Before you walk into your next board meeting, what do you need to know when it comes to current D&O liability issues? The “Executive Summary” is Woodruff-Sawyer’s webinar series for CFOs, GCs, Controllers and others who work with boards of directors. The upcoming session will feature a conversation with Woodruff-Sawyer’s Priya Cherian Huskins and Lauri Floresca, both nationally-recognized insurance experts, and Scott Godes of Dickstein Shapiro.Scott is the co-leader of Dickstein Shapiro’s Cyber Security Coverage Initiative. Areas of Discussion
D&O Market Update
D&O Litigation Update
- Newest numbers on D&O suits
- Latest on Supreme Court rulings
Lessons from Sony & Citi: What boards should be asking about cyber liability
- Updates on the recent high-profile data security breaches - Understanding the impact of California’s recent Supreme Court zip code decision - What should boards do to mitigate cyber risks?
Woodruff-Sawyer is one of the largest independent insurance brokerage firms in the nation, and is an active partner of International Benefits Network and Assurex Global. For over 90 years, Woodruff-Sawyer has been partnering with clients to implement and manage cost-effective and innovative insurance, employee benefits and risk management solutions, both nationally and abroad. Headquartered in San Francisco, Woodruff-Sawyer has offices throughout California and in Portland, Oregon. For more information, call 415.391.2141 or visit www.wsandco.com.
Monday, September 26 to Tuesday, September 27, 2011
Affinia Manhattan Hotel, New York, NY
International legislative changes and compliance…External threats from the explosion of social media…Cloud computing…PCI, HIPAA & HITECH standards… social engineering, malware downloads, phishing, click-jacking, spoofing, whistleblowing, massive leaks… THE LIST GOES ON
The expanded scope of Cyber & Data Risk Insurance is here. Attend the annual September conference that the industry has known and trusted for years!
* * *
Dates:
Mon, Sep 26, 2011
Tue, Sep 27, 2011
Location:
Affinia Manhattan Hotel
New York, NY
Accreditation:
Accreditation will be sought in those jurisdictions requested by the registrants which have continuing education requirements. This course is identified as nontransitional for the purposes of CLE accreditation.
ACI certifies that the activity has been approved for CLE credit by the New York State Continuing Legal Education Board in the amount of 15.0 hours. An additional 2.0 hours will apply to workshop A and 3.0 hours to workshop B.
ACI certifies that this activity has been approved for CLE credit by the State Bar of California in the amount of 12.75 hours. An additional 2.0 hours will apply to workshop A and 2.5 hours to workshop B.You are required to bring your state bar number to complete the appropriate state forms during the conference. CLE credits are processed in 4-8 weeks after a conference is held.
ACI has a dedicated team which processes requests for state approval. Please note that event accreditation varies by state and ACI will make every effort to process your request.Questions about CLE credits for your state? Visit our online CLE Help Center at www.americanconference.com/CLE
My panel will be:
10:05 State of the Market: New Exposures, Coverage Options and Trends that Are Changing the Scope of Cyber Liability
Edward McGuire, Senior Vice President, Sales & Marketing S.H. Smith & Co. Steven H. Haase, CPCU ARM, INSUREtrust Malcolm Randles, Underwriter, Enterprise Risks 510, R J Kiln & Co Limited Jenny B. Bradford, J.D., Vice President Financial Products, Risk Management Liability, Regions Insurance Scott N. Godes, Counsel, Dickstein Shapiro LLP
Market overview and legal developments
Updates on new exposures, coverage decisions and new products to ensure coverage
Addressing the lack of uniformity among policies
Cyber risk insurance overlap with other insurance policies
How big is the market and how much has it grown over the past few years?
New clients and non-technology companies purchasing coverage: who they are and what they are looking for
A closer look at security & privacy challenges facing small businesses
What considerations have been given to products that may attract small to mid-market companies?
