Scott Godes

Author Archives: Scott Godes

Judy Greenwald quotes me in her Business Insurance article, “Cloud computing risks generally covered by cyber insurance.”

Posted on January 17, 2012 by Scott Godes 4 comments

In her article, Cloud computing risks generally covered by cyber insurance, Business Insurance author Judy Greenwald writes about cloud computing and whether risks associated with the cloud might be covered by cyber insurance.

The article opens:

Insurance coverage for cloud users generally falls under firms’ cyber risk policies, observers say.

That’s because cyber policy language generally is broad enough to cover cloud computing, and observers say they do not anticipate the need for separate cloud computing policies.

The article provides viewpoints from multiple people who deal with insurance and cyber risk issues. Ms. Greenwald quotes brokers and underwriters who deal with these risks. Ms. Greenwald also quoted me in the article, writing:

Scott N. Godes, [formerly] of counsel at law firm Dickstein Shapiro L.L.P. in Washington, said he has seen few if any policies where cloud computing is specifically named in an insurance policy, but liability policies and even first-party policies typically are written so that the language covers cloud computing.

In addition, there are variations among various insurers’ forms and even within multiple forms offered by an individual insurer, said Mr. Godes. “Close attention should be paid to when the term “computer system’ or “computer network’ is defined, if those are the operative terms of what is covered,” [to] ensure problems related to cloud service providers are covered, he said.

Want to read the other opinions and thoughts offered on the subject? Then click on over to Cloud computing risks generally covered by cyber insurance to read the entire article.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2012.

“2012 Data Privacy and Information Security Predictions”

Posted on January 4, 2012 by Scott Godes 4 comments

My friend, Christine Marciano, who is President, Cyber Data Risk Managers, just released her 2012 Data Privacy and Information Security Predictions. The report is an interesting series of predictions on what 2012 will hold in the areas of privacy and cyber risks. Here is how Christine describes the report:

This is our first Data Privacy and Information Security Predictions report. We asked
leading Data Privacy and Information Security professionals what they thought the New
Year will hold in terms of the threats that are on the 2012 landscape. The predictions
that are included in this report offer a wide range of threats and concerns that need to
be considered by every business or organization that operates in cyberspace regardless
of its size.

Christine starts off the report with some of her own predictions regarding 2012 and what people might expect in terms of cyber risks and cyber threats:

As we start 2012, we can expect to see a continuance of data breaches and increasing cyber attacks. Taking a look back at 2011, we have learned that no system is ever 100% secure no matter the name or the size of an organization. It’s important for businesses and organizations to know what they need to be prepared for and to take steps to help minimize the threats that do not appear to be going away. Looking ahead, it appears that in 2012 we will see an increase of heightened and very sophisticated threats than what was seen in 2011. We can recall 2011 as the year the hackers and the hacktivists got started on the data breach and gained a great amount of attention. With all of the digital information and big data that is being stored, it should come as no surprise that data breaches are not going away in 2012 as they are only going to get bigger. I expect that we will also see more serious hacktivists attacks. It seems that the hacktivist is no longer hacking organizations just for the fun of it. They are attacking for specific causes and I believe that hacktivists are going to be a very serious threat in 2012 and organizations must be prepared.

Christine cites me for a prediction about data breaches and insurance coverage for data breaches and privacy risks. Here is her write up for me in the report:

DATA BREACHES WILL FORCE MANY TO REVIEW THEIR EXISTINGINSURANCE POLICIES TO SEE WHAT’S COVERED

Scott N. Godes, [formerly] Counsel, Dickstein Shapiro LLP, states…

In terms of a trend in the areas of privacy and information security, I have noticed a sea change in both areas, leading to more need for analysis of insurance policies to cover these risks. When considering privacy risks, there has been an expansion of risks and potential liability for privacy violations, with the Pineda v. Williams Sonoma decision serving as one example. This year also has been called the year of the data breach, and companies are taking a hard look at how their insurance might and does cover such claims. These risks are being considered much more closely by companies, along with a careful analysis of how their insurance policies might cover.

