The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: Cyber Insurance

  • From Vol. 3 No.17 (Aug. 23, 2017)

    Inside Advice on the Growing Cyber Insurance Market for the Financial Sector

    In light of increasing cyber threats, regulatory focus, and the realization that complete breach prevention is impossible, interest in cybersecurity insurance has rapidly increased in the financial sector. Graig Vicidomino, associate director of Crystal & Company, spoke to The Cybersecurity Law Report about trends in the financial market for cyber insurance, particularly for fund managers, including costs, amounts of coverage, scope of coverage and policy benefits. He also provides practical post-breach advice and insights from clients seeking to cover specific types of incidents. See also “How to Make an Informed Policy Selection in the Dynamic Cyber Insurance Market” (Aug. 9, 2017); and “Navigating the Evolving Cyber Insurance Market” (Jun. 14, 2017).

    Read Full Article …
  • From Vol. 3 No.16 (Aug. 9, 2017)

    How to Make an Informed Policy Selection in the Dynamic Cyber Insurance Market

    The role of insurance in corporate cyber risk mitigation is growing and shifting. With both the risks and the policy types in flux, it can be challenging to select the type of program that provides the appropriate coverage for a company’s specific needs and budget. In this guest article, K&L Gates attorneys John P. Scordo and Erica S. Mekles explain the current market, the scope of potential coverage, additional provisions to consider and ways to cover cyber losses outside of cyber-specific policies. See also “Navigating the Evolving Cyber Insurance Market” (Jun. 14, 2017).

    Read Full Article …
  • From Vol. 3 No.12 (Jun. 14, 2017)

    Navigating the Evolving Cyber Insurance Market

    If change is the only constant in technology, the same follows for cyber insurance. As threats multiply in number and complexity and the technology systems companies employ to protect themselves become more sophisticated, insurers work to meet the new demands and challenges those developments present. At a recent IAPP panel, Brendan Hogan, an attorney at Bradley Arant Boult Cummings, Aarti Soni, senior vice president and cyber claims advocacy leader at Marsh, and Joseph Cvelbar, director of global data privacy for Royal Caribbean, offered advice on selecting, applying for and maintaining a policy in the current marketplace. See “Building a Strong Cyber Insurance Policy to Weather the Potential Storm (Part One of Two)” (Nov. 25, 2015); Part Two (Dec. 9, 2015).

    Read Full Article …
  • From Vol. 3 No.3 (Feb. 8, 2017)

    How Fund Managers Can Prepare for Investor Cybersecurity Due Diligence 

    Cybersecurity remains a top-of-mind issue for regulators, investors and investment advisers. As part of operational due diligence, investors often evaluate whether an adviser has robust cybersecurity defenses. Similarly, advisers must ensure that their administrators, brokers and other third parties have appropriate defenses. A recent program hosted by the Investment Management Due Diligence Association gave specifics on what investors may be looking for, including due diligence questions they may ask and how they may evaluate a firm’s cybersecurity program, including its cyber insurance. See also our two-part series on vendor risk management “Nine Due Diligence Questions” (May 25, 2016), and “14 Key Contract Terms” (June 8, 2016). 

    Read Full Article …
  • From Vol. 3 No.1 (Jan. 11, 2017)

    Ten Cybersecurity Priorities for 2017

    Even companies that have mature information security practices in place must exercise constant vigilance by reevaluating their needs and improving their approaches. The Cybersecurity Law Report spoke with several experts to find out what companies should be focusing on and how they should allocate time and resources when setting cybersecurity priorities for 2017. In this article, we outline the resulting top ten cybersecurity action items for companies to tackle to ensure a more secure new year. See also “Cybersecurity Preparedness Is Now a Business Requirement” (Feb. 17, 2016).