How carriers are capitalizing on this
State of the reinsurance market for cyber-risk insurance
Clarification of comprehensive contracts and identifying key provisions
Interested in attending? You can get a discounted rate through me, taking $600 off of the registration price, if you register by June 30. If you’re interested in getting the discounted rate, please e-mail me. Or, if it’s after June 30, you can click here:
It seems that 2011 has been the year of cyberattacks – denial of service attacks, data breaches, and more. Would your insurance policies cover those events? Beyond the denial of service attacks that made news headlines, a shocking “80 percent of respondents” in a survey of “200 IT security execs” “have faced large scale denial of service attacks,” according to a ZDNet story.[1] These attacks and threats do not appear to be on a downward trend. They continue to be in the news after cyberattacks allegedly took place against “U.S. government Web sites – including those of the White House and the State Department –” over the July 4, 2009 holiday weekend.[2] The alleged attacks were not only against government sites; they allegedly included, “according to a cyber-security specialist who has been tracking the incidents, . . . those run by the New York Stock Exchange, Nasdaq, The Washington Post, Amazon.com and MarketWatch.”[3] The more recent ZDNet survey shows that a quarter of respondents faced denial of service attacks on a weekly or even daily basis, with cyberextortion threats being made as well.[4]
Denial of Service Attacks
The cyberattacks that have stolen recent headlines were denial of service incidents. Personnel from “CERT® Program,” which “is part of the federally funded Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania,” have explained:
Denial of service attacks come in a variety of forms and aim at a variety of services. There are three basic types of attack:
consumption of scarce, limited, or non-renewable resources
destruction or alteration of configuration information
physical destruction or alteration of network components.[5]
Some attacks are comparable to “tak[ing] an ax to a piece of hardware” and are known as “so-called permanent denial-of-service (PDOS) attack[s].”[6] If a system suffers such an attack, which also has been called “pure hardware sabotage,” it “requires replacement or reinstallation of hardware.”[7]
What Insurance Coverage Might Apply?
The first place to look for insurance coverage for a denial of service attack is a cybersecurity policy. The market for cybersecurity policies has been called the Wild West of insurance marketplaces. Cyber security and data breach policies, certain forms of which may be known as Network Risk, Cyber-Liability, Privacy and Security, or Media Liability insurance, are relatively new to the marketplace and are ever-changing. The Insurance Services Office, Inc., which designs and seeks regulatory approval for many insurance policy forms and language, has a standard insurance form called the “Internet Liability and Network Protection Policy,” and insurance companies may base their coverages on this basic insuring agreement, or they may provide their own company-worded policy form. Because of the variety of coverages being offered, a careful review of the policy form before a claim hits is critical to understand whether the cyberpolicy will provide coverage, and, if it will, how much coverage is available for the event. If your company does make a claim under a cyberpolicy, engaging experienced coverage counsel who is familiar with coverage for cybersecurity claims will help get the claim covered properly and fight an insurance company’s attempt to deny the claim or otherwise improperly try to limit coverage that is due under the policy.
If your company faces a denial of service cyberattack and suffers losses as a result, but your company has not purchased a specialized suite of policies marketed as cyber security policies, coverage nonetheless may be available under other insurance policies. In addition, other insurance policies may provide coverage that overlaps with a cyberinsurance policy. Consider whether first party all risk or property coverage may apply. First party all risk policies typically provide coverage for the policyholder’s losses due to property damage. If the denial of service cyberattack caused physical damage to your company’s servers or hard drives, your company’s first party all risk insurer should not have a credible argument that there was no property damage. Even if the damage is limited to data and software, however, it may be argued that the loss is covered under your company’s first party all risk policy, as some courts have found that damage to data and software consists of property damage.[8]
First party policies may also provide coverage for extra expense, business interruption, and contingent business interruption losses due to a cyberattack. (Contingent business interruption losses may include losses that the policyholder faces arising out of a cyber security-based business interruption of another party, such as a cloud provider, network host, or others.)[9]
Look also to other first party coverages, such as crime and fidelity policies, to determine whether there may be coverage for losses due to a cyberattack. In particular, crime policies may have endorsements, such as computer fraud endorsements, that may cover losses from a denial of service cyberattack.[10]
If, after a cyberattack, third parties seek to hold your company responsible for their alleged losses, consider whether your company’s liability policies would provide coverage. More importantly, consider your company’s commercial general liability (CGL) insurance policy, if your company does not have a specialized cyber liability policy. If your company did buy a cyberinsurance policy, there is coverage under a CGL policy (and others) that may overlap the coverage in a cyberinsurance policy, providing your company with additional limits of insurance coverage available for the claim.
