October 8, 2010
If your business suffered losses from a cybersecurity incident, a denial-of-service attack, or some other computer-, network-, or internet-related event, would you know whether your insurance would cover the losses? If your insurance company denied your claim, would you know whether the insurance company had done so properly?
Well, if you’d like some additional thoughts on these issues, check out my post at the AgentsOfAmerica.ORG website. They posted my piece titled, “Insurance Coverage for Cyberattacks and Denial-of-Service Incidents” and also featured it in their newsletter. In my post, I discuss insurance coverage for cyberattacks, cybersecurity events, denial-of-service (DDoS) attacks, and more. I note a couple of recent cases finding in favor of insurance for these sorts of events under commercial general liability (CGL) insurance policies as well as new cyber insurance policies.
So head over to the AgentsOfAmerica.ORG site and check out my post to see more!
Disclaimer:
This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2010.
Leave a Comment » | 
Business interruption, Cloud computing, Contingent business interruption, Cyber insurance, D&O Insurance, Data breach insurance coverage, Defense Costs, Denial-of-service, Duty to defend | Tagged: Business interruption, CGL, Cloud computing, Commercial General Liability, Contingent business interruption, Cyber insurance, Cyberattack, Data breach insurance coverage, DDoS, Defense Costs, Denial-of-service, Duty to defend, First party insurance coverage | 
Permalink
Posted by Scott Godes
July 23, 2010
LexisNexis was kind enough to have me record a podcast regarding insurance coverage for cyber liabilities. As LexisNexis states on the Insurance Law Center:
On this edition, Scott Godes discusses the types of cyber liabilities facing companies today, what to do, in terms of insurance, if a cyber incident or data breach occurs and types of policies that provide coverage for a cyber event. Copyright© 2010 LexisNexis, a division of Reed Elsevier Inc. Visit http://www.lexisnexis.com/community/insurancelaw/.
If you’d like to hear the entire podcast, please click here.
Disclaimer:
This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2010.
2 Comments | Business interruption, Cloud computing, Contingent business interruption, Cyber insurance, Data breach insurance coverage, Defense Costs, Denial-of-service, Duty to defend, First party insurance coverage | Tagged: CGL, Cloud computing, Commercial General Liability, Contingent business interruption, Cyber insurance, Cyberattack, Data breach, Data breach insurance coverage, DDoS, Defense Costs, Denial-of-service, Duty to defend, First party insurance coverage | Permalink
Posted by Scott Godes
July 9, 2010
Interested in learning more about cybersinsurance and cybersecurity? How about coverage for data breaches, cybersecurity events, and other computer risks? Then please join me for American Conference Institute’s:
4th Annual Advanced Forum on
Cyber & Data Risk Insurance
Monday, September 27 to Tuesday, September 28, 2010
The Helmsley Park Lane Hotel, New York, NY, United States
Cyber and data risk insurance is becoming critical to businesses that operate online, as cyber-attacks are increasing exponentially in terms of frequency, scope, costs and overall impact. With even the best compliance practices in place, it is impossible to guarantee that the private information of consumers and employees will be protected. State Attorneys General and the Federal Trade Commission are becoming more active in investigating and penalizing companies who fail to adequately prevent or respond to a data breach. Additionally, there has been an increase in federal and state legislation and a rise in private actions in the form of mass class actions that are sure to significantly impact this industry.
Demand for cyber and data risk insurance is growing rapidly as businesses are focusing their efforts to address their information risk and data security needs.Broader cyber risk insurance policies have emerged, covering costs relating to responding to a data breach including: notification costs, credit monitoring costs, forensic investigations, call center support, public relations and defense of a claim brought by individuals or federal and state officials.
In light of these risks and exposures, it is critical that you are up to date with the trends in the fast evolving area of cyber and data risk insurance. That is why American Conference Institute developed our successful and well-attended Cyber & Data Risk Insurance Conference in September 2007 and the response in 2008 and 2009 was even better. To those who have attended, come to this 4th annual event — now in New York City — for a revised and updated agenda and to hear from the best and the brightest in the industry, including the FTC, the OTS, the FBI, 2 State Attorneys General and an Assistant Attorney General. For first-time attendees, this conference is your best opportunity to get the tools you need to learn about the new policies, including pricing and negotiating specific coverage, mitigating risks associated with e-business, and to learn strategies so that you can maximize your profitability while minimizing your potential liabilities.
