Current Issue Headlines
Vol. 4, No. 33 (Oct. 10, 2018)
Print This Issue
-
Using Cyber Insurance to Mitigate Risk: Getting Savvy About Cost and Policy Terms
Companies are increasingly turning to cyber insurance to offset risk. While coverage exists for a variety of potential losses and liabilities caused by cyber risk, it can be difficult to keep track of the evolving market and to understand confusing policy terms. In this three-part article series, we speak with legal and insurance industry experts about the current state of the cyber-insurance market and what companies need to know about this risk-management tool. This second installment examines the cost of a policy and how much coverage is necessary and provides insight on how companies can be savvier about having the right terms in place. Part one covered the current insurance landscape, how to find the right insurer and included actionable advice on navigating the application process. Part three will discuss policy management and how to communicate after a breach. See also “Navigating the Evolving Cyber Insurance Market” (Jun. 14, 2017).
Read full article … -
Lessons From the SEC’s First Red Flags Rule Settlement
Broker-dealer Voya’s $1-million settlement with the SEC for alleged violations of the Safeguards Rule and the Identity Theft Red Flags Rule shows that the SEC is willing to act when it believes firms could have done more to prevent attacks. “The SEC expects companies to not only have in place commercially reasonable standards, policies and procedures for cybersecurity, but to implement them along with compliance and audit procedures to assure that they are working as intended,” Jason Elmer, managing partner at Drawbridge Partners, told The Cybersecurity Law Report. We analyze the case, which involved a network intrusion by people impersonating third-party contractors, and its lessons, including the mistakes Voya made, how companies can avoid them and what the case says about SEC cybersecurity enforcement. See “How Financial Services Firms Should Structure Their Cybersecurity Programs” (May 9, 2018).
Read full article … -
Fifteen Tips for an Effective Cybersecurity Board Presentation
Boards are becoming more engaged with cybersecurity issues as the risks have become more visible and the potential for director liability has risen. Directors want to be informed and are asking more detailed questions. For those providing the answers, an effective presentation is critical to obtain buy-in and budget in line with the company’s risk profile and tolerance. In addition, board presentations can be an opportunity to present cybersecurity efforts not as simply costing money, but also as creating business advantages. The Cybersecurity Law Report has compiled the following list to help with this task. See also “A CSO/GC Advises on How and When to Present Cybersecurity to the Board” (Feb. 22, 2017); and “How to Handle Rising Expectations for Board Cyber Education and Involvement” (Mar. 14, 2018).
Read full article … -
CSLR in Cybersecurity Ventures’ Cybercrime Magazine
The Cybersecurity Law Report's Global Editor-in-Chief Rebecca Hughes Parker recently sat down with Georgia Reid, the managing editor of Cybercrime Magazine, to discuss the hot legal topics in cybersecurity and data privacy that CSLR has been analyzing. The video is here and the interview is available on the Cybercrime Magazine podcast on Apple Podcasts, SoundCloud or Google Podcasts. The conversation covered how lawyers and technologists can interact, GDPR enforcement, the NYDFS Cybersecurity Regulation, third-party liability, ransomware and more.
Read full article … -
Chinese Cyber Regulation Expert Joins BakerHostetler in Washington, D.C.
Sarah (Xiaohua) Zhao has joined BakerHostetler as a partner in Washington, D.C., where she will advise clients on cross-border data transfer issues, privacy and cybersecurity. For more than 20 years, Zhou has assisted Chinese clients in the United States, as well as U.S. companies in China. She joins from Faegre Baker Daniels, where she was also a partner, and was based in Washington, D.C. and Beijing. For more from BakerHostetler, see “Lessons From the Continued Uptick in HIPAA Enforcements” (Feb. 8, 2017).
Read full article … -
Squire Patton Boggs Announces New Deputy Co-Chair of Data Privacy & Cybersecurity Practice Group in Brussels
Former Deputy Head of the Cybersecurity and Digital Privacy Unit at the European Commission Rosa Barcelo has joined Squire Patton Boggs as a partner and the deputy co-chair of the data privacy & cybersecurity practice group in Brussels. She advises clients on data protection and privacy, including compliance with the GDPR and the e-Privacy Directive. For more from Squire Patton Boggs, see “Understanding the Intersection of Law and Artificial Intelligence” (May 30, 2018).
Read full article …