The first coverage provided in a standard-form CGL insurance policy covers liability for property damage. Similar to the analysis above for first party all risk policies, if there was damage to servers or hard drives, insurers should not be heard to argue that there was no property damage. Courts are divided as to whether damage to data or software alone consists of property damage under insurance policies, with some courts recognizing that “the computer data in question ‘was physical, had an actual physical location, occupied space and was capable of being physically damaged and destroyed’” and that such lost data was covered under a CGL policy.[11] Be aware, however, that the insurance industry has revised many CGL policies to include definitions giving insurers stronger arguments that damage to data and software will not be considered property damage. But also note that your company’s CGL policy may have endorsements that provide coverage specifically for damage to data and software.[12] Consider further whether a claim would fall within the property damage coverage for loss of use of tangible property—loss of use of servers and hard drives because of the cyberattack; loss of use of computers arising out of alleged software and data-based causes has been held sufficient to trigger a CGL policy’s property damage coverage.[13]
Keep in mind that if there is a claim for property damage under a CGL policy, there may be coverage for obligations that your company has under indemnity agreements. Standard form CGL policies provide coverage for indemnity agreements.[14]
Depending on the types of claims asserted, other liability policies may be triggered as well. For example, directors and officers liability policies may provide coverage for investigation costs,[15] and errors and omissions policies also may cover, if the cybersecurity claims may be considered to be within the definition of “wrongful act.”[16] The takeaway for companies suffering from a cyberattack is that a careful review of all policies held by the insured is warranted to make certain that the most comprehensive coverage may be pursued.
Scott Godes is counsel with Dickstein Shapiro’s Insurance Coverage Practice in the firm’s Washington, D.C. office. Mr. Godes is the co-head of the firm’s Cyber Security Insurance Coverage Initiative and co-chair of the American Bar Association Computer Technology Subcommittee of the Insurance Coverage Committee of the Section of Litigation. He frequently represents corporate policyholders in insurance coverage disputes.
[1] Larry Dignan, Cyberattacks on Critical Infrastructure Intensify, ZDNet, http://m.zdnet.com/blog/btl/cyberattacks-on-critical-infrastructure-intensify/47455 (Apr. 19, 2011).
[2]U.S. Government Sites Among Those Hit by Cyberattack, CNN, http://www.cnn.com/2009/TECH/07/08/government.hacking/index.html (July 8, 2009).
[4] Larry Dignan, Cyberattacks on Critical Infrastructure Intensify, ZDNet, http://m.zdnet.com/blog/btl/cyberattacks-on-critical-infrastructure-intensify/47455 (Apr. 19, 2011).
[5]Denial of Service Attacks, CERT, http://www.cert.org/tech_tips/denial_of_service.html (last visited July 9, 2009); About CERT, CERT, http://www.cert.org/meet_cert/ (last visited July 10, 2009).
[6] Kelly Jackson Higgins, Permanent Denial-of-Service Attack Sabotages Hardware, Security Dark Reading, http://www.darkreading.com/security/management/showArticle.jhtml?articleID=211201088 (May 19, 2008).
[8]See, e.g., Lambrecht & Assocs., Inc. v. State Farm Lloyds, 119 S.W.3d 16 (Tex. App. 2003) (first party property coverage for data damaged because of hacker attack or computer virus); Am. Guar. & Liab. Ins. Co. v. Ingram Micro, Inc., No. 99-185 TUC ACM, 2000 U.S. Dist. LEXIS 7299, at *6 (D. Ariz. Apr. 18, 2000) (construing “physical damage” beyond “harm of computer circuitry” to encompass “loss of access, loss of use, and loss of functionality”).
[9]Se. Mental Health Ctr., Inc. v. Pac. Ins. Co., 439 F. Supp. 2d 831, 837-39 (W.D. Tenn. 2006) (finding coverage under business interruption policy for computer corruption); see also Scott N. Godes, Ensuring Contingent Business Interruption Coverage, Law360 (Apr. 8, 2009), http://insurance.law360.com/articles/94765 (discussing coverage under first party policies resulting from third party interruptions).