The security and safeguarding of information is vital to protect an organization from financial and reputational loss. This conference is your best opportunity to network with industry insiders, compare products and strategies and to learn valuable information on potential risks and liabilities so that you can put the appropriate insurance protection and risk management practices in place.
Be sure to also register for the Post-Conference Workshop: Negotiating and Drafting Cyber Risk Provisions and Policies
September 28, 2010; 2:00 p.m. – 5:00 p.m.
Back by popular demand with updated content to reflect new developments and additional workshop leaders to walk you through the ins and outs of negotiating and drafting this highly specialized coverage.
Register now by calling 888-224-2480, faxing your registration form to 877-927-1563 or registering online.
Dates:
Mon, Sep 27, 10
Tue, Sep 28, 10
Location:
The Helmsley Park Lane Hotel
New York, NY, United States
My panel, What Policy Holders Are and Should Be Looking for in Cyber and Data Security Coverage, will be covering:
- Coverage considerations: What liability and first-party coverages are desirable?
- Reasons companies have or have not bought coverage
- How standards are evolving in response to new technology threats
- Consumer redress: when is it covered and when not?
- Coverage for liabilities (including defense and other costs) and first party losses
- intentional violations
- coverage for electronic and non-electronic loss
- Implementing privacy and data security compliance and policies
Disclaimer:
This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2010.
Note: as a speaker at the conference, I was not charged a fee to attend the remainder of the conference.
1 Comment | Business interruption, Cloud computing, Contingent business interruption, Cyber insurance, Data breach insurance coverage, Defense Costs, Denial-of-service, First party insurance coverage | Tagged: CGL, Cloud computing, Commercial General Liability, Cyber insurance, Cyberattack, Data breach, Data breach insurance coverage, DDoS, Denial-of-service | Permalink
Posted by Scott Godes
June 20, 2010
On Wednesday, June 23, 2010. from 2:00 – 3:40 pm (Eastern). I’m going to be part of a panel discussing “The Hot Buttons in Asbestos Insurance Litigation.”
We’re going to cover:
The Keasbey ruling: contribution and trigger
Allocation–pro rata or all sums: jurisdictions still at play, choice of law and related
Aggregate limits and “non-products” disputes
Insurance and bankruptcy: the current landscape
This discussion qualifies for between 1.5 to 2.0 continuing legal education (CLE) credits, depending on state requirements. View the CLE credit details.
Want to sign up? Purchase the teleconference Audio Package (includes MP3 audio recording files and handbook on CD). To order or learn more, click here, call 484-324-2755, or email allison.emery@litigationconferences.com.
Disclaimer:
This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2010.
Leave a Comment » | Allocation, Asbestos, Bankruptcy, Defense Costs, Duty to defend, Excess Insurance, Number of occurrences, Occurrence | Tagged: Allocation, Asbestos, CGL, Comprehensive General Liability, Duty to defend, Non-Products, Number of occurrences, Occurrence, Premises/operations (non-products) coverage | Permalink
Posted by Scott Godes
May 19, 2010
Can you think of many, or, in fact, any, companies that are risk free when it comes to the areas of intellectual property or cybersecurity? If you represent companies with risks relating to intellectual property and cybersecurity, what insurance coverage would apply if those risks turned into claims and potential liabilities? Are you familiar with the developing body of insurance coverage law in those areas?
I’m the author of a forthcoming treatise chapter that answers those exact questions. It’s the “Insurance Coverage for Intellectual Property and Cybersecurity Risks” chapter of the New Appleman Law of Liability Insurance, Second Edition, to be released in June 2010. Here’s the chapter’s introduction:
Two developing areas of insurance coverage law are the issues of insurance coverage for intellectual property-based claims and cybersecurity-based claims. This chapter describes coverages available for such claims. The chapter first analyzes and details the development of coverage for intellectual property claims through advertising injury found in general liability insurance policies, as well as other coverages. The chapter then analyzes coverage for cybersecurity claims. The area of coverage for cybersecurity claims is, relative to most insurance coverage topics, quite nascent, and the chapter considers decisions that should be seen as analogous to this developing topic. The chapter discusses coverage for cybersecurity claims under general liability, first-party, and other policies, as well as new policies being marketed as specific to cybersecurity risks and claims.
