- within Insurance, Privacy and Intellectual Property topic(s)
- with readers working within the Accounting & Consultancy industries
Spoliation sanctions in the Commercial Division exist on a spectrum—from cost-shifting and adverse inferences to the ultimate sanction of striking a pleading. But where exactly is the line between gross negligence and the kind of “willful or contumacious” conduct that warrants striking an answer? A recent decision from Manhattan Commercial Division Justice Joel M. Cohen in Greater New York Mutual Insurance Co. v. SKOUT Monitoring, LLC offers important guidance, and the facts make the question particularly stark. Despite finding that a cybersecurity monitoring company’s preservation failures were pervasive and grossly negligent, the Court declined to strike its answer. The decision draws a clear line: gross negligence, even on egregious facts, is not the same as the willful or contumacious conduct required for that drastic remedy.
The Facts: A Cybersecurity Provider’s Preservation Failures
Plaintiff GNY hired defendant SKOUT as its cybersecurity monitoring provider, responsible for watching GNY’s networks around the clock. SKOUT’s monitoring systems generated alarms when they detected suspicious activity—repeated failed logins, unauthorized access attempts, anomalous behavior—and SKOUT analysts were responsible for reviewing those alarms and deciding whether to escalate them to GNY.
In May 2021, a cybercriminal group launched a brute force attack against GNY’s systems—more than 910,000 failed login attempts over the course of 12 days. The attackers eventually gained access and deployed ransomware that crippled GNY’s networks. Throughout the entire lead-up, SKOUT sent GNY a single “medium” risk notification, at midnight on Memorial Day, which GNY never even received because its email system had already been taken down by the attack.
What followed was worse. SKOUT’s own internal investigation revealed that security tickets had been “mis-mapped”—alerts routed to the wrong client—and that analysts had closed out over 500 brute force alarms as mere “failed attempts” without escalation. Within 10 days of the attack, SKOUT held an internal “All Hands” meeting where the lone notification was cited as an example of a “big red flag” that “should not be de-escalated” and “needs to be sent as a high and the customer needs to see.” In other words, SKOUT knew it had failed.
Despite this internal reckoning, SKOUT never implemented a litigation hold or took meaningful steps to preserve the evidence of its own monitoring failures. The result was the loss of critical data across three categories:
- Slack (Internal Messaging Platform).
- SKOUT maintained a 30-day retention policy for Slack messages and never suspended it. Messages from the critical May–June 2021 attack period were automatically deleted. Even after GNY sent a formal preservation demand on December 16, 2021—attaching a draft complaint—messages through February 2022 were not preserved because SKOUT personnel “did not believe they were relevant.”
- Zendesk (Customer Service and Ticketing Platform).
- In 2024—two full years into active litigation—SKOUT manually deleted thousands of Zendesk tickets after Zendesk informed it that the account exceeded storage limits. SKOUT could have purchased an add-on to retain GNY’s tickets. It chose not to. It then implemented a 15-month retention policy. The CSV export performed after the deletions did not capture analyst narrative notes—the very evidence showing how analysts reviewed and closed alarms without escalation.
- Elastic (Database Storing Historical Alarm Data from SKOUT’s Monitoring Systems).
- Historical alarm data from June 2020 through May 2021 disappeared entirely. SKOUT attributed the loss to a “Log4j vulnerability.” This was precisely the period that could reveal pre-attack reconnaissance and scanning activity—evidence that would speak directly to whether SKOUT’s monitoring was adequate.
Why the Answer Survived
GNY moved for the most severe sanction available—striking SKOUT’s answer entirely. It did so twice. The first motion, filed in August 2024, was denied without prejudice due to disputed questions of fact. The Court then ordered an evidentiary hearing, which was held in July 2025 with fact and expert witnesses. Even after that extensive record was developed, the Court declined to strike. Striking a pleading is “a drastic remedy generally reserved for cases involving willful or contumacious conduct or where the loss of evidence deprives the opposing party of the ability to prove its claim or defense.” Mylonas v. Town of Brookhaven, 305 A.D.2d 561, 563 (2d Dep’t 2003). The Court found neither threshold was met—and that distinction was at the heart of the decision.