[10] For example, in Retail Ventures, Inc. v. National Union Fire Insurance Co., No. 06-443, slip op. (S.D. Ohio Mar. 30, 2009), the court held that a crime policy provided coverage for a data breach and hacking attack.
[11]See, e.g., Computer Corner, Inc. v. Fireman’s Fund Ins. Co., 46 P.3d 1264, 1266 (N.M. Ct. App. 2002).
[12]See, e.g., Claire Wilkinson, Is Your Company Prepared for a Data Breach?, Ins. Info. Inst., at 20 (Mar. 2006), http://www.iii.org/assets/docs/pdf/informationsecurity.pdf (discussing the Insurance Services Office, Inc.’s endorsement for “electronic data liability”).
[13]SeeEyeblaster, Inc. v. Fed. Ins. Co., 613 F.3d 797 (8th Cir. 2010).
In Surprised That All Data Is Sacred, Matthew Brodsky, senior editor/Web edition of Risk & Insurance®, wrote an interesting article about data breaches, insurance for data breaches, cyberinsurance coverage issues, and the Epsilon data breach.
Of course, my favorite part is the place where he quotes me about the issue of cyberinsurance policies:
With such a difference between one carrier’s cyberpolicy and another’s, the market is the “Wild West of insurance,” according to Scott Godes, the Washington, D.C.-based counsel in Dickstein Shapiro’s Insurance Coverage Practice.
“There’s such a variety in the marketplace for cyber coverages,” he said.
There is more interesting discussion that goes on in the article, including comments from the CEO of a managing general underwriting agency, the person who runs the technology errors and omissions division at an insurance company, and others.
You may have heard the news about the Epsilon data breach. In light of the event, I wrote an alert for my firm and the insurance coverage practice regarding insurance coverage for data breaches and what companies should consider in the context of insurance coverage for data breaches in general and for the Epsilon data breach in particular. Here’s the alert:
April 5, 2011
Recent Epsilon Data Breach Highlights Necessity for Understanding and Pursuing Insurance Coverage for Data Breaches
Recent high profile data breaches highlight the importance of insurance coverage for such an event. The resulting costs may be staggering. A company’s insurance policies may provide protection for related losses and costs. Coverage may be available to pay for investigations, crisis management, and defense costs that will immediately impact a company facing a data breach. A recent and notable example brings this issue front and center: on March 30, email and marketing communications company Epsilon detected what has been reported as “a massive data breach that leaked customer names and e-mail addresses.”[1] The affected companies include a litany of well-known consumer goods and services companies [2]. Those companies sent out “warn[ings] over the weekend that hackers gained access to customers’ files, including e-mail addresses.” [3] Epsilon, a company that reportedly sends out 40 billion e-mails per year on behalf of 2,500 separate corporate clients [4], reportedly “issued a brief statement Friday [April 1] saying ‘a full investigation was under way’ of the breach of some customer client data.” [5] Some of the companies whose customers were affected reportedly “were warning customers to avoid responding to any suspicious emails asking for personal, financial or other sensitive information.” [6]
Companies faced with data breaches need to address the breach, put customers on notice, and work with regulators to resolve the incident. Perhaps even more important is for companies to make sure that their insurance companies cover the losses.
In terms of insurance coverage for a data breach, there are strong arguments for insurance coverage across a policyholder’s insurance portfolio. The first place to determine whether there may be coverage for a data breach is with a media or cyber liability policy. As those policies offer varying coverage from insurance company to insurance company, and from form to form, a careful review and analysis of the insurance provided by the policy is essential to ensure coverage.
There may also be overlapping or independent coverage for a data breach in other insurance policies, such as a Commercial General Liability (CGL) policy or Business Owners Policy (BOP). CGL and BOP insurance policies typically provide coverage for “personal and advertising injury” claims, and those provisions typically provide coverage for the publication, in any manner, of material violating a right of privacy. That is what a data breach involves: the publication of information that was supposed to remain private, and such claims should be covered by personal and advertising injury. Recent court decisions have found that when there is publication of private information, even to one person, the “personal and advertising injury” coverage in a standard form CGL insurance policy applies.
