Spoliation sanctions in the Commercial Division exist on a spectrum—from cost-shifting and adverse inferences to the ultimate sanction of striking a pleading.  But where exactly is the line between gross negligence and the kind of “willful or contumacious” conduct that warrants striking an answer?  A recent decision from Manhattan Commercial Division Justice Joel M. Cohen in Greater New York Mutual Insurance Co. v. SKOUT Monitoring, LLC offers important guidance, and the facts make the question particularly stark.  Despite finding that a cybersecurity monitoring company’s preservation failures were pervasive and grossly negligent, the Court declined to strike its answer.  The decision draws a clear line: gross negligence, even on egregious facts, is not the same as the willful or contumacious conduct required for that drastic remedy. The Facts: A Cybersecurity Provider’s Preservation Failures Plaintiff GNY hired defendant SKOUT as its cybersecurity monitoring provider, responsible for watching GNY’s networks around the clock.  SKOUT’s monitoring systems generated alarms when they detected suspicious activity—repeated failed logins, unauthorized access attempts, anomalous behavior—and SKOUT analysts were responsible for reviewing those alarms and deciding whether to escalate them to GNY. In May 2021, a cybercriminal group launched a brute force attack against GNY’s systems—more than 910,000 failed login attempts over the course of 12 days.  The attackers eventually gained access and deployed ransomware that crippled GNY’s networks.  Throughout the entire lead-up, SKOUT sent GNY a single “medium” risk notification, at midnight on Memorial Day, which GNY never even received because its email system had already been taken down by the attack. What followed was worse.  SKOUT’s own internal investigation revealed that security tickets had been “mis-mapped”—alerts routed to the wrong client—and that analysts had closed out over 500 brute force alarms as mere “failed attempts” without escalation.  Within 10 days of the attack, SKOUT held an internal “All Hands” meeting where the lone notification was cited as an example of a “big red flag” that “should not be de-escalated” and “needs to be sent as a high and the customer needs to see.”  In other words, SKOUT knew it had failed. Despite this internal reckoning, SKOUT never implemented a litigation hold or took meaningful steps to preserve the evidence of its own monitoring failures.  The result was the loss of critical data across three categories:

  • Slack (Internal Messaging Platform).
  1. SKOUT maintained a 30-day retention policy for Slack messages and never suspended it. Messages from the critical May–June 2021 attack period were automatically deleted.  Even after GNY sent a formal preservation demand on December 16, 2021—attaching a draft complaint—messages through February 2022 were not preserved because SKOUT personnel “did not believe they were relevant.”
  • Zendesk (Customer Service and Ticketing Platform).
  1. In 2024—two full years into active litigation—SKOUT manually deleted thousands of Zendesk tickets after Zendesk informed it that the account exceeded storage limits. SKOUT could have purchased an add-on to retain GNY’s tickets.  It chose not to.  It then implemented a 15-month retention policy.  The CSV export performed after the deletions did not capture analyst narrative notes—the very evidence showing how analysts reviewed and closed alarms without escalation.
  • Elastic (Database Storing Historical Alarm Data from SKOUT’s Monitoring Systems).
  1. Historical alarm data from June 2020 through May 2021 disappeared entirely. SKOUT attributed the loss to a “Log4j vulnerability.”  This was precisely the period that could reveal pre-attack reconnaissance and scanning activity—evidence that would speak directly to whether SKOUT’s monitoring was adequate.

Why the Answer Survived GNY moved for the most severe sanction available—striking SKOUT’s answer entirely.  It did so twice.  The first motion, filed in August 2024, was denied without prejudice due to disputed questions of fact.  The Court then ordered an evidentiary hearing, which was held in July 2025 with fact and expert witnesses.  Even after that extensive record was developed, the Court declined to strike.  Striking a pleading is “a drastic remedy generally reserved for cases involving willful or contumacious conduct or where the loss of evidence deprives the opposing party of the ability to prove its claim or defense.”  Mylonas v. Town of Brookhaven, 305 A.D.2d 561, 563 (2d Dep’t 2003).  The Court found neither threshold was met—and that distinction was at the heart of the decision. What the Court did find was gross negligence.  Under VOOM HD Holdings LLC v. EchoStar Satellite L.L.C., 93 A.D.3d 33, 45 (1st Dep’t 2012), three factors support a finding of gross negligence when the duty to preserve has been triggered: (1) the failure to issue a written litigation hold; (2) the failure to identify key players and ensure their records are preserved; and (3) the failure to cease the routine destruction of evidence.  All three were present here. But as noted above, the Court found that the conduct did not rise to willful or contumacious for several reasons.  First, SKOUT had taken some preservation steps—albeit imperfect ones.  It exported Zendesk data to CSV format before deleting the native records, even though the export did not capture analyst narrative notes.  Second, other evidence concerning SKOUT’s monitoring practices remained in the record, including witness testimony and documentary evidence produced during discovery.  GNY could still prove its case through alternative means; the gaps could be addressed through evidentiary sanctions rather than striking the answer. The Court instead imposed an adverse inference instruction—directing the jury that it may infer the missing Slack, Elastic, and Zendesk data would have been unfavorable to SKOUT—together with attorneys’ fees and costs, citing Pegasus Aviation I, Inc. v. Varig Logistica S.A., 26 N.Y.3d 543, 551 (2015).  The Court emphasized that Courts have “broad discretion to provide proportionate relief.”  See also VOOM, 93 A.D.3d at 47. A Note on When the Duty to Preserve Arose One additional aspect of the decision worth highlighting: the Court found that SKOUT’s duty to preserve arose on June 2, 2021—six months before GNY sent its formal preservation demand.  SKOUT’s own internal investigation—which revealed mis-mapped tickets and hundreds of improperly closed alarms—put it on notice that its monitoring practices would be scrutinized.  A formal demand letter is not a prerequisite.  See Mangual v. New Life School, 245 A.D.3d 647, 648 (1st Dep’t 2026); Fata v. Heskel’s Riverdale, LLC, 223 A.D.3d 520, 521 (1st Dep’t 2024). Practical Takeaways.

