Andy Moss

Subscribe to all posts by Andy Moss

Cyber insurance claims: Minimize risk, maximize recovery

Cybercrime, including ransomware, is one of the top challenges facing organizations today. Businesses across the globe are suffering staggering cyber-related losses, losing around $60 billion on cyber crime annually.   We are excited to launch our thought leadership campaign, “Cyber Insurance claims: Minimize risk, maximize recovery,” which provides a comprehensive look into the key issues relating … Continue Reading

Navigating the “Bump-Up” exclusion in 2023: Rules for the road

M&A activity is making a comeback in 2023, according to Bloomberg Law (“M&A Roars Back in $40 Billion Surge Led by Miners, Storage” A. Kirchfeld and D. Nair, Feb. 6, 2023). The rise in transactions—and the likelihood of claims involving them—will no doubt lead to continued D&O insurance coverage disputes over the “bump up” exclusion. Policyholders … Continue Reading

Key considerations for companies in procuring or renewing D&O coverage

Directors’ and Officers’ liability (“D&O”) insurance offers key protections to a company’s board members and management by serving as a financial backstop for their indemnification rights as well as their personal assets in the event directors or officers are the subject of claims or investigations based on their service to the company.  D&O insurance also … Continue Reading

A tightening cyber insurance market: War exclusions in the wake of Merck v. Ace

As cyber risks continue to grow and evolve, the cyber insurance market is increasingly likely to take steps to limit its risk profile, often in the form of new or broadened policy exclusions. Cyber insurers are continuously evaluating, amending, and restructuring their insurance products (including their capacity, and, importantly, their pricing) to reflect what they … Continue Reading

Are your crypto risks insured? Look at D&O and cyber policies first

Evidenced by its $1.29 trillion market cap, (CoinMarketCap, May 17, 2022) interest in cryptocurrency has skyrocketed in recent years (Haar, 2022). Indeed, as of April 2, 2022, the cryptocurrency market was larger than Italy’s GDP, the eighth largest in the world (Adams and Walker, 2022). Of course, with more interest and value comes more risk, … Continue Reading

Responding to a cyber-related business interruption: best practices

One of the top issues facing business today is the risk of business interruption resulting from a cyber-related attack. Regardless of the form of attack – ransomware, denial of service, data theft, or other form of malware – any resulting failure of an organization’s network systems can have severe consequences, financial and otherwise. These may … Continue Reading

Lessons from Merck v. Ace: A cyberattack does not amount to an ‘act of war’

Cyberattacks continue to grow in sophistication and frequency, with attackers targeting businesses of all industries and sizes with seeming impunity. In the wake of this ongoing pervasive and indiscriminate threat, corporate risk departments are taking measures to assess cyber risks and update network security and protocol in hopes of staying one step ahead of potential … Continue Reading

D&O insurance basics (Part 2)

Directors’ and officers’ liability (D&O) insurance protects the personal assets of corporate directors and officers in the event of a lawsuit or other “claim” made against them for, among other things, an alleged breach of their duties in managing the organization.  D&O insurance directly covers individual directors and officers for their defense costs, judgments against … Continue Reading

D&O insurance basics (Part 1)

This is the first of two posts discussing several major aspects of directors’ and officers’ liability (“D&O”) insurance coverage.  Companies approaching a policy renewal deadline, looking to place D&O insurance for the first time, considering increasing the size or structure of an existing D&O insurance program, or otherwise evaluating their overall risk management strategy may … Continue Reading

Artificial Intelligence: The New Frontier for Assessing Insurance Coverage

U.S. and international businesses are accelerating their use of artificial intelligence (AI)[1] at an unprecedented rate. The second AI Index Report published in December 2018 by a Stanford University-led group concluded that “AI activity is increasing nearly everywhere and technological performance is improving across the board.” The AI Index Report further found that “the number … Continue Reading

Lloyd’s of London report forecasts multibillion dollar losses due to cloud outages

On Tuesday, January 23, Lloyd’s of London and AIR Worldwide co-published a report regarding the financial fallout that could occur if a cyber incident or shutdown of a cloud computing provider happened in the United States. The report noted that losses could be around $19 billion with only about $3 billion being covered by insurance.[1]  … Continue Reading

Beware the Fine (Thumb) Print: Insurance Coverage for Class Actions Under the Illinois Biometric Information Privacy Act, and Similar Biometric Privacy Statutes

Since July 2017, national, regional and local businesses operating in Illinois have been hit with a virtual storm of class actions under the Illinois Biometrics Privacy Act (“BIPA”), 740 ILCS 14 et seq.  BIPA regulates how businesses may record and store biometric data from customers or employees, and these actions create the potential for significant … Continue Reading