The intellectual property section of the chapter provides a basic overview of various types of intellectual property risks and provides a detailed discussion of how insurance policies apply to those risks. The chapter explains the legal principles at issue when seeking insurance coverage for such risks and potential liabilities. The chapter discusses the majority and minority rules for various issues and provides an analysis of the various exclusions that insurance companies have cited when trying to deny coverage for intellectual property claims.
The cybersecurity section of the chapter provides an overview of the new and growing cybersecurity risks faced today and details what insurance policies apply to those risks. The chapter details how courts have ruled on coverage questions for cybersecurity and computer-related risks and liabilities. For those areas of the law that are not as well-developed, in light of the relatively new nature of cybersecurity risks, the chapter notes analogous caselaw and how those holdings should apply to cybersecurity claims. The section also notes issues to consider for companies in the market for new and specialized cybersecurity insurance policies.
This post appeared originally at the Lexis Insurance Law Community.
Disclaimer:
This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2010.
1 Comment | Business interruption, Cloud computing, Contingent business interruption, Cyber insurance, Data breach insurance coverage, Defense Costs, Denial-of-service, Duty to defend, First party insurance coverage, Uncategorized | Tagged: Business interruption, CGL, Cloud computing, Commercial General Liability, Contingent business interruption, Cyber insurance, Data breach, Data breach insurance coverage, DDoS, Defense Costs, Duty to defend, First party insurance coverage | Permalink
Posted by Scott Godes
April 2, 2010
The Bureau of National Affairs recently wrote an article about a new court decision discussing directors and officers insurance coverage for officers of Stanford Financial Group. In the BNA Corporate Accountability Report, reporters Tom Edmondson and Tina Chi discussed the decision Pendergest-Holt v.
Certain Underwriters at Lloyd’s of London, No. 10-20069 (5th Cir. Mar. 15, 2010). (BNA has made the full text of the decision available here.) In the lede, Mr. Edmondson and Ms. Chi explained:
The Fifth Circuit’s recent ruling in Pendergest-Holt v. Certain Underwriters at Lloyd’s of London underscores the importance of the wording of the prerequisite provisions in the conduct exclusions in directors and officers insurance policies, corporate insurance attorneys told BNA in recent interviews.
The decision discussed the advancement of defense costs under a directors and officers insurance policy that the London insurance market (referred to as Lloyd’s of London in the story). The story discussed how the court interpreted policy exclusions and limitations, and that the court rejected the insurance company’s interpretation of how the money laundering exclusion applied.
The article also quotes me at the end, providing some pointers and best practices that I gave for policyholders in D&O and other insurance claim disputes. For example, the article states:
Insureds should also keep in mind that when they want to make a claim under an insurance policy, any
“high-dollar” potential loss, claim, or actual claim will likely cause the insurance company to seek opinions
from sophisticated coverage counsel that represent insurance companies, Godes said. “These insurance
attorneys will advise in terms of what provisions and exclusions may apply,” he said.
Thus, “insureds and policyholders are well advised to take the same approach as these insurance
companies and have counsel involved early so that they can better protect their own rights,” Godes said.
For the rest of my advice, you’ll have to check out the full article. My firm is hosting a copy of the article online, which can be found here.
Disclaimer:
This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2010.
2 Comments | D&O Insurance, Defense Costs, Duty to defend | Tagged: D&O Insurance, Defense Costs, Duty to defend | Permalink
Posted by Scott Godes
March 10, 2010
At the 2010 Insurance Coverage Litigation Committee CLE Seminar, which the American Bar Association Insurance Coverage Litigation Committee hosted in Tucson, Arizona on March 4-6, 2010, I filled in for my colleague, Jim Murray, for the plenary session”Knockin’ on Heaven’s Door: Perspectives on Litigation and Negotiation of High-Damage Claims in 2010 and Beyond.” I was joined by William B. Hedrick of Marsh USA Inc., Laura McKay of Hinkhouse Williams Walsh LLP, Gordon McKay of Arcina Risk Group, and Jeffrey M. Posner of JM Posner, Inc.