  • For Parties Seeking Spoliation Sanctions.
  1. Calibrate expectations. Even pervasive destruction across multiple platforms, combined with a finding of gross negligence, was not enough to get an answer stricken.  If you want the drastic remedy of a stricken answer, you need to establish willful or contumacious conduct—not just negligent failure to preserve.  You also need to demonstrate that the loss of evidence deprives you of the ability to prove your case through alternative means.  Frame your motion accordingly, and be prepared to show what’s truly irreplaceable versus what can be established through other discovery.
  • For Parties Facing Spoliation Allegations.
  1. Imperfect preservation saved SKOUT from the worst outcome. Even late, incomplete steps—like exporting data to CSV before deleting the native system—gave the Court a basis to find that alternative evidence existed and the prejudice could be addressed short of striking the answer.  The practical lesson: suspend auto-deletion policies immediately when you have any reason to believe litigation is possible.  SKOUT could have retained GNY’s Zendesk tickets by purchasing a storage add-on.  That modest expenditure would have avoided years of motion practice, an evidentiary hearing, and the adverse inference that would now follow SKOUT to trial.
  • For All Practitioners.
  1. Modern platforms—Slack, Zendesk, cloud-based monitoring tools—have aggressive default retention policies that will silently destroy evidence without affirmative intervention. Thirty days.  Fifteen months.  These are not litigation-friendly timelines.  A litigation hold that does not specifically identify the relevant platforms, their retention settings, and the steps required to suspend auto-deletion is no litigation hold at all.

Conclusion The GNY decision answers the question posed at the outset: how far is too far?  The answer, at least in the Commercial Division, is that gross negligence—even pervasive, multi-platform gross negligence—does not cross the line into willful or contumacious conduct warranting a stricken answer.  But practitioners should not confuse that line with a safe harbor.  An adverse inference instruction that the missing evidence would have supported the opposing party’s claims, coupled with a fee award, can fundamentally reshape the trajectory of a case at trial.  Surviving the spoliation motion is not the same as winning.  

Continue Reading How Far is Too Far? Commercial Division Finds Gross Negligence but Declines to Strike Answer for Digital Spoliation

Last fall, I blogged about the challenges of overturning an arbitrator’s award (check out that post here). That case illustrated the difficulties of vacating an award based on a purported erroneous ruling of law. But what if a party seeks to vacate an arbitrator’s award on procedural grounds—specifically, the alleged concealment of evidence?

The recent

A recent decision from the New York County Commercial Division reminds litigants that even under New York’s liberal discovery standards, sensitive business information like client lists is not automatically discoverable. In Slice Wireless Services, LLC v. Yakubov, et al. (Index No. 656506/2017, Apr. 22, 2026), Justice Robert R. Reed addressed the outer limits of discovery obligations, emphasizing the protection afforded to proprietary information and the practical boundaries of what a party must produce in discovery. The Dispute Plaintiff Slice Wireless Services, LLC sought expansive post-deposition discovery from Defendants, including additional corporate tax records; and a complete list of Defendant Made by Wifi, Inc.’s clients from 2017 through 2023. Plaintiff argues this information was material and necessary for trial preparation because it went directly to the core issues of liability and damages. Defendants resisted, arguing they had already produced all relevant materials within the applicable timeframe (particularly through 2019, when any restrictive covenants arguably expired). They further contended that the client list constituted protected, proprietary information and that no such comprehensive list even existed in the form Plaintiff demanded. The Court’s Ruling The Court denied Plaintiff’s motion, refusing to compel supplementation of discovery responses or production of Defendant Made by Wifi, Inc.’s client list.  Its reasoning rested on two key principles: (1) discovery is limited to materials within a party’s “possession, custody or control,” and (2) sensitive commercial information such as client lists warrants protection.