Follow Scott Godes on Twitter:
@insurancecvg

She also quotes several people who write and speak a good deal about cyber risks, including:

Misha Glenny, Author of DarkMarket: Cyberthieves, Cybercops and You (Knopf, 2011), about smartphones and international cybercrime;
Jim Duster, Vice President of Sales, Debix; and Jake Kouns, Director of Cyber Security and Technology Risks, Underwriting, Markel Corporation, about the growth of cyberinsurance for 2012;
InfoLawGroup Senior Counsel, Richard Santales, about EU Data Protection regulation changes, HIPAA breach notification changes, upcoming FTC privacy report, and cloud computing;
InfoLawGroup Partner, David Navetta, about concerns over BYOD (“bring your own device”) and COIT (“consumerization of information technology);
Bruce Anderson, CEO, Cyber Investigation Services, about small and medium businesses becoming a target for data breaches in 2012, increased cyber attacks, growth in website attacks, mobile threats, and hacktivists targeting the cloud;
Anthony M. Freed, Managing Editor at Infosec Island, about cyber attacks on critical infrastructure;
Shaun Dakin, Managing Director, Webbmedia Group, about the FTC using existing power to regulate commercial enterprises; and
Robert Fletcher, founder and CEO of Intellectual Property Insurance Services Corporation, as to how Changes in America Invents Act will drive intellectual property owners to explore specialized intellectual property insurance policies to fund IP litigation.

Disclaimer:

Join me for RIMS 2012 Annual Conference & Exhibition in Philadelphia!

Posted on December 29, 2011 by Scott Godes One comment

Looking for a fantastic seminar devoted to risk and insurance? Are you a risk manager? Are you part of the insurance industry? Are you someone who helps companies get their claims covered and paid (that’s me! that’s me!)?

Of course, then, you want to attend a risk management seminar with “no boundaries.” Well, look no further. “No boundaries” is how RIMS describes its RIMS12 annual conference for 2012:

If your organization is like most, risk is not confined to just one department. Everyone has risk management responsibilities. At RIMS 2012 Annual Conference & Exhibition, there are no limits to the information and resources available to help you and your organization innovatively minimize risks. You’ll find a wide array of educational sessions offering practical strategies, no matter what your business area. Sessions are offered at all experience levels—from beginner to advanced—so you can design an educational experience that fits your needs. And, the Exhibit Hall is jam-packed with solutions–everything you’ll need for the upcoming year.

The event is from April 15-18, 2012 in Philadelphia.

Not sure whether you should attend? Here’s what RIMS says, and I couldn’t have said it better myself:

The Value of Attending

As the current economic climate continues to affect companies, some critical training and education budgets have been slashed or put on hold. Yet, the need for proper training, innovative tools and resources is greater now than ever before. At RIMS 2012 Annual Conference & Exhibition you will participate in the single most educational, informative conference for risk professionals. Refresh your skill set, pick up new tips and techniques, and network with nearly 10,000 risk professionals.

But just in case you need help justifying the value of attending RIMS to your management, here are the top reasons why you should register today:

Top-notch education–With 120+ sessions, hot topic sessions, keynote presentations, a jam-packed Exhibit Hall and unique networking opportunities, RIMS ’12 has more new strategies, ideas and practical solutions in one place that you will find anywhere else!

Keynote presentations–You’ll hear business visionaries share how to best utilize your resources in this time of financial uncertainty, enhance your leadership skills and align effective risk management with your organization’s business goals. Learn how to incorporate successful change management strategies into your risk policy, work in constantly evolving markets and structure your risk program to handle planned—and unplanned—challenges as they arise.

Industry leaders–Solve today’s challenges with the help of top industry leaders. At RIMS 2012, world-class speakers will discuss techniques and best practices that will advance your understanding of risk management and help you maneuver your risk program past current and future obstacles. This is the knowledge that will ensure your organization’s stability and growth—especially in these demanding times!

Save your company money!–Attend sessions that will save your company money and take away cost-cutting strategies. Your registration will have paid for itself! View the conference program to find the best sessions to fit your business needs.

Exhibit Hall–Walk through the Exhibit Hall to meet with service providers and discover thousands of ground-breaking resources, the latest innovations and breakthrough solutions. Hold on to those business cards—they will help you create innovative strategies and find new solutions when you need them.

Networking–Navigate the twists and turns of developing a successful risk management program with nearly 10,000 leading risk professionals who will bring a fresh perspective to your risk program. We’ve got events such as a grand Opening Reception, keynote presentations, award receptions, Wednesday Night Spectacular and more for you to meet old friends and make new ones.

