Tag Archives: Cyberliability

A tightening cyber insurance market: War exclusions in the wake of Merck v. Ace

As cyber risks continue to grow and evolve, the cyber insurance market is increasingly likely to take steps to limit its risk profile, often in the form of new or broadened policy exclusions. Cyber insurers are continuously evaluating, amending, and restructuring their insurance products (including their capacity, and, importantly, their pricing) to reflect what they … Continue Reading

Can property or specie insurance provide coverage for crypto losses?

How cryptocurrencies are viewed by courts can be determinative when seeking coverage for a cryptocurrency-related loss, and whether cryptocurrency is “money,” “securities,” or “property” has been the subject of heavy debate. In our previous blog post, we explored how your current D&O and/or cyber insurance policies may provide coverage for crypto-related losses. In this article, … Continue Reading

War exclusion: changing battlefields and coverage implications

In early February of this year, we wrote about a New Jersey court’s recent decision in Merck & Co., Inc. et al. v. Ace American Ins. Co. et al., Case No. UNN-L-2682-18 (N.J. Sup. Ct.) regarding the applicability of a “war exclusion” for acts of cyberwarfare.  Shortly thereafter, the Russian invasion of Ukraine once again … Continue Reading

Responding to a cyber-related business interruption: best practices

One of the top issues facing business today is the risk of business interruption resulting from a cyber-related attack. Regardless of the form of attack – ransomware, denial of service, data theft, or other form of malware – any resulting failure of an organization’s network systems can have severe consequences, financial and otherwise. These may … Continue Reading

Lessons from Merck v. Ace: A cyberattack does not amount to an ‘act of war’

Cyberattacks continue to grow in sophistication and frequency, with attackers targeting businesses of all industries and sizes with seeming impunity. In the wake of this ongoing pervasive and indiscriminate threat, corporate risk departments are taking measures to assess cyber risks and update network security and protocol in hopes of staying one step ahead of potential … Continue Reading

Year in review: Reed Smith’s Insurance Recovery team highlights top insurance topics of 2021

At Reed Smith, we pride ourselves on forming true partnerships with our clients to find creative and unexpected solutions to the most challenging insurance coverage issues. As part of this commitment, we have authored a column for Thomson Reuters to provide advice, strategies, and information on the full range of insurance coverage issues affecting commercial … Continue Reading

Are you covered? Cannabis industry must prepare for cyberattacks in 2020

Experian Data Breach Resolution (Experian) has identified its “top data breach trends of 2020,” and the cannabis industry should take note. In its “Data Breach Industry Forecast 2020,” Experian predicts that “we will see many burgeoning industries, such as cannabis retailers, cryptocurrency entities, and even some environmental organizations targeted for cyberattacks as a result of … Continue Reading

Ten important steps a cannabusiness should consider when purchasing insurance

Purchasing insurance for a cannabusiness can feel like a daunting task, but it does not have to be one. In addition to grappling with many of the same issues and questions that any business confronts when seeking insurance, a cannabusiness encounters certain additional, unique challenges due to the industry in which it operates. That is … Continue Reading

Beware the Fine (Thumb) Print: Insurance Coverage for Class Actions Under the Illinois Biometric Information Privacy Act, and Similar Biometric Privacy Statutes

Since July 2017, national, regional and local businesses operating in Illinois have been hit with a virtual storm of class actions under the Illinois Biometrics Privacy Act (“BIPA”), 740 ILCS 14 et seq.  BIPA regulates how businesses may record and store biometric data from customers or employees, and these actions create the potential for significant … Continue Reading

Massive DDoS Internet Attack Heightens the Focus on Cyberliability and Network Business Interruption Insurance Coverage

The October 21, 2016 DDoS attack on the internet’s domain name system infrastructure underscores the need to consider cyberliability insurance coverage as a critical component of your company’s security and privacy breach response plan, and if your company carries cyberliability insurance, to ensure that your coverage will respond to a network business interruption, security breach … Continue Reading

Court Upholds Coverage Under General Liability Policy for Claim Alleging Failure to Protect Data

In an encouraging development for insureds, the United States Court of Appeals for the Fourth Circuit held that a health care company’s general liability insurer was required to defend the company against claims stemming from an alleged failure to secure electronic medical records. In The Travelers Indemnity Co. of America v. Portal Healthcare Solutions, L.L.C., … Continue Reading

Companies can insure against cyber ransom

National Public Radio and other news outlets are reporting that a Los Angeles-area hospital recently paid a $17,000 ransom (in the form of 40 bitcoins) to hackers to unencrypt its computer networks, which had been held hostage after “ransomware” was introduced into the hospital’s network. Ransomware is a form of malicious software, or “malware,” that encrypts … Continue Reading

The Vital Role of Cyber Insurance in Protecting a Team’s “Analytic Property”

