. 1-24-1909
one of multiple theories of recovery alleged in the complaint falls within the potential coverage of
the policy. Valley Forge Insurance Co. v. Swiderski Electronics, Inc., 223 Ill. 2d 352, 363 (2006).
Thus, an insurer may not justifiably refuse to defend a lawsuit against its insured unless it is clear
from the face of the underlying complaint that the allegations set forth in it fail to state facts that
bring the case within, or potentially within, the coverage of the policy. Id.
¶ 26 While the statements above constitute the general rule, circumstances exist in which courts
may appropriately look beyond the allegations of an underlying complaint when determining
whether an insurer has a duty to defend. See Wilson, 237 Ill. 2d at 459-62; Pekin Insurance Co. v.
St. Paul Lutheran Church, 2016 IL App (4th) 150966, ¶ 64. An insurer in a declaratory judgment
proceeding may challenge the existence of a duty to defend “ ‘by offering evidence to prove that
the insured’s actions fell within the limitations of one of the policy’s exclusions,’ ” provided that
the evidence offered for this purpose is not evidence that “ ‘tends to determine an issue crucial to
the determination of the underlying lawsuit.’ ” Wilson, 237 Ill. 2d at 461-62 (quoting Fidelity &
Casualty Co. of New York v. Envirodyne Engineers, Inc., 122 Ill. App. 3d 301, 304-05 (1983));
accord Bartkowiak v. Underwriters at Lloyd’s, London, 2015 IL App (1st) 133549, ¶¶ 20-21
(“provided that the trial court is not, in effect, adjudicating a critical issue in the underlying case,
there is no reason why the trial court could not consider relevant, objective, undisputed facts in
deciding the duty to defend, even if those facts fall outside the pleadings of the underlying
lawsuit”); St. Paul Lutheran Church, 2016 IL App (4th) 150966, ¶ 64.
¶ 27 In its brief, Monroe acknowledges the principles above. However, Monroe points out that the
exception is typically invoked by an insured to show that a duty to defend is created through
extraneous facts that are known to an insurer but unpled in the underlying complaint. Monroe
argues that this court has never recognized that an insurer can use extrinsic evidence provided by
- 12 - No. 1-24-1909
its insured to deny the duty to defend otherwise triggered by an underlying complaint.
¶ 28 Although neither party draws our attention to a case directly on point to this one, we believe
that Monroe reads the cases far too narrowly when it argues that this exception works only to the
benefit of an insured. See, e.g., Bartkowiak, 2015 IL App (1st) 133549, ¶ 22 (in finding no duty to
defend, trial court properly considered whether insured had primary automobile liability coverage
from a different insurer, even though nothing about insurance was pled in the underlying complaint
for wrongful death); Millers Mutual Insurance Ass’n of Illinois v. Ainsworth Seed Co., 194 Ill.
App. 3d 888, 893 (1989) (in finding no duty to defend in product liability case, appellate court
approved insurer’s reliance upon statements insured had made in an affidavit that demonstrated
policy’s completed-operations hazard exclusion applied and barred coverage).
¶ 29 In the seminal case of Envirodyne Engineers, the insured was an engineering firm that had
been sued for injuries sustained by a construction worker on a project for which it served as the
consulting engineer. Envirodyne Engineers, 122 Ill. App. 3d at 302. Its insurer argued that no duty
to defend existed due to an exclusion in the policy for bodily injury arising out of the provision of
professional engineering services. Id. at 302-03. In support of its argument that all work that the
insured had performed on the project came within the scope of that exclusion, the insurer offered
evidence of the contract between the insured and its client and the deposition testimony of the
insured’s assistant vice president that he was unaware of any functions performed by the insured
at the job site other than those that were architectural or engineering in nature. Id. at 303-04. On
appeal, the appellate court held that the trial court had properly considered this evidence tending
to show that all the insured’s actions on the job site constituted professional engineering services
in determining that the exclusion applied and negated any duty to defend. Id. at 307-08.
¶ 30 In this case we hold that, consistent with Envirodyne Engineers and the other authority cited
- 13 - No. 1-24-1909
above, Brian Galey’s summary describing the incident of e-mail hacking and wire fraud was
appropriate for consideration on the question of the Underwriters’ duty to defend. Preliminarily,
we accept the premise that, if only the allegations of the underlying complaint are considered
without also looking to Galey’s summary, its allegations would bring the case within the policy’s
grant of professional errors and omissions coverage. As set forth in the background above, the
underlying complaint pleads various acts and omissions by Galey Consulting amounting to
negligence, breach of contract, and breach of fiduciary duty. But it is equally clear from the
underlying complaint that Monroe’s alleged loss stems entirely from the events of December 29,
2021, when $673,384.17 was wired from its bank account to an account that Galey had represented
as belonging to NES when this was not in fact the case.