Keep in mind that even if the claims against a company are groundless, false, or fraudulent, an insurance company nonetheless has to defend the claim if even one portion of the complaint could be covered. At a minimum, a CGL or BOP insurance policy with personal and advertising injury coverage should provide a defense for the claims, even if just one allegation is covered out of an entire claim against a company that suffered a data breach.
Other insurance policies, beyond CGL and BOP, may provide coverage for a data breach. For example, one federal court recently found coverage for a data breach under a commercial crime policy. Another court was considering the same kind of coverage, until the insurance company settled when it was ordered to produce discovery from its claims files and more. In addition to those types of insurance policies, coverage may be available elsewhere, such as first-party insurance policies, Errors & Omissions insurance policies, or others, either by endorsement or within the basic insuring agreement of the insurance policies. A careful analysis of all of the insurance policies in place for a company that suffered a data breach is critical so that all avenues for coverage may be considered.
Scott N. Godes is co-leader of the firm’s Cyber Security Insurance Coverage Initiative and a co-chair of the American Bar Association’s Computer Technology Subcommittee of the Insurance Coverage Litigation Committee of the Section of Litigation. Mr. Godes recently wrote a chapter in the New Appleman’s treatise on insurance coverage for cybersecurity, data breaches, and intellectual property claims. Scott is a regular speaker on coverage for data breaches and cybersecurity incidents and is frequently called upon to offer the policyholder counsel perspective on the availability of coverage.
John A. Gibbons is a partner in the firm’s Insurance Coverage Practice and leader of the Anticompetitive Practices Insurance Coverage Initiative. Mr. Gibbons focuses exclusively on representing corporate policyholders in insurance coverage disputes, and enforcing those policyholders’ rights to insurance recoveries. He has resolved insurance coverage disputes favorably for clients through settlements, and, when necessary, through litigation and trial.
David L. Elkind is a partner in the firm’s Insurance Coverage Practice and co-leader of the Products/Contaminants Insurance Coverage Initiative and leader of the Environmental Insurance Coverage Initiative. He has successfully represented a wide variety of clients seeking to obtain insurance coverage from their insurance companies. Mr. Elkind has directed major litigation and settlement efforts in matters involving numerous significant insurance coverage claims during his 23 year career. He has counseled numerous clients concerning strategies for maximizing their insurance coverage, and also has lectured before various groups regarding insurance coverage issues.
Want to learn about cybersecurity, cyberinsurance, privacy liability, cyberrisk, and other issues relating to privacy and network security, and insurance coverage for those risks? Of course you do.
And you want to hear this from people who are recognized throughout the industry, including brokers selling cyberinsurance, underwriters writing and selling the coverage, and insurance attorneys who handle the claims and write coverage opinions about the risks, don’t you? Of course!
What’s that, you want all of that, and CLE credit, too? Done.
If you’re looking for all of that and more, organized and hosted by my good friends at HB Litigation Conferences, please join me for the:
Date: June 9-10, 2011 Location: The Union League, 140 South Broad Street, Philadelphia, PA Chairs:Richard Bortnick, Esq., Cozen O’Connor, West Conshohocken, PA Oliver Brew, Senior Vice President of Technology – Media and Telecoms Underwriting, Hiscox USA, New York Toby Merrill, VP & National Privacy, Technology & Media Liability Product Manager, ACE Professional Risk Meredith Schnur, Professional Risk Group, Wells Fargo Insurance Services USA, Inc., New York
The Union League is located at 140 South Broad Street, Philadelphia. A block of rooms has been secured for Wednesday, June 8th and Thursday, June 9th at a rate of $189 for a standard room and $239 for a suite. The rate includes complimentary breakfast for (2) guests per room, use of our fitness center and complimentary internet. For reservations, please call 215-587-5570 and refer to the HB LITIGATION CONFERENCE room block. If you have any questions or need assistance, please contact Cyndy Noonan at cyndy.noonan@litigationconferences.com or 484-324-2755×201.
Group Discounts
Group Discounts are available. Please contact Brownie Bokelman at 484-324-2755 x212 or Brownie.Bokelman@litigationconferences.com. Groups of 5+ and Passport Packages are available for additional savings for your firm’s practice group or legal department or for package pricing for a single conference or a series of conferences.