We had a great discussion about the practical issues facing policyholders and insurance companies when claims reach high level excess policies. Our topics ranged from the duty to defend, changes in London market insurance in the last few decades, and who handles and pays for claims handling when in high levels of coverage.
The Lexis Insurance Law Center has posted a brief recap of the panel and the supporting materials, in a blog post entitled “Issues Confronting Insureds and Excess Insurers in Large-Scale, Long-Tail Claims.” You can see the post by clicking here.
Disclaimer:
This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2010.
Leave a Comment » | Allocation, Asbestos, Defense Costs, Excess Insurance | Tagged: Allocation, Asbestos, Defense Costs, Duty to defend, Excess Insurance | Permalink
Posted by Scott Godes
January 5, 2010
When you hear “cloud computing,” is insurance the first thing that you think of? No? I’m the only one who thinks that way? Well, if you were wondering about the implications of cloud computing on insurance and risks, I co-wrote an article with my colleague, Idan Ivri that addresses those questions.
First, what does “cloud computing” mean? We explain:
Cloud computing is a loose term, but it generally refers to storing user data or applications on a remote server rather than on users’ own systems. A 2009 industry study by Coda Research Consultancy estimated that, by 2015, various forms of such software could represent 17% of all information technology spending worldwide.
That sounds great, doesn’t it? The idea is that you and your business don’t have to buy expensive suites of software or massive servers and hard drives to store all of your applications, because you will be able to access them via a third party (sometimes known as a third party application service provider (ASP) or software as a service (SAAS)).
But is cloud computing all silver lining, and no, uh, grey cloud? We note:
[I]f developers make privacy the top priority, cloud-computing developers may face those that say they should be liable for the bad behavior of unsavory customers seeking a dark place to host illegal data or viruses.
On the other hand, privacy standards that are too low could make developers liable for data theft against legitimate users, or for putting private data into the hands of advertisers. Developers will also have to handle disruptions or unavailability of data and services to end users.
Do developers, ASPs and SAAS providers have insurance to cover those risks? Will “traditional” insurance policies cover? What about specialized “cyber” policies? For the rest of the discussion about insurance for cloud computing, click on over to the full article at Software Development Times on the Web.
Disclaimer:
This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2010.
2 Comments | Business interruption, Cloud computing, Contingent business interruption, Cyber insurance, Data breach insurance coverage, Defense Costs, Denial-of-service, Duty to defend, First party insurance coverage | Tagged: Business interruption, CGL, Cloud computing, Commercial General Liability, Contingent business interruption, Cyber insurance, Data breach, Data breach insurance coverage, Defense Costs, Denial-of-service, Duty to defend, First party insurance coverage | Permalink
Posted by Scott Godes
December 3, 2009
In the December 2009 edition of e-Commerce Law & Strategy, you’ll find my new article:
Data Breaches Are Not Going Away
Will Your Company Be Covered for Those Risks?
By Scott Godes
Because the costs of data breaches can be so astronomically high, the importance of ensuring that e-commerce and other types of firms have insurance to cover such claims cannot be overstated.
I don’t want to give away the entire article…but, as you might imagine, I discuss the availability of insurance coverage for data breaches within the piece. The article analyzes coverage under Commercial General Liability, Business Owners Policies, and other sources of insurance coverage for data breaches. Click on over for the full version of the article.
Update: A reprint of the full article now is available here.
Disclaimer:
This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2009.
3 Comments | Cloud computing, Cyber insurance, D&O Insurance, Data breach insurance coverage, Defense Costs | Tagged: CGL, Cloud computing, Commercial General Liability, Cyber insurance, D&O Insurance, Data breach, Data breach insurance coverage, Defense Costs | Permalink
Posted by Scott Godes