¶ 31 As stated, nothing in the underlying complaint alleges that the hacking of Galey’s e-mail
account or wire fraud played any role in causing Monroe’s losses. However, we also find nothing
in the summary judgment record that tends to raise any factual dispute as to whether the loss at
issue originated from an incident of e-mail hacking and wire fraud. We do not believe in this
instance that the absence of such allegations from the underlying complaint requires the courts to
“ ‘wear judicial blinders’ ” to the role that an e-mail hacking incident played in causing this loss
when determining whether a policy exclusion applies. See Wilson, 237 Ill. 2d at 460 (quoting
American Economy Insurance Co. v. Holabird & Root, 382 Ill. App. 3d 1017, 1032 (2008)). We
note that the Underwriters’ declaratory judgment action had been filed six months before the time
when Monroe filed the underlying complaint. It is thus clear that Monroe’s counsel was well aware
by that time of the Underwriters’ position that the cyber events exclusion precluded coverage
because the loss arose out of the unauthorized accessing of Galey’s e-mail account by a hacker
attempting to commit wire fraud. Accordingly, it would appear that the failure to allege anything
- 14 - No. 1-24-1909
about e-mail hacking or wire fraud in the underlying complaint was an attempt to avoid pleading
directly into the policy’s cyber events exclusion.
¶ 32 Furthermore, we reject Monroe’s assertion that the question of whether Galey’s liability to
Monroe arose directly or indirectly from an alleged cyber event was a crucial issue of fact in the
underlying case. Monroe does not explain this argument in any detail, and we fail to see how the
trial court would have adjudicated an issue of fact critical to the underlying litigation by
determining that Monroe’s losses originated from an incident in which Galey’s e-mail was hacked
by someone intent on committing wire fraud. Based upon our review of the underlying complaint,
the critical issues were whether Galey Consulting was negligent or breached a contractual or
fiduciary duty by failing to have protocols or systems in place that would have prevented Monroe’s
funds from being misdirected to the wrong account (i.e., that would have prevented the wire fraud
attempt from succeeding). Nothing in the record suggests to us that the fact that an e-mail hacking
or wire fraud incident had occurred was itself an issue of dispute in the underlying case. Also, the
fact that the underlying litigation was no longer pending by the time of the trial court’s entry of
summary judgment in this case is an additional reason why it was not adjudicating any fact critical
to the underlying litigation by determining that an e-mail hacking or wire fraud incident had
occurred. See Maryland Casualty Co. v. Peppers, 64 Ill. 2d 187, 197 (1976) (declaratory judgment
that requires resolution of fact issue crucial to underlying litigation is “premature” prior to
resolution of underlying case); St. Paul Lutheran Church, 2016 IL App (4th) 150966, ¶ 64 (same).
¶ 33 We also reject Monroe’s reliance upon Clemmons v. Travelers Insurance Co., 88 Ill. 2d 469
(1981), which it cites for the proposition that an insurer may not rely on unsworn statements made
by an insured in determining the duty to defend. We find Clemmons distinguishable from the
present case. There, a plaintiff who had been injured in an automobile collision obtained a default
- 15 - No. 1-24-1909
judgment against the underlying defendant and thereafter sued Travelers to collect it on the basis
that Travelers’ refusal to defend had been wrongful. Id. at 473-74. Travelers’ position was that it
had owed no defense because the underlying defendant was driving without permission of his
employer, who was the named insured. Id. Relevant here, Travelers relied in part upon an unsworn
accident report in which the defendant driver had stated that he did not have permission to drive
his employer’s car at the time of the collision. Id. at 476. The supreme court held that Travelers
was not justified in relying upon that report to deny a defense. Id. It held that as a layman, the
defendant driver was likely unaware of how expansively Illinois law viewed the concept of
“permission.” Id. It held that the statement in the accident report was not sufficient to dispel the
potential for coverage that was raised in the underlying complaint. Id.
¶ 34 In this case, we do not find Brian Galey’s summary detailing the e-mail hacking and wire
fraud incident to be analogous to the driver’s statement in Clemmons that he did not have
permission to drive the car. First, Galey’s statement is a factual description of the incident at issue.