My panel will be:
GL vs. Network Security
GL underwriter panel topic, GL vs. AIPI claims
Other’s insurance & concurrent insurance
Forgotten insurance agreement-when does adv.
injury under a GL stop and where does injury begin
under media policy
Julie Davis of Risk Communities recently asked me to speak with her about insurance coverage for cybersecurity claims, data breaches, and other cyberrisks. Julie did video interviews of me and uploaded them to the Risk Communities video channel.
“Last year we introduced our broadcast channel, with the idea of highlighting business professionals, and topics, that are impacting business and risk management issues for the technology industry. Scott Godes as volunteered his time to help our followers understand insurance and risk management challenges and trends in Network, Privacy and Security risks.”
There are two video clips. We discuss litigation trends in the area of insurance coverage for cybersecurity, various types of insurance coverage for cybersecurity, risk transfer for cyberrisks, and data and network privacy issues.
Here’s my video interview: “Overview of Network, Security & Privacy Exposures and Risks”
Here’s my video interview: “Overview of Litigation and Trends in Network, Security & Privacy Risks”
Looking for a treatise on insurance coverage? How about one that has an entire chapter on insurance coverage for cybersecurity and intellectual property claims and risks?
Remember when I wrote that I had written a chapter on insurance coverage for cybersecurity and intellectual property claims for the New Appleman Law of Liability Insurance Treatise? Of course you do. And you probably were wondering, “When will I be able to buy that treatise, so that I can have it on my bookshelf and refer to it regularly for all of my questions about insurance coverage for cybersecurity and intellectual property claims?!?” Well, here’s your answer. The treatise is available on the Lexis website. That’s right! Although you really will want to race right to Chapter 18 – Insurance Coverage for Intellectual Property and Cybersecurity Risks, so that you can read about insurance for data breaches, DDoS attacks, viruses, hackers, cybercrime, and IP losses, you’ll get the whole treatise, too. It’s a five volume looseleaf set that gets updated with supplements.
If your business suffered losses from a cybersecurity incident, a denial-of-service attack, or some other computer-, network-, or internet-related event, would you know whether your insurance would cover the losses? If your insurance company denied your claim, would you know whether the insurance company had done so properly?
Well, if you’d like some additional thoughts on these issues, check out my post at the AgentsOfAmerica.ORG website. They posted my piece titled, “Insurance Coverage for Cyberattacks and Denial-of-Service Incidents” and also featured it in their newsletter. In my post, I discuss insurance coverage for cyberattacks, cybersecurity events, denial-of-service (DDoS) attacks, and more. I note a couple of recent cases finding in favor of insurance for these sorts of events under commercial general liability (CGL) insurance policies as well as new cyber insurance policies.
HB Litigation Conferences and NetDiligence hosted the Cyber Risk and Privacy Liability Forum in Philadelphia on June 7 and 8, 2010. During the conference, I was on a panel discussing insurance coverage for data breaches. One of the topics that I covered was whether a Commercial General Liability (CGL) insurance policy provides coverage for data breaches. I argued that it does, and explained why. Here’s a short video clip that my friend Tom Hagy created in which I discuss why there is insurance coverage for data breaches and cybersecurity events.
Interested in learning more about cybersinsurance and cybersecurity? How about coverage for data breaches, cybersecurity events, and other computer risks? Then please join me for American Conference Institute’s:
4th Annual Advanced Forum on
Cyber & Data Risk Insurance
Monday, September 27 to Tuesday, September 28, 2010
The Helmsley Park Lane Hotel, New York, NY, United States
Cyber and data risk insurance is becoming critical to businesses that operate online, as cyber-attacks are increasing exponentially in terms of frequency, scope, costs and overall impact. With even the best compliance practices in place, it is impossible to guarantee that the private information of consumers and employees will be protected. State Attorneys General and the Federal Trade Commission are becoming more active in investigating and penalizing companies who fail to adequately prevent or respond to a data breach. Additionally, there has been an increase in federal and state legislation and a rise in private actions in the form of mass class actions that are sure to significantly impact this industry.