    Read Full Article …
  • From Vol. 2 No.23 (Nov. 16, 2016)

    Increasing Role of Counsel Among Operational Shifts Highlighted by Cyber Risk Management Survey

    As companies become more aware of the complexities of cyber risk, they are approaching not only preventative measures more collaboratively, but also risk management and insurance selection. A recent survey conducted by Advisen and Zurich North America shows operational shifts, including the increasing cooperation between IT and risk management, a heightened role for counsel and boards, as well as more reliance on external resources for post-breach efforts. The survey also reveals that the process of determining the right insurance coverage is also becoming part of this collaborative security effort. “Insurance in the cyber realm is not merely an instrument for transferring risk. Even the process of obtaining the insurance is viewed as a catalyst for driving and elevating enterprise-wide cybersecurity risk management,” Roberta Anderson, K&L Gates partner, told The Cybersecurity Law Report. See also “Building a Strong Cyber Insurance Policy to Weather the Potential Storm” Part One (Nov. 25, 2015); Part Two (Dec. 9, 2015).

    Read Full Article …
  • From Vol. 2 No.19 (Sep. 21, 2016)

    Learning How to Pick the Best Policy from Cyber Insurance Cases (Part Two of Two)

    The cyber insurance market is maturing. As policy definitions and exclusions come under judicial scrutiny, insureds are learning how to negotiate policies, and insurers are developing new policies to fill in coverage gaps. This article, the second part of our series covering a Knowledge Group webinar, includes the speakers’ insight on the importance of representations on the insurance application and ADR clauses in policies; what companies need to know about coverage of physical damage from breaches; and how new cyber policies may change the market. The first article included the panelists’ discussion of the current cyber insurance market and the issue of publication under CGL policies, as well as their analysis of recent cases to extract the questions companies should be asking insurers about key policy definitions and exclusions. See also “Building a Strong Cyber Insurance Policy to Weather the Potential Storm” Part One (Nov. 25, 2015); Part Two (Dec. 9, 2015).

    Read Full Article …
  • From Vol. 2 No.18 (Sep. 7, 2016)

    What Cyber Insurance Cases Teach About Picking the Best Policy (Part One of Two)

    As cybersecurity-related insurance claims proliferate and litigation ensues, more jurisprudence in the area is being developed to guide companies as they purchase policies. Companies looking to purchase or amend their coverage can learn from examples of how other claims have fared under judicial scrutiny. This first part of our article series covering a recent Knowledge Group webinar includes the panelists’ discussion of the current cyber insurance market and the issue of publication under CGL policies. The speakers also analyze recent cases to extract the questions companies should be asking insurers about key policy definitions and exclusions. The second article will focus on lessons from the recent Cottage Health  case and discuss coverage considerations for physical damage. See also “Building a Strong Cyber Insurance Policy to Weather the Potential Storm” Part One (Nov. 25, 2015); Part Two (Dec. 9, 2015).

    Read Full Article …
  • From Vol. 2 No.16 (Aug. 3, 2016)

    Key Post-Breach Shareholder Litigation, Disclosure and Insurance Selection Considerations

    Publicly traded companies face an array of cyber-related decisions beyond how to best secure their data – chief among them are when and to whom to disclose cyber risks, how to handle shareholder litigation that follows a breach and what type of insurance policy to choose to mitigate post-breach costs. At a recent seminar hosted by the Practising Law Institute, speakers from Labaton Sucharow, BitSight Technologies and Beecher Carlson addressed considerations for making disclosures to investors both prior to and following data breaches, elements of a securities fraud case and the scope of possible insurance coverage to mitigate losses following a breach. See also “Proactive Steps to Protect Your Company in Anticipation of Future Data Security Litigation” Part One (Nov. 25, 2015); Part Two (Dec. 9, 2015).

    Read Full Article …
  • From Vol. 2 No.15 (Jul. 20, 2016)

    How the Financial Services Industry Can Manage Cyber Risk

    Financial services providers and financial institutions are prime targets for hackers, and have also been targets of SEC scrutiny – the agency has recently brought actions against Morgan Stanley, Craig Scott Capital, and RT Jones for cybersecurity violations, even in the absence of a breach. How can firms in those industries ensure their cybersecurity programs are robust and mitigate risk? At a recent symposium held by the Hedge Fund Association, panelists with various cybersecurity perspectives and expertise shared their insight on preparedness, incident response plans, vendor management, cyber insurance (including recommendations for carriers) and whether to use cloud services. See also our two-part series on how the financial services sector can meet the cybersecurity challenge: “A Snapshot of the Regulatory Landscape (Part One of Two)” (Dec. 9, 2015); “A Plan for Building a Cyber-Compliance Program (Part Two)” (Jan. 6, 2016).