Make a difference–Join your peers and give back to Vancouver, our host city, or support the future of the risk management industry. Participate in RIMS Community Service Day or join us for the Spencer Educational Foundation fundraising event. Details on these special events are available in the conference program.

Global reach–Attendees from more than 50 countries will come together in Philadelphia at RIMS 2012 to learn how to improve their risk program and operate efficiently and effectively in today’s global marketplace. Learn the challenges of doing business in China, balancing operational risks associated with global sourcing, tips for implementing a global risk program, and more! Attend one of the sessions offered in Spanish and Japanese for a truly global perspective. What’s more, you’ll find many multinational corporations and international organizations in the Exhibit Hall.

Share your knowledge–Host an “everything I learned at RIMS ’12” information session for your coworkers and pass on the new tools and strategies that you acquired, as well as information on the new contacts and solution providers you met.

It’s the premier industry conference–In terms of learning, networking, solution-sharing, peer exchange and connecting with service providers, RIMS ’12 is the only place where you can find it all. So, join us in Philadelphia and gain the advantage that you need to elevate your profile with your organization!

My session will be CLM203: Cyber Attacks and Privacy Claims: Litigation, Insurance and Crisis Management. Joined by Rick Bortnick and Art Boyle, we’ll be discussing insurance coverage for cyberrisks and privacy claims, including data breaches, denial-of-service attacks, privacy class actions, and other cybersecurity and privacy events:

Cyber Attacks and Privacy Claims: Litigation, Insurance and Crisis Management

Session Code: CLM203

Date: Wednesday, April 18, 2012

Time: 8:45 AM – 10:00 AM

Every day, the media reports another major cyber breach. No person or corporation is immune. Government entities, financial institutions, health care providers, Fortune 500 companies and even cyber-security firms are under constant attack. And the inevitable class action privacy breach lawsuits follow. The trend among courts and government regulators has been to allow these suits to proceed to discovery and beyond. The associated costs are increasing exponentially. A single cyber breach could cost tens of millions of dollars. Projections for costs from the Sony breach start at $1 billion. You may think to look to your cyber or tech insurer for help, but what about a straightforward first- or third-party policy or a professional services policy? Is the theft of information covered under a fiduciary policy? How will you address and coordinate the crisis management? Who do you hire? Can a law firm help? And while an increasing number of underwriters offer cyber-insurance products, many claims professionals are not yet familiar with the coverages or how to evaluate and handle the resultant claims. Become better informed with a debate on cyber risks and litigation, crisis management, loss control, the applicability of insurance and cyber-risk strategies.

Panel

Coordinator – Rick Bortnick, Cozen O’Connor

CPC – Charlotte Peedin, Golden Corral Corporation

Speaker – Rick Bortnick, Cozen O’Connor

Speaker – Art Boyle, Radian Group Inc.

Speaker – Scott N. Godes, [formerly] Dickstein Shapiro LLP

Interested in attending? Then head on over to the RIMS 2012 website to register.

Disclaimer:

Join me for the ABA Insurance Coverage Litigation Committee’s 2012 Annual CLE Seminar in Tucson, Arizona!

Posted on December 23, 2011 by Scott Godes One comment

You know that insurance touches every aspect of litigation, not to mention its importance in the context of corporate transactions, right? In today’s economic climate, the value of insurance is critical. As an attorney, you want to stay informed about the latest trends in insurance coverage law, right? You’re probably also looking for some CLE credit as well. Do you want to go some place warm this winter? Maybe Arizona?

If you said “yes” to any of those questions, then you should join me at the Loews Ventana Canyon Resort for the ABA’s 2012 Insurance Coverage Litigation Committee (ICLC) CLE seminar, from March 1-3, 2012 in Tucson, Arizona.

Here’s what the ABA ICLC says about the seminar:

Why You Should Attend
Insurance touches every aspect of litigation. In today’s economy, it is critical to stay informed on the latest trends in the law. Join many of the nation’s top insurance company and policyholders’ counsel and other industry leaders at the Insurance Coverage Litigation Committee Annual CLE Seminar. This year’s program once again will provide the same high-quality presentations and valuable networking opportunities as prior ICLC programs.