Demand for cyber and data risk insurance is growing rapidly as businesses are focusing their efforts to address their information risk and data security needs.Broader cyber risk insurance policies have emerged, covering costs relating to responding to a data breach including: notification costs, credit monitoring costs, forensic investigations, call center support, public relations and defense of a claim brought by individuals or federal and state officials.
In light of these risks and exposures, it is critical that you are up to date with the trends in the fast evolving area of cyber and data risk insurance. That is why American Conference Institute developed our successful and well-attended Cyber & Data Risk Insurance Conference in September 2007 and the response in 2008 and 2009 was even better. To those who have attended, come to this 4th annual event — now in New York City — for a revised and updated agenda and to hear from the best and the brightest in the industry, including the FTC, the OTS, the FBI, 2 State Attorneys General and an Assistant Attorney General. For first-time attendees, this conference is your best opportunity to get the tools you need to learn about the new policies, including pricing and negotiating specific coverage, mitigating risks associated with e-business, and to learn strategies so that you can maximize your profitability while minimizing your potential liabilities.
The security and safeguarding of information is vital to protect an organization from financial and reputational loss. This conference is your best opportunity to network with industry insiders, compare products and strategies and to learn valuable information on potential risks and liabilities so that you can put the appropriate insurance protection and risk management practices in place.
Be sure to also register for the Post-Conference Workshop: Negotiating and Drafting Cyber Risk Provisions and Policies
September 28, 2010; 2:00 p.m. – 5:00 p.m.
Back by popular demand with updated content to reflect new developments and additional workshop leaders to walk you through the ins and outs of negotiating and drafting this highly specialized coverage.
Register now by calling 888-224-2480, faxing your registration form to 877-927-1563 or registering online.
Dates:
Mon, Sep 27, 10
Tue, Sep 28, 10
Location:
The Helmsley Park Lane Hotel
New York, NY, United States
My panel, What Policy Holders Are and Should Be Looking for in Cyber and Data Security Coverage, will be covering:
Coverage considerations: What liability and first-party coverages are desirable?
Reasons companies have or have not bought coverage
How standards are evolving in response to new technology threats
Consumer redress: when is it covered and when not?
Coverage for liabilities (including defense and other costs) and first party losses
intentional violations
coverage for electronic and non-electronic loss
Implementing privacy and data security compliance and policies
Can you think of many, or, in fact, any, companies that are risk free when it comes to the areas of intellectual property or cybersecurity? If you represent companies with risks relating to intellectual property and cybersecurity, what insurance coverage would apply if those risks turned into claims and potential liabilities? Are you familiar with the developing body of insurance coverage law in those areas?
I’m the author of a forthcoming treatise chapter that answers those exact questions. It’s the “Insurance Coverage for Intellectual Property and Cybersecurity Risks” chapter of the New Appleman Law of Liability Insurance, Second Edition, to be released in June 2010. Here’s the chapter’s introduction:
Two developing areas of insurance coverage law are the issues of insurance coverage for intellectual property-based claims and cybersecurity-based claims. This chapter describes coverages available for such claims. The chapter first analyzes and details the development of coverage for intellectual property claims through advertising injury found in general liability insurance policies, as well as other coverages. The chapter then analyzes coverage for cybersecurity claims. The area of coverage for cybersecurity claims is, relative to most insurance coverage topics, quite nascent, and the chapter considers decisions that should be seen as analogous to this developing topic. The chapter discusses coverage for cybersecurity claims under general liability, first-party, and other policies, as well as new policies being marketed as specific to cybersecurity risks and claims.
The intellectual property section of the chapter provides a basic overview of various types of intellectual property risks and provides a detailed discussion of how insurance policies apply to those risks. The chapter explains the legal principles at issue when seeking insurance coverage for such risks and potential liabilities. The chapter discusses the majority and minority rules for various issues and provides an analysis of the various exclusions that insurance companies have cited when trying to deny coverage for intellectual property claims.
The cybersecurity section of the chapter provides an overview of the new and growing cybersecurity risks faced today and details what insurance policies apply to those risks. The chapter details how courts have ruled on coverage questions for cybersecurity and computer-related risks and liabilities. For those areas of the law that are not as well-developed, in light of the relatively new nature of cybersecurity risks, the chapter notes analogous caselaw and how those holdings should apply to cybersecurity claims. The section also notes issues to consider for companies in the market for new and specialized cybersecurity insurance policies.