It does not present problems similar to the concept of “permission” in Clemmons, where the
statement essentially involved a layperson drawing a legal conclusion or possibly having an
inaccurate understanding of the definition of a legal term of art. Second, we believe it is significant
that Clemmons was a case in which Travelers had denied a defense without seeking a declaratory
judgment or defending under a reservation of rights, which an insurer is generally unjustified in
doing when faced with a complaint that alleges facts potentially within the scope of coverage. See
id. at 475; see also Employers Insurance of Wausau v. Ehlco Liquidating Trust, 186 Ill. 2d 127,
150 (1999). In this case, by contrast, the Underwriters followed the proper approach of filing a
declaratory judgment to determine its coverage obligations. Our supreme court has recognized that
“ ‘if an insurer opts to file a declaratory proceeding, we believe that it may properly challenge the
- 16 - No. 1-24-1909
existence of such a duty [to defend] by offering evidence to prove that the insured’s actions fell
within the limitations of one of the policy’s exclusions.’ ” Wilson, 237 Ill. 2d at 461 (quoting
Envirodyne Engineers, 122 Ill. App. 3d at 304). For the reasons explained above, we find that
consideration of Brian Galey’s summary was appropriate under the principle stated in Wilson, and
it was not barred by the holding of Clemmons.
¶ 35 Monroe’s second principal argument is that, even if Brian Galey’s summary is considered,
the policy’s cyber events exclusion does not preclude coverage for losses that have other
concurrent causes. Based upon this interpretation, Monroe asserts that the cyber events exclusion
does not bar coverage in this case because the allegations of the underlying complaint attribute
Monroe’s loss to various acts, errors, omissions, and misrepresentations by Galey that resulted in
his failure to properly manage Monroe’s pay application with respect to the project.
¶ 36 This argument calls upon us to interpret the relevant language of the policy’s cyber events
exclusion, which provides that the Underwriters will not make any payment under the policy
“arising directly or indirectly out of any cyber event.” Monroe urges us to interpret this language
as constituting “a limited ‘causation’ model for determining whether or not the exclusion applies—
meaning that, for the exclusion to apply, the loss in question must ‘arise’ out of the defined ‘cyber
event.’ ” Monroe contrasts this exclusion’s language with broader causation language used in other
standard policy forms, e.g., provisions that exclude certain losses “ ‘regardless of any other cause
or event contributing concurrently or in any other sequence thereto.’ ” Monroe argues that the
relevant policy language is at least ambiguous as to its exclusion of concurrently caused loss.
¶ 37 When interpreting the language of an insurance policy, the court’s role is to ascertain and
give effect to the intentions of the parties as expressed by the words of the policy. Country Mutual
Insurance Co. v. Livorsi Marine, Inc., 222 Ill. 2d 303, 311 (2006). To ascertain the intent of the
- 17 - No. 1-24-1909
parties and the meaning of the words used in the policy, the court interprets the policy as a whole,
taking into account the type of insurance for which the parties have contracted, the risks undertaken
and purchased, the subject matter that is insured, and the purposes of the entire contract. Crum &
Forster Managers Corp. v. Resolution Trust Corp., 156 Ill. 2d 384, 391 (1993). If the words used
in the policy are clear and unambiguous, they must be given their plain, ordinary, and popular
meaning. Central Illinois Light Co. v. Home Insurance Co., 213 Ill. 2d 141, 153 (2004). However,
if the language used in the policy is reasonably susceptible to more than one meaning, it will be
considered ambiguous and strictly construed against the drafter. Id. A contract term is not
ambiguous merely because the parties disagree on its meaning, nor is a term unambiguous where
each party insists that the language unambiguously supports its position. Id. at 153-54.
¶ 38 We reject Monroe’s argument that any acts or omissions alleged in the underlying complaint
are concurrent causes of its loss, such that its loss cannot be characterized as “arising directly or
indirectly out of any cyber event.” Our supreme court has recognized that “[t]he phrase ‘arising
out of’ has a set meaning in the law.” Brucker v. Mercola, 227 Ill. 2d 502, 521 (2007). “In any
context in which it is used, the phrase has been defined broadly and refers to a causal connection.”
Id. The definition of the phrase is generally recognized to mean “originating from,” “growing out
of,” or “flowing from.” Id. at 521-22. This is the recognized definition of the phrase as applied in
the insurance context. See Maryland Casualty Co. v. Chicago & North Western Transportation
Co., 126 Ill. App. 3d 150, 154 (1984); Holabird & Root, 382 Ill. App. 3d at 1023. We note,
however, that the phrase is given a more limited interpretation in favor of the insured when it is
used in an exclusion than when used in a grant of coverage. Allstate Insurance Co. v. Smiley, 276
Ill. App. 3d 971, 978 (1995); see United Services Automobile Ass’n v. Dare, 357 Ill. App. 3d 955,
969-70 (2005).