Professional sports organizations are facing a new off-field risk: potential exposure of their proprietary data. In this new age of data in professional sports, teams are spending millions of dollars on sabermetrics and other data science techniques to obtain a competitive edge. But as the recent alleged breach of the Houston Astros’ computer database by … Continue Reading

United States Department of Justice Announces “Best Practices” for Addressing Cyber Attacks

In light of the growing concern over cybersecurity, the United Stated Department of Justice (“DOJ”) issued guidance last week on how to prepare for and respond to cyber attacks.  Taking lessons learned by federal prosecutors while handling cyber investigations, and input from private sector companies that have managed cyber incidents, the guidance contains a step-by-step guide … Continue Reading

New York Department of Financial Services Announces New Cyber Security Measures Directed at Strengthening Insurers’ Cyber Defenses

The New York Department of Financial Services (NYDFS) announced last week a series of measures it plans to take "to help strengthen cyber hacking defenses at insurers." Those measures include, among other things: regular, targeted assessments of cyber security preparedness at insurance companies; putting forward enhanced regulations requiring institutions to meet heightened standards for cyber security; and considering the ways in which NYDFS can support and encourage the development of the cyber security insurance market. The NYDFS stated that it plans to initiate these measures in the coming weeks and months.… Continue Reading

President Obama Acknowledges Growing Cybersecurity Threats to the Government and Economy, Proposes New Measures to Fight Cyber Risks

Just days after news broke that ISIS hackers forced the shutdown of the U.S. Central Command's Twitter account, President Obama met with congressional leadership, members of the Federal Trade Commission and the Department of Homeland Security to unveil a proposal to facilitate increased cooperation between the private sector and government to combat growing cybersecurity threats. Citing concerns with preserving national security, public safety and public health, the President proposed new federal cybersecurity legislation, emphasizing that although our digital economy "creates enormous opportunities," it also "creates enormous vulnerabilities for us as a nation" that are growing and costing us billions of dollars. In remarks on Tuesday at the National Cybersecurity Communications Integration Center, the President further acknowledged the serious legal and liability issues involved with private companies sharing information with the government, and argued that his proposed legislation "includes essential safeguards to ensure that [the] government protects privacy and civil liberties" and other liability protections for companies that share information on cyber threats.… Continue Reading

Deputy Secretary of Treasury Encourages Financial Institutions

Top-ranking U.S. officials continue to stress the importance of securing adequate protection in the event of cyberliability losses. Most recently, those efforts have been directed to financial institutions, an industry particularly susceptible to cyber attacks. On December 3, 2014, United States Deputy Secretary of the Treasury, Sarah Raskin, delivered a speech at the Texas Bankers' Association Executive Leadership Cybersecurity Conference wherein she provided banks with a simple checklist to consider before a cyber attack occurs. Notably, one item on the Deputy Secretary's checklist was cyberliability insurance - coverage at which the Deputy Secretary recommended all banks take a hard look.… Continue Reading

Hackers Don’t Care About Your Insurance

A recent study reports that the median amount of time between a breach of a company's computer network and the discovery of the incident is 229 days. But some cyberliability policy forms require that both the breach event and discovery of loss (or resulting claim) occur during the policy period. So what happens when a breach is discovered three months into the policy period but, unbeknownst at the time, the intrusion actually occurred six months before, or even earlier? If your company's cyberliability insurance policy excludes breach events occurring before the inception of the policy period, the company could find itself without coverage for an otherwise-covered claim or loss.… Continue Reading

As Federal and State Agencies Warn of Increased Cyber Threats, Insurance Incentives for Compliance with NIST Cybersecurity Framework May Be on the Horizon

Since the President's February 2013 Executive Order directing the National Institute of Standards and Technology (NIST) to lead the development of a voluntary framework to address and reduce cyber risks, the agencies and stakeholders involved have been exploring whether to tie the February 2014 Framework for Improving Critical Infrastructure Cybersecurity (the NIST Framework) to incentives such as cyberliability insurance. For example, in a Report to the President on Cybersecurity Incentives, the Treasury Department suggested that "[c]yber insurance can promote adoption of stronger security measures" because, among other reasons, "insurers could require policyholders to comply with minimum security standards as a condition of insurance coverage, including adoption of the Framework." The Treasury Department held a public meeting on November 6 that included a discussion of developments in the market for cyberliability insurance and the NIST Framework.… Continue Reading

Beware Of Gaps In Your Cyber Risk Policy – Are You Covered In the Event of an Insider Attack or Data Breach?

The evolving market for cyberliability insurance coverage reveals significant differences in the scope of coverage afforded under available policies. A coverage gap that may exist under some policies is for insider cyber attacks. While external attacks receive substantial news coverage, a recent study finds that businesses may be far less equipped to stave off attacks involving insiders: employees, vendors, suppliers and others who may have authorized access to critical or sensitive data.… Continue Reading
LexBlog