  1. Discovery Is Not Boundless

The Court reaffirmed that under CPLR 3101, discovery is broad, but not unlimited. A party is only required to produce materials within its “possession, custody, or control,” including what courts have termed “constructive possession”—the documents a party has the practical ability to obtain (Commonwealth of N. Mariana Is. v Can. Imperial Bank of Commerce, 21 NY3d 55, 62-63 [2013]). The Court found that Defendants had met this obligation. With no evidence that their prior responses were incomplete, inaccurate, or misleading, there was no basis to compel supplementation under CPLR 3101(h). The decision underscores a practical reality: discovery obligations are tethered to what actually exists and is accessible to the responding party—not to what might exist in theory.

  1. Client Lists May Constitute Protected, Proprietary Information

The Court also refused to compel production of the Defendants’ client list. Citing Leo Silfen, Inc. v Cream, 29 NY2d 387, 392 [1972], the Court recognized that client lists may qualify as trade secrets and constitute protected proprietary information. Importantly, the Court did not rely solely on the sensitive nature of the information. It also highlighted a threshold evidentiary gap: there was no evidence that a comprehensive client list for 2017 through 2023 even existed. Given the nature of Defendants’ business operations, the requested document may have been more conceptual than real. Ultimately, the sensitive nature of the information and the absence of evidence that the client lists existed made the difference. The Court declined to order production “at this juncture,” suggesting caution now, but flexibility down the road. Implications for Commercial Litigants This decision carries practical lessons for parties engaged in discovery disputes in the Commercial Division: First, relevance alone is not enough. Even where requested information goes to the “core” of a claim, courts will weigh the burden, sensitivity, and actual availability of the material. Litigants must show that the discovery is both within the responding party’s “possession, custody or control” (Canadian Imperial Bank of Com., 21 NY3d at 62-63) and is “material and necessary”(CPLR § 3101 [a]). Second, proprietary business information remains protected. Client lists continue to receive heightened scrutiny (Leo Silfen, Inc., 29 NY2d at 392). The Court declined to compel production where the information is sensitive, and its very existence is not established. Third, courts will enforce the “possession, custody and control” boundary. The Court’s decision reinforces that parties are not required to create documents that do not exist or to compile information into new formats simply to satisfy an adversary’s demand. Conclusion Slice Wireless serves as a reminder that New York’s liberal discovery regime has meaningful limits. Courts remain attentive to both the practical realities of document possession and the need to protect sensitive commercial information. The takeaway is clear: discovery operates at the intersection of broad disclosure rules and the practical limits of what exists, is accessible, and warrants protection.  

Continue Reading Broad But Not Boundless: Policing the Edge of Discovery and Protecting Client Lists in Slice Wireless Services, LLC v. Yakubov, et al.

Earlier this month, commercial litigators and judges from across New York headed to the Sagamore Resort on Lake George for the NYSBA Commercial and Federal Litigation Section’s 2026 Spring Meeting. The Spring Meeting featured a strong lineup of timely presentations focused on issues litigators commonly face – from appellate practice and bankruptcy litigation to ethics

Every litigator has experienced a technology hiccup at an inconvenient moment. But courts have made clear that vague references to “technical difficulties” will not excuse a failure to appear—and once a default judgment is entered, vacating it is an uphill battle. The recent case of Chen Dongwu v New York City Regional Ctr. LLC offers

When seeking a default judgment, parties often assume that an unanswered complaint puts them in the driver’s seat for a quick and early victory. But as practitioners in the Commercial Division are well aware, courts retain discretion to deny a motion for default judgment if the record raises questions about service or if the defendant

I have a soft spot for civil RICO: treble damages, enterprise allegations, the chance to elevate ordinary fraud into something operatic. But, as many of us have learned, civil RICO is not meant to transform ordinary commercial disputes into racketeering cases. Courts routinely dismiss such claims when plaintiffs fail to meet the statute’s strict pleading

Fiduciary duty claims between closely-held business owners are commonplace in litigation before the Commercial Division. A decision last fall from Suffolk County Commercial Division Justice James C. Hudson in Matter of Lehan v Montgomery serves as a professorial primer on the meaning and importance of fiduciary obligations between business partners.

The Dispute

Dix Hills Car

In settlement agreements, a valid release serves as a critical mechanism for resolving disputes between parties.  By its terms, a release is intended to extinguish all claims, both those that are known and unknown to the parties at the time of execution of the agreement. When parties are represented by counsel and agree to a