What the Court did find was gross negligence. Under VOOM HD Holdings LLC v. EchoStar Satellite L.L.C., 93 A.D.3d 33, 45 (1st Dep’t 2012), three factors support a finding of gross negligence when the duty to preserve has been triggered: (1) the failure to issue a written litigation hold; (2) the failure to identify key players and ensure their records are preserved; and (3) the failure to cease the routine destruction of evidence. All three were present here.
But as noted above, the Court found that the conduct did not rise to willful or contumacious for several reasons. First, SKOUT had taken some preservation steps—albeit imperfect ones. It exported Zendesk data to CSV format before deleting the native records, even though the export did not capture analyst narrative notes. Second, other evidence concerning SKOUT’s monitoring practices remained in the record, including witness testimony and documentary evidence produced during discovery. GNY could still prove its case through alternative means; the gaps could be addressed through evidentiary sanctions rather than striking the answer.
The Court instead imposed an adverse inference instruction—directing the jury that it may infer the missing Slack, Elastic, and Zendesk data would have been unfavorable to SKOUT—together with attorneys’ fees and costs, citing Pegasus Aviation I, Inc. v. Varig Logistica S.A., 26 N.Y.3d 543, 551 (2015). The Court emphasized that Courts have “broad discretion to provide proportionate relief.” See also VOOM, 93 A.D.3d at 47.
A Note on When the Duty to Preserve Arose
One additional aspect of the decision worth highlighting: the Court found that SKOUT’s duty to preserve arose on June 2, 2021—six months before GNY sent its formal preservation demand. SKOUT’s own internal investigation—which revealed mis-mapped tickets and hundreds of improperly closed alarms—put it on notice that its monitoring practices would be scrutinized. A formal demand letter is not a prerequisite. See Mangual v. New Life School, 245 A.D.3d 647, 648 (1st Dep’t 2026); Fata v. Heskel’s Riverdale, LLC, 223 A.D.3d 520, 521 (1st Dep’t 2024).
Practical Takeaways.
- For Parties Seeking Spoliation Sanctions.
- Calibrate expectations. Even pervasive destruction across multiple platforms, combined with a finding of gross negligence, was not enough to get an answer stricken. If you want the drastic remedy of a stricken answer, you need to establish willful or contumacious conduct—not just negligent failure to preserve. You also need to demonstrate that the loss of evidence deprives you of the ability to prove your case through alternative means. Frame your motion accordingly, and be prepared to show what’s truly irreplaceable versus what can be established through other discovery.
- For Parties Facing Spoliation Allegations.
- Imperfect preservation saved SKOUT from the worst outcome. Even late, incomplete steps—like exporting data to CSV before deleting the native system—gave the Court a basis to find that alternative evidence existed and the prejudice could be addressed short of striking the answer. The practical lesson: suspend auto-deletion policies immediately when you have any reason to believe litigation is possible. SKOUT could have retained GNY’s Zendesk tickets by purchasing a storage add-on. That modest expenditure would have avoided years of motion practice, an evidentiary hearing, and the adverse inference that would now follow SKOUT to trial.
- For All Practitioners.
- Modern platforms—Slack, Zendesk, cloud-based monitoring tools—have aggressive default retention policies that will silently destroy evidence without affirmative intervention. Thirty days. Fifteen months. These are not litigation-friendly timelines. A litigation hold that does not specifically identify the relevant platforms, their retention settings, and the steps required to suspend auto-deletion is no litigation hold at all.
Conclusion
The GNY decision answers the question posed at the outset: how far is too far? The answer, at least in the Commercial Division, is that gross negligence—even pervasive, multi-platform gross negligence—does not cross the line into willful or contumacious conduct warranting a stricken answer. But practitioners should not confuse that line with a safe harbor. An adverse inference instruction that the missing evidence would have supported the opposing party’s claims, coupled with a fee award, can fundamentally reshape the trajectory of a case at trial. Surviving the spoliation motion is not the same as winning.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
[View Source]