Schrödinger’s Coverage: When a Risk is Covered and Not Covered by Insurance

When is a person an “employee” under one insurance policy but not an employee under another?   Conflicting or inconsistent definitions across multiple policy lines issued to the same company can give rise to significant gaps in insurance coverage, as a recent opinion of the U.S. Court of Appeals for the Seventh Circuit instructs, Telamon Corp. … Continue Reading

Massive DDoS Internet Attack Heightens the Focus on Cyberliability and Network Business Interruption Insurance Coverage

The October 21, 2016 DDoS attack on the internet’s domain name system infrastructure underscores the need to consider cyberliability insurance coverage as a critical component of your company’s security and privacy breach response plan, and if your company carries cyberliability insurance, to ensure that your coverage will respond to a network business interruption, security breach … Continue Reading

‘Sorry, But You Have Nothing in Common’: The New York Court of Appeals’ Recent Rejection of the ‘Common Interest Doctrine’ Outside the Context of Litigation

The New York Court of Appeals, the state’s highest court, recently rejected an attempt to apply the “common interest doctrine,” an exception to the general rule that communicating privileged information to a third party waives the attorney-client privilege, to situations where separately represented parties communicate attorney-client privileged information in connection with transactions or other circumstances … Continue Reading

Companies can insure against cyber ransom

National Public Radio and other news outlets are reporting that a Los Angeles-area hospital recently paid a $17,000 ransom (in the form of 40 bitcoins) to hackers to unencrypt its computer networks, which had been held hostage after “ransomware” was introduced into the hospital’s network. Ransomware is a form of malicious software, or “malware,” that encrypts … Continue Reading

New York Department of Financial Services Announces New Cyber Security Measures Directed at Strengthening Insurers’ Cyber Defenses

The New York Department of Financial Services (NYDFS) announced last week a series of measures it plans to take "to help strengthen cyber hacking defenses at insurers." Those measures include, among other things: regular, targeted assessments of cyber security preparedness at insurance companies; putting forward enhanced regulations requiring institutions to meet heightened standards for cyber security; and considering the ways in which NYDFS can support and encourage the development of the cyber security insurance market. The NYDFS stated that it plans to initiate these measures in the coming weeks and months.… Continue Reading

On the Coattails of United States v. Trek Leather, Make Sure You Have Suitable D&O Coverage

Corporate directors and officers have a long list of things that can keep them up at night. Personal liability for civil fines and penalties arising out of negligence or even gross negligence committed in the course of their service to the company should not be one of them. But recently, in United States v. Trek Leather, Inc., 767 F.3d 1288 (Fed. Cir. 2014) (en banc), a federal appeals court held that the government could hold a corporate officer liable for a civil penalty based on gross negligence committed by the officer or his or her agents acting in the scope of their duties to the company, and without the government establishing fraudulent intent or attempting to pierce the corporate veil.… Continue Reading

As Federal and State Agencies Warn of Increased Cyber Threats, Insurance Incentives for Compliance with NIST Cybersecurity Framework May Be on the Horizon

Since the President's February 2013 Executive Order directing the National Institute of Standards and Technology (NIST) to lead the development of a voluntary framework to address and reduce cyber risks, the agencies and stakeholders involved have been exploring whether to tie the February 2014 Framework for Improving Critical Infrastructure Cybersecurity (the NIST Framework) to incentives such as cyberliability insurance. For example, in a Report to the President on Cybersecurity Incentives, the Treasury Department suggested that "[c]yber insurance can promote adoption of stronger security measures" because, among other reasons, "insurers could require policyholders to comply with minimum security standards as a condition of insurance coverage, including adoption of the Framework." The Treasury Department held a public meeting on November 6 that included a discussion of developments in the market for cyberliability insurance and the NIST Framework.… Continue Reading

Beware Of Gaps In Your Cyber Risk Policy – Are You Covered In the Event of an Insider Attack or Data Breach?

The evolving market for cyberliability insurance coverage reveals significant differences in the scope of coverage afforded under available policies. A coverage gap that may exist under some policies is for insider cyber attacks. While external attacks receive substantial news coverage, a recent study finds that businesses may be far less equipped to stave off attacks involving insiders: employees, vendors, suppliers and others who may have authorized access to critical or sensitive data.… Continue Reading

NY High Court Holds that “Self-Serving” Testimony from Underwriter is Insufficient for Rescission

The New York Court of Appeals rejected an effort by Continental Casualty Company (CNA) to rescind an excess professional liability (E&O) policy issued to the law firm Pepper Hamilton LLP, in a decision under Pennsylvania law that also affirmed summary judgment in favor of two of the firm’s other excess E&O insurers based on the … Continue Reading
LexBlog