    Read Full Article …
  • From Vol. 2 No.13 (Jun. 22, 2016)

    Cyber Insurance Challenges Highlighted by Court’s Denial of P.F. Chang’s Claim

    How far will cyber insurance coverage stretch when there is a breach? Courts are starting to answer this question as cyber insurance policies get tested with breaches. While these policies are marketed as “a panacea for all cybersecurity-related woes,” when policyholders face significant losses, the insurers “hire high-powered lawyers” to avoid paying claims, Scott Godes, a partner at Barnes & Thornburg, told The Cybersecurity Law Report. We analyze the recent district court ruling that a cyber insurance policy fails to cover liabilities to credit card issuers arising from a popular restaurant’s data breach. See also “Building a Strong Cyber Insurance Policy to Weather the Potential Storm”: Part One (Nov. 25, 2015); Part Two (Dec. 9, 2015).

    Read Full Article …
  • From Vol. 2 No.12 (Jun. 8, 2016)

    How Financial Service Providers Can Use Cyber Insurance to Mitigate Risk

    Cyber threats in the alternative investment industry are growing increasingly larger and more sophisticated, requiring financial service providers to maintain sufficient infrastructure to prevent and respond to any breaches. A key component of that infrastructure is a cyber insurance policy to reimburse the fund manager for costs incurred defending against a cyber attack and loss of data caused by the attack. A recent alternative asset manager forum sponsored by insurance advisory and brokerage firm Crystal & Company offered a look at the current cyber threat landscape, cybersecurity preparedness, breach response and cyber liability insurance from the insurance, legal and forensic perspectives. The panel featured experts from investigation and consultancy firm K2 Intelligence, AIG Property & Casualty’s financial institutions group, AXIS Insurance and Lewis Brisbois Bisgaard & Smith. See also the CSLR’s series on how the financial services sector can meet the cybersecurity challenge: “A Snapshot of the Regulatory Landscape (Part One of Two)” (Dec. 9, 2015); “A Plan for Building a Cyber-Compliance Program (Part Two)” (Jan. 6, 2016).

    Read Full Article …
  • From Vol. 2 No.12 (Jun. 8, 2016)

    Foreign Business Chambers Sign Open Letter Against Chinese Cybersecurity Regulatory Changes

    More than two dozen foreign business associations have signed an open letter to lobby against regulatory changes in China’s insurance industry, which they say discriminate against foreign companies. See “Steps for Companies to Take This Week, This Month and This Year to Meet the Challenges of International Cyberspace Governance” (Mar. 30, 2016).

    Read Full Article …
  • From Vol. 2 No.9 (Apr. 27, 2016)

    Don’t Overlook Commercial General Liability Insurance to Defend a Data Breach

    Even though cyber insurance is becoming more readily available in many cases, companies whose data is hacked should not overlook the possible supplemental coverage provided by their existing commercial general liability insurance, which may cover the cost of defending the litigation that inevitably arises as a result. Some recent decisions appear to hold that CGL insurance does not obligate the carrier to provide such defense costs. However, in a recent case involving Travelers Indemnity Company, the Fourth Circuit upheld a lower court decision requiring the CGL carrier to provide a defense following a data breach. In a guest article, Richard A. Blunk, managing director and general counsel of Thermopylae Ventures, LLC, analyzes Travelers and a related line of cases to examine the possibility of whether other existing insurance coverage may provide data breach litigation defense costs as part of a coordinated corporate risk program. See also “Building a Strong Cyber Insurance Policy to Weather the Potential Storm” Part One (Nov. 25, 2015); Part Two (Dec. 9, 2015).

    Read Full Article …
  • From Vol. 1 No.18 (Dec. 9, 2015)

    Building a Strong Cyber Insurance Policy to Weather the Potential Storm (Part Two of Two)

    The enormous liability and costs that cyber incidents generate make cyber insurance a new reality in corporate risk management plans across industries.  This article, the second article in the series, explores policy exclusions and pitfalls to watch out for, including lessons from recent cyber insurance coverage litigation and steps companies can take to increase the likelihood of insurance coverage under their cyber policy.  Part one in the series covered navigating the placement proces –  having the proper individuals involved, finding the right insurer and securing the best policy for your company.  See also “Analyzing the Cyber Insurance Market, Choosing the Right Policy and Avoiding Policy Traps,” The Cybersecurity Law Report, Vol. 1, No. 2 (Apr. 22, 2015).