What You Will Learn

How to make rain. Learn what clients really want from their lawyers and how to expand business.

When disasters strike. How insurance coverage can assist the construction, energy, and hospitality industries.

The credit crisis and how D & O coverage may help pay for these claims.

How to present coverage issues at trial. Can you make insurance issues interesting?

Can you overcome insurer bias? Learn from practitioners who have faced these challenges.

Overlooked and underutilized provisions in insurance policies.

Privilege issues in insurance coverage litigation.

Can a policyholder recover consequential damages in the absence of bad faith?

Who Should Attend

All attorneys who litigate in the area of insurance coverage.

In-house counsel and seasoned practitioners needing an update from the leading trial lawyers, experts and members of the judiciary on the latest legal developments.

My panel will be the greatest panel ever,* discussing insurance coverage for cyberrisks, including data breaches, denial-of-service attacks, and other cybersecurity events:

Saturday, March 3, 2012
9:05 am – 10:05 am CLE breakout session

Insurance Coverage for Data Breaches, Denial-of-Service Attacks, and Cybersecurity Events, and the Tidal Wave of Class Action Lawsuits Following Data Breach Disclosures.
There has been a recent tidal wave of data breaches, network interruptions, and cyberattacks, resulting in countless class actions. This program will explore how insurance coverage may help fund the costs to defend these lawsuits. Would your insurance policies cover those events? What coverages are available in the marketplace?

Speakers:

Scott N. Godes

Rick Bortnick

Jennifer Smith

William T. Um

Hon. Carl West

Interested in attending? Then head on over to the ABA’s website to register. If you’re looking for the reservations page for the event on the Loews Ventana Canyon hotel website, you can find it by clicking here.

*I cannot guarantee that you will find this to be the greatest panel ever. But you might. Isn’t that good enough for you?

Disclaimer:

Join me for IQPC’s Cyber-Risk & Data Breach Management Summit

Posted on November 28, 2011 by Scott Godes One comment

Are you looking for a conference discussing cyber risk and data breach management issues? Do you want to network with industry insiders, compare products and strategies, and to learn valuable information on potential cyber risks and liabilities? If you do, then you’ll want to join me at the IQPC Cyber-Risk & Data Breach Management Summit on November 30-December 2, 2011.

Here are the introductory details:

Managing the Risk and Impact of Data Breaches without Disrupting Business Innovation and Growth

Virtually every business today is facing cyber risks, ranging from the loss of information on a single laptop to disruption of its entire business due to a data center outage or attack. In today’s information economy, the protection of data is a key element in the long-term competitiveness and survival of commercial organizations. Whether faced by a regulatory investigation or litigation stemming from a data breach organizations have understand and address the cyber risks they continually face and exercise due care in implementing policies to protect their business and comply with regulations. Effective cyber security depends on coordinated, integrated preparations for responding to and recovering from, a range of possible cyber attacks. The best approach to information security incorporates risk management as part of the firm’s overall strategy and objectives.

This conference will provide an innovative and fresh eye to traditional cyber security processes and tools, and will present ideas and real-life examples that you can apply to your organization’s risk management programs. Furthermore, this conference will highlight how cyber risk insurance can protect your company in the event it suffers a breach and mitigate your risk.

* * *

NOVEMBER 30 – DECEMBER 2, 2011 | SENTRY CENTER, NEW YORK, NY

My panel will be on December 2, at 9:45 am:

Lessons from the Latest Litigation and Enforcement Actions Resulting from a Breach

This session will examine case studies based on recent litigation as a result of data breach incidents that will help you learn to recognize the potential weaknesses that present themselves prior to an account data
compromise. You will learn the most up-to-date detection and prevention practices your organization can implement to prevent a potentially damaging breach from occurring.

Interested in attending? [ Register Now ]

Update: If you’d like to attend, and would like a huge discount (seriously huge, way bigger than your typical cyber Monday discounts), let me know ASAP, and I’ll put you in touch with the organizer.

Disclaimer:

Note: as a speaker at the conference, I will not be charged a fee to attend the remainder of the conference.

