Law360, New York ( November 10, 2014, 11:22 AM EST) -- Last month, a district court in Pennsylvania held in First Commonwealth Bank v. St. Paul Mercury Insurance Co. that an insurer could not avoid indemnifying its insured, a bank, for a payment it made to reimburse a depositor that was robbed as a result of computer hacking.[1] The case is significant because it demonstrates that insurance coverage is available when the insured is complying with the law governing its obligations in response to a computer hacking event, regardless whether the insured received the insurer's written consent to make the payment, a condition that appears in many insurance policies. As discussed below, First Commonwealth continues a long-running string of precedents that limit the effect of voluntary payment provisions, which require policyholders to obtain the insurer's consent before making a payment to settle an underlying claim....