    Read Full Article …
  • From Vol. 1 No.17 (Nov. 25, 2015)

    Building a Strong Cyber Insurance Policy to Weather the Potential Storm (Part One of Two)

    With cyber attacks continuing to strike companies of all sizes, cyber insurance has become an important component of corporate risk management strategies.  While cyber risk insurance can provide coverage for the litany of potential damages that a company may suffer in the wake of a data breach, it is wildly different from the usual insurance marketplace – it is nascent, changing and varied.  This, the first article in our two-part series on getting the right cyber coverage in place, provides guidance on navigating the insurance placement process, selecting the individuals who should be involved, finding the right insurer and securing the best policy for your company.  Part two will explore lessons from recent cyber insurance coverage litigation, including steps companies can take to increase the likelihood of insurance coverage under their cyber policy and what policy exclusions and pitfalls to watch out for.  See also “Transferring Risk Through the Right Cyber Insurance Policy,” The Cybersecurity Law Report, Vol. 1, No. 15 (Oct. 28, 2015).

    Read Full Article …
  • From Vol. 1 No.15 (Oct. 28, 2015)

    Transferring Risk Through the Right Cyber Insurance Coverage

    As companies recognize that they cannot ignore the risk of a significant cyber breach, they are looking to insurance policies to bear at least some of that risk.  Selecting the right cyber insurance, however, presents challenges in an ever-changing cyber insurance market.  In a guest article, BakerHostetler partner Judy Selby explains the cyber insurance options available, how to select the best insurance for your company and what to expect from the often-intrusive application process.  See also “Analyzing the Cyber Insurance Market, Choosing the Right Policy and Avoiding Policy Traps,” The Cybersecurity Law Report, Vol. 1, No. 2 (Apr. 22, 2015).

    Read Full Article …
  • From Vol. 1 No.7 (Jul. 1, 2015)

    Cybersecurity and Information Governance Considerations in Mergers and Acquisitions

    The growing impact of cyber incidents has led to a heightened need to conduct a thorough cyber due diligence both before and after an M&A deal.  In a recent webinar, Reed Smith partners Anthony J. Diana, Courtney C.T. Horrigan, Mark S. Melodia and Richard D. Smith shared insight on how cybersecurity affects the valuation of certain assets and offered advice on how to focus due diligence to detect and assess cyber risks pre-transaction, including litigation risks that can arise from data breaches.  They also recommended specific steps for planning post-closing data integration and evaluating the adequacy of insurance coverage.  See also “Designing and Implementing a Three-Step Cybersecurity Framework for Assessing and Vetting Third Parties (Part One of Two),” The Cybersecurity Law Report, Vol. 1, No. 1 (Apr. 8, 2015); Part Two of Two, Vol. 1, No. 2 (Apr. 22, 2015).  There has been a flurry of data breach activity over the past 10 years, and “it is only increasing in pace,” Melodia noted.  A company’s cyber risk can directly affect its value in an M&A context.  This is where “cyber risk meets the deal,” he said.

    Read Full Article …
  • From Vol. 1 No.2 (Apr. 22, 2015)

    Analyzing the Cyber Insurance Market, Choosing the Right Policy and Avoiding Policy Traps

    The demand for cyber insurance has dramatically increased as cybersecurity incidents, large and small, proliferate and companies scramble for protection.  The market for cyber insurance has been changing in response to this demand, evolving technology, as well as new cyber regulations that are adding to the cost of breaches.  Roberta Anderson and Sarah Turpin, partners at K&L Gates in Pittsburgh and London, respectively, and Peter Foster, Executive Vice President, Privacy, Network Security, Media, Errors & Omissions and Intellectual Property Risk at Willis Group, shared their insights in a recent webinar about the evolution of the cyber insurance market, policy options available, traps to look out for and how to implement an incident response plan to properly trigger most policies.

    Read Full Article …