Join me for American Conference Institute’s 22nd National Advanced Forum on Bad Faith Litigation

Posted on November 17, 2011 by Scott Godes Leave a comment

Are you looking for a conference discussing bad faith, extracontractual liability, and other ways of obtaining damages beyond policy limits for insurer misconduct? Of course you are. Then you’ll want to join me in Orlando, Florida from November 30-December 1, 2011 for American Conference Institute’s 22nd National Advanced Forum on Bad Faith Litigation.

Here are the details from ACI’s website:

The essential forum that shapes the future of bad faith litigation strategies for leading outside counsel, in-house counsel and claims examiners in the insurance industry

Wednesday, November 30 to Thursday, December 01, 2011

Hyatt Regency Grand Cypress, Orlando, FL

Bad Faith Litigation returns for its 22nd installment led by a multi-disciplinary, cross-country faculty from both sides of the issue, including seasoned in-house counsel, top law fi rms and renowned jurists.

Bad Faith is continuously an area of the law that generates a significant amount of costly litigation, as the courts continue to hand down crippling verdicts. Now is the time to start preparing how to recognize the signs of a bad faith set-up and properly investigating the claims as they are presented. As the hot bed states spearhead their way toward statutory bad faith laws, litigators must be well equipped in how to defend against, and bring, a bad faith claim.

An annual tradition, American Conference Institute is proud to bring you its 22nd National Advanced Forum on Bad Faith Litigation. This conference has been fully revised and updated to account for new developments and designed to bring winning litigation strategies to even the most experienced bad faith litigators. Our expert faculty will provide effective tactics and insights from both the insurers and the policyholders. Featuring:

Insurers In-house roundtable: this specialized in-house panel will focus on 1) best practices in claims investigation and decisions; 2) settling bad faith claims before a suit is filed; 3) special issues in the life, health & disability arena; 4) dealing with your insured and much more

Viewpoints from the Policyholders Bar: with a session focused on the policyholders bar, as well as policyholder counsel point of view mixed into multiple sessions, don’t miss the chance to hear what key actions (or inactions) could lead your client into litigation.

Discussions with distinguished jurists: this session will provide attendees with highly sought after insight on effective theories and evidentiary issues, from those that have presided over bad faith suits.

Narrowly tailored panel sessions: our narrowly tailored, comprehensive panels will shed light on the most effective ways to manage discovery, recognize bad faith set-ups, properly investigate a claim, understand attorney-client privileges and work products protections, and establish successful pre-trial strategies.

This conference will provide you with the most up-to-date information and strategies on how to get the best result for your client. This is the event the industry relies on to get practical strategies for resolving coverage disputes, mitigating risk and gaining the upper hand in bad faith lawsuits.

Plus, add an extra benefit to your attendance by also registering for the Pre and Post state specific conference workshops: A. Current Events in Bad Faith: Gulf States

Post conference concurrent workshops on Bad Faith Hotbeds: B. FloridaC. California D. New Jersey

My panel is titled: “Discovery: Limiting Its Scope, Responding Efficiently to Expansive Orders, Protecting Privilege, Preparing Company Witnesses for Depositions and More.” Of course, I will not be talking about any of those things. I will be talking about discovery from the policyholder’s and corporate insured’s perspective. I’ll discuss how to get discovery from insurance companies, how to discover documents during a bad faith insurance coverage action, how to get an insurance company to produce documents, the role of privilege (if any) for the insurance companies when dealing with a bad faith claim, discovery of reinsurance documents, discovery of reserve documents, discovery of claims manuals, and more.

My co-panelists are:

Charles Ehrlich

SVP and Worldwide Special Counsel

RiverStone resources/TIG Insurance Company

Scott Godes

[formerly] Counsel

Dickstein Shapiro LLP

Gregory D. Miller

Director

Podvey, Meanor, Catenacci, Hildner, Cocoziello & Chattman, P.C.

Michael Newman

Partner

Barger & Wolen

Our topics include:

Depositions, Interrogatories and Other Production Issues

• Having a reason for discovery

• Making the cost-benefiit decision

• Budgeting up front

• Preparing the adjuster or company executive for their deposition

– Understanding the “fear factor”

– The special problems of video depositions

• Proprietary files – can the insured get these files to support a bad faith claim?

– Manuals and guidelines

– Other insureds, policies and claims.

– Reinsurance and reserve information.

