Tag: Cyber risk

United States Department of Justice Announces “Best Practices” for Addressing Cyber Attacks

In light of the growing concern over cybersecurity, the United Stated Department of Justice (“DOJ”) issued guidance last week on how to prepare for and respond to cyber attacks.  Taking lessons learned by federal prosecutors while handling cyber investigations, and input from private sector companies that have managed cyber incidents, the guidance contains a step-by-step guide … Continue Reading

New York Department of Financial Services Announces New Cyber Security Measures Directed at Strengthening Insurers’ Cyber Defenses

This post was written by Emily Garrison and Andy Moss.
The New York Department of Financial Services (NYDFS) announced last week a series of measures it plans to take “to help strengthen cyber hacking defenses at insurers.” Those measures …

New York Department of Financial Services Announces New Cyber Security Measures Directed at Strengthening Insurers’ Cyber Defenses

The New York Department of Financial Services (NYDFS) announced last week a series of measures it plans to take “to help strengthen cyber hacking defenses at insurers.” Those measures include, among other things: regular, targeted assessments of cyber security preparedness at insurance companies; putting forward enhanced regulations requiring institutions to meet heightened standards for cyber security; and considering the ways in which NYDFS can support and encourage the development of the cyber security insurance market. The NYDFS stated that it plans to initiate these measures in the coming weeks and months.… Continue Reading

Hackers Don’t Care About Your Insurance

This post was written by Brian Himmel, Andy Moss, David Weiss and Cristina Shea.
A recent study reports that the median amount of time between a breach of a company’s computer network and the discovery of the incident is 229 days. But some …

As Federal and State Agencies Warn of Increased Cyber Threats, Insurance Incentives for Compliance with NIST Cybersecurity Framework May Be on the Horizon

This post was written by J. Andrew Moss and Emily Garrison.
Since the President’s February 2013 Executive Order directing the National Institute of Standards and Technology (NIST) to lead the development of a voluntary framework to address and r…

Beware Of Gaps In Your Cyber Risk Policy – AreYou Covered In the Event of an Insider Attack or Data Breach?

This post was written by Brian T. Himmel, J. Andrew Moss and Robert H. Owen.
The evolving market for cyberliability insurance coverage reveals significant differences in the scope of coverage afforded under available policies. A coverage gap that may e…

Cyberattacks Push Companies to Specialty Insurance Policies

Travis Wall’s article Cyberattacks Push Companies to Specialty Insurance Policies says the window is closing for obtaining coverage for cyber attacks under traditional policies.

The article, published in The Recorder on May 23 says as insures refine coverage defenses and expand exclusions for cyber events, business will have to turn to specialty cyber policies for protection against data theft or loss.

Commercial general liability (CGL) policies have two basic coverage types. Coverage A addresses “property damage” and “bodily injury.” Coverage B applies to “personal injury” offenses, such as publications that invade rights of privacy. Because data breaches typically do not involve property damage or bodily injury, policyholders rely primarily on the personal injury prong.

Among other requirements, personal injury coverage applies only to claims arising from a “publication” of information. Data theft through hacking does not appear to involve a “publication” as that term is commonly understood.

Courts will not presume a publication simply because a data loss occurred. In a recent case, tapes containing confidential employee information fell out of a delivery truck. An unknown person then retrieved them but there was no evidence that employee information was publicly disclosed or improperly used.

A Connecticut appellate court rejected the argument that the data loss, in and of itself, constituted a “publication.” The mere potential for disclosure was not enough—there had to be evidence that confidential information on the tapes was actually published. See Recall Total Information Management Inc. v. Federal Ins. Co., 147 Conn. App. 450 (2014).

Read the full article at The Recorder.

Read more on this topic, please visit The Recorder (subscription required).