*All cancellations must be received in writing. Full refunds will be issued if cancellation requests are received 4 weeks before the event begins. Credits, good for 6 months from date of issue, will be issued if cancellation requests are received 3 weeks before the event begins. HBLC reserves the right to cancel any of its programs. Speakers, sessions and times are subject to change.
**Limit one discount per registrant. Discount cannot be combined with any other offer. Offer valid at the live event only and on new registrations only.
CAN’T ATTEND?
You can still benefit from this program! Audio/video recordings are available now. Individually priced and packaged, each recording captures the information and insights delivered by our faculty. Listen to experts, gain new perspectives, and learn proven techniques. For more information,
in each issue of Strategize, we’ll clear out the clutter to reveal what’s really relevant. Our aim is to be your one-stop information source that brings the reader to the boardroom, following the national trends that affect business today, and the innovations of our most provocative business leaders.
Our article gives a clear and easy to read overview of insurance coverage for cyber security and data breach claims. We give real world examples of data breaches and cyber security incidents, and how they affect businesses today. We also discuss coverage for those types of claims under commercial general liability insurance policies, first party insurance policies, crime policies, directors and officers policies, and more. Interested?* Then aim your mouse here to read “At Risk: Insurance Coverage for Cyber Security and Data Breaches.”
* Even if you’re not that interested in the topic, it’s worth the click to see the cool online magazine format and graphic that they put with the article.
When you hear “cloud computing,” is insurance the first thing that you think of? No? I’m the only one who thinks that way? Well, if you were wondering about the implications of cloud computing on insurance and risks, I co-wrote an article with my colleague, Idan Ivri that addresses those questions.
First, what does “cloud computing” mean? We explain:
Cloud computing is a loose term, but it generally refers to storing user data or applications on a remote server rather than on users’ own systems. A 2009 industry study by Coda Research Consultancy estimated that, by 2015, various forms of such software could represent 17% of all information technology spending worldwide.
That sounds great, doesn’t it? The idea is that you and your business don’t have to buy expensive suites of software or massive servers and hard drives to store all of your applications, because you will be able to access them via a third party (sometimes known as a third party application service provider (ASP) or software as a service (SAAS)).
But is cloud computing all silver lining, and no, uh, grey cloud? We note:
[I]f developers make privacy the top priority, cloud-computing developers may face those that say they should be liable for the bad behavior of unsavory customers seeking a dark place to host illegal data or viruses.
On the other hand, privacy standards that are too low could make developers liable for data theft against legitimate users, or for putting private data into the hands of advertisers. Developers will also have to handle disruptions or unavailability of data and services to end users.
Do developers, ASPs and SAAS providers have insurance to cover those risks? Will “traditional” insurance policies cover? What about specialized “cyber” policies? For the rest of the discussion about insurance for cloud computing, click on over to the full article at Software Development Times on the Web.
Because the costs of data breaches can be so astronomically high, the importance of ensuring that e-commerce and other types of firms have insurance to cover such claims cannot be overstated.
I don’t want to give away the entire article…but, as you might imagine, I discuss the availability of insurance coverage for data breaches within the piece. The article analyzes coverage under Commercial General Liability, Business Owners Policies, and other sources of insurance coverage for data breaches. Click on over for the full version of the article.
You are currently browsing the archives for the Cloud computing category.
Disclaimer
This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author's law firm and/or the author's past and/or current clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction.
NOTE THAT ANY CASE DECISIONS, COURT OPINIONS, RULINGS, AND/OR RESULTS DEPEND UPON A VARIETY OF FACTORS UNIQUE TO EACH CASE.
CASE RESULTS DO NOT GUARANTEE OR PREDICT A SIMILAR RESULT IN ANY FUTURE CASE UNDERTAKEN BY THE LAWYER.
Welcome to The Corporate Insurance Blog. This blog is for corporate policyholders, risk managers, and in-house counsel who deal with insurance policies, programs, purchases, renewals, claims, and recovery.
Scott N. Godes writes and maintains this blog. Scott’s LinkedIn page is found here. E-mail Scott.
Posted by Scott Godes 