• Interrogatories: Knowing what questions to ask

• Requests for admission – the neglected tool

• Dealing with expansive discovery orders and overly broad litigation holds

– Avoiding the knee jerk reaction

• Limiting the extent of pattern and practice discovery

Privilege

• Invoking privilege

• Consequences of when company “anticipated litigation”

• Counsel’s involvement in adjustment process.

• Relying on advice of counsel in defending against bad faith

E-Discovery

• Managing the explosion of ESI

• Understanding your obligations and the consequences of failing to preserve ESI

• Creating an internal process to successfully meet e-discovery obligations

• Methods to successfully limit production of ESI

• Learning the technical stuff

• Understanding the process of organization and being able to explain it

• Educating the court

Costs

• Minimizing discovery costs

– Planning, planning, planning; Non-waiver agreements;

“Eyes-only” agreements; Voluntary/private special master;

Avoiding discovery disputes

Interested in attending? Click here:

Disclaimer:

Note: as a speaker at the conference, I will not be charged a fee to attend the remainder of the conference.

Corporate Insurance Blog is one of the Top Insurance Blogs for 2011!

Posted on November 14, 2011 by Scott Godes 5 comments

I’m excited to let you know that the Corporate Insurance Blog has been listed as one of the Top Insurance Blogs for 2011. It is an honor to be on the list. Thanks very much to my friends at Lexis for the honor and the award.

Here, in relevant part, is how Lexis described the process:

After some very careful review and a great deal of deliberation, the LexisNexis Insurance Law Community has selected its Top Insurance Blogs for 2011.

We’d like to express gratitude to our Community members for your comments and suggestions. All of you submitted many of the new names on the 2011 Top Blogslist and we thank you for infusing fresh talent into our Community. We also want to especially thank the LexisNexis Insurance Law Advisory Board for giving us their input.

These top blogs offer some of the best writing out there. They contain a wealth of information for all segments of the insurance industry, and include timely news items, expert analysis, practice tips, frequent postings and helpful links to other sites and sources.

These sites demonstrate the power of the blogsphere, by providing a collective example of how bloggers can—and do—impact and influence the law and the business of insurance.

Many thanks to my friends at Lexis for the recognition, kind words, and the award.

Disclaimer:

Awards

Would your company’s insurance cover a cyberattack?

Posted on October 28, 2011 by Scott Godes 5 comments

On October 27, 2011, CNN.com posted:

A massive cyberattack that led to a vulnerability in RSA’s SecurID tags earlier this year also victimized Google, Facebook, Microsoft and many other big-named companies, according to a new analysis released this week.

The Krebs On Security blog posted:

Security experts have said that RSA wasn’t the only corporation victimized in the attack, and that dozens of other multinational companies were infiltrated using many of the same tools and Internet infrastructure.

This is in line with comments from others, including this quote from Digital Forensic Investigator News, that “2011 has quickly become the year of the cyber attack.” Would your insurance policies cover those events? Beyond the denial of service attacks that made news headlines, a shocking “80 percent of respondents” in a survey of “200 IT security execs” “have faced large scale denial of service attacks,” according to a ZDNet story.[1] These attacks and threats do not appear to be on a downward trend. They continue to be in the news after cyberattacks allegedly took place against “U.S. government Web sites – including those of the White House and the State Department –” over the July 4, 2009 holiday weekend.[2] The alleged attacks were not only against government sites; they allegedly included, “according to a cyber-security specialist who has been tracking the incidents, . . . those run by the New York Stock Exchange, Nasdaq, The Washington Post, Amazon.com and MarketWatch.”[3] The more recent ZDNet survey shows that a quarter of respondents faced denial of service attacks on a weekly or even daily basis, with cyberextortion threats being made as well.[4]

Denial of Service Attacks

The cyberattacks that have stolen recent headlines were denial of service incidents. Personnel from “CERT^® Program,” which “is part of the federally funded Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania,” have explained:

Denial of service attacks come in a variety of forms and aim at a variety of services. There are three basic types of attack:

consumption of scarce, limited, or non-renewable resources
destruction or alteration of configuration information
physical destruction or alteration of network components.[5]

Some attacks are comparable to “tak[ing] an ax to a piece of hardware” and are known as “so-called permanent denial-of-service (PDOS) attack[s].”[6] If a system suffers such an attack, which also has been called “pure hardware sabotage,” it “requires replacement or reinstallation of hardware.”[7]

What Insurance Coverage Might Apply?