- 18 - No. 1-24-1909
¶ 39 We find it clear from Brian Galey’s summary of events that Monroe’s loss can only be
characterized as “arising directly or indirectly out of” a cyber event, even if other potential causes
of the loss can also be identified. The hacking of Galey’s e-mail account and resulting efforts at
wire fraud were the originating events that ultimately led to Monroe’s funds being sent to a bank
account not owned by NES. These were the events from which all other causes of the loss flowed.
Had they not occurred, Galey would not have received fraudulent bank account information or
believed he was acting upon legitimate instructions from NES when he instructed the wire transfer
of Monroe’s funds to that account. In other words, none of the other allegedly negligent or
wrongful acts by Galey would have resulted in the diversion of Monroe’s funds if the e-mail
hacking and wire fraud incident had not occurred. Accordingly, we hold that the cyber events
exclusion is applicable under its plain language and negates any duty to defend on the part of the
Underwriters in the present case.
¶ 40 Based upon our holding that the Underwriters did not breach the duty to defend, we have no
basis to consider Monroe’s final argument that the Underwriters are liable as a matter of law for
the amount of the consent judgment or for a statutory penalty under section 155 of the Insurance
Code (215 ILCS 5/155 (West 2022)).
¶ 41 CONCLUSION
¶ 42 For the foregoing reasons, the judgment of the trial court is affirmed.
¶ 43 Affirmed.
¶ 44 JUSTICE PUCINSKI, dissenting.
¶ 45 I do not argue with my colleagues’ analysis because it is fine for what it is. My quarrel is
with the starting point. Every problem has a beginning, a middle and an end point. My colleagues
- 19 - No. 1-24-1909
have chosen to start with the hack on Galey’s computer as the beginning of this problem, when in
fact, it is the middle.
¶ 46 The origin of this problem, at an unknown point in time, was Galey’s failure to implement
the necessary protections that any competent and reasonable manager/consultant would have put
in place to prevent the hack from getting onto his computer.
¶ 47 That failure was negligent, an error and omission, and a breach of fiduciary duty that created
the cascade of trouble.
¶ 48 And, since we cannot know, from this record, if Galey ever contemplated such a protective
measure or, if he did, what steps it included, I believe there is a genuine issue of fact that prevents
summary judgment from being properly entered in favor of Certain Underwriters.
¶ 49 Galey was hired by Monroe to, among other things, “oversee and manage all construction
activities, cost management, pay application management, and provide documentation as required
by Metro” and “act in a commercially responsible capacity ***.”
¶ 50 If he had taken reasonable steps to protect his computers and emails from hacking, with the
correct software, this hack could have been prevented.
¶ 51 Failure by a sophisticated consultant/manager to do so is unreasonable by any standard.
¶ 52 That failure is compounded by Galey’s reliance on the email chain that he already knew was
being questioned by Monroe. His memo relates that on 12/29/21 at “1:04 Don emailed ‘Let’s
verify wire info over phone to avoid fraud please. Burke and Brian please talk.’” Then, Galey’s
memo states that at “1:07 [he] replied all: ‘Good idea. When the initial request from NES was put
thru, I emailed the NES PM to verify that this was a legit request and he confirmed. May check
with Chase Bank to confirm though?’”
- 20 - No. 1-24-1909
¶ 53 No reasonable consultant/business manager, seeing the remarkable request in the email chain
to change the method of payment for such a large amount of money, would rely solely on contact
from the same email that was suspicious to begin with to confirm itself. Certainly, a simple phone
call to a number not associated with the email would have been a very short investment of time
and energy to be certain Galey was properly communicating with NES.
¶ 54 I find it shocking that Galey was not alert to mischief and more shocking that he didn’t
aggressively work to protect his client’s interest. That is the middle of the problem—a
$1,346,768.34 problem for Monroe and NES that started when Galey negligently failed to protect
his computers and emails.
¶ 55 The insurance company chose to start at the wrong place. The Chancery court started in the
wrong place and my colleagues started at the wrong place.
¶ 56 Unwind this mess and you find a negligent consultant/manager who did not perform
according to the terms of his contract with Monroe at some point in time before the hack. This
problem did not arise from the hack. It arose before the hack. It arose from Galey’s negligence,
error and omission, and breach of fiduciary duty to Monroe. The claim for that misbehavior was
made during the policy period.
¶ 57 There is nothing in Galey’s memo of the events to demonstrate if he did or did not take basic
precautions. If such precautions were not taken, Certain Underwriters should defend and
indemnify Galey. Summary judgment for Certain Underwriters is premature until that question of
fact can be determined.
- 21 -