The first place to look for insurance coverage for a denial of service attack is a cybersecurity policy. The market for cybersecurity policies has been called the Wild West of insurance marketplaces. Cyber security and data breach policies, certain forms of which may be known as Network Risk, Cyber-Liability, Privacy and Security, or Media Liability insurance, are relatively new to the marketplace and are ever-changing. The Insurance Services Office, Inc., which designs and seeks regulatory approval for many insurance policy forms and language, has a standard insurance form called the “Internet Liability and Network Protection Policy,” and insurance companies may base their coverages on this basic insuring agreement, or they may provide their own company-worded policy form. Because of the variety of coverages being offered, a careful review of the policy form before a claim hits is critical to understand whether the cyberpolicy will provide coverage, and, if it will, how much coverage is available for the event. If your company does make a claim under a cyberpolicy, engaging experienced coverage counsel who is familiar with coverage for cybersecurity claims will help get the claim covered properly and fight an insurance company’s attempt to deny the claim or otherwise improperly try to limit coverage that is due under the policy.

If your company faces a denial of service cyberattack and suffers losses as a result, but your company has not purchased a specialized suite of policies marketed as cyber security policies, coverage nonetheless may be available under other insurance policies. In addition, other insurance policies may provide coverage that overlaps with a cyberinsurance policy. Consider whether first party all risk or property coverage may apply. First party all risk policies typically provide coverage for the policyholder’s losses due to property damage. If the denial of service cyberattack caused physical damage to your company’s servers or hard drives, your company’s first party all risk insurer should not have a credible argument that there was no property damage. Even if the damage is limited to data and software, however, it may be argued that the loss is covered under your company’s first party all risk policy, as some courts have found that damage to data and software consists of property damage.[8]

First party policies may also provide coverage for extra expense, business interruption, and contingent business interruption losses due to a cyberattack. (Contingent business interruption losses may include losses that the policyholder faces arising out of a cyber security-based business interruption of another party, such as a cloud provider, network host, or others.)[9]

Look also to other first party coverages, such as crime and fidelity policies, to determine whether there may be coverage for losses due to a cyberattack. In particular, crime policies may have endorsements, such as computer fraud endorsements, that may cover losses from a denial of service cyberattack.[10]

If, after a cyberattack, third parties seek to hold your company responsible for their alleged losses, consider whether your company’s liability policies would provide coverage. More importantly, consider your company’s commercial general liability (CGL) insurance policy, if your company does not have a specialized cyber liability policy. If your company did buy a cyberinsurance policy, there is coverage under a CGL policy (and others) that may overlap the coverage in a cyberinsurance policy, providing your company with additional limits of insurance coverage available for the claim.

The first coverage provided in a standard-form CGL insurance policy covers liability for property damage. Similar to the analysis above for first party all risk policies, if there was damage to servers or hard drives, insurers should not be heard to argue that there was no property damage. Courts are divided as to whether damage to data or software alone consists of property damage under insurance policies, with some courts recognizing that “the computer data in question ‘was physical, had an actual physical location, occupied space and was capable of being physically damaged and destroyed’” and that such lost data was covered under a CGL policy.[11] Be aware, however, that the insurance industry has revised many CGL policies to include definitions giving insurers stronger arguments that damage to data and software will not be considered property damage. But also note that your company’s CGL policy may have endorsements that provide coverage specifically for damage to data and software.[12] Consider further whether a claim would fall within the property damage coverage for loss of use of tangible property—loss of use of servers and hard drives because of the cyberattack; loss of use of computers arising out of alleged software and data-based causes has been held sufficient to trigger a CGL policy’s property damage coverage.[13]

Keep in mind that if there is a claim for property damage under a CGL policy, there may be coverage for obligations that your company has under indemnity agreements. Standard form CGL policies provide coverage for indemnity agreements.[14]

Depending on the types of claims asserted, other liability policies may be triggered as well. For example, directors and officers liability policies may provide coverage for investigation costs,[15] and errors and omissions policies also may cover, if the cybersecurity claims may be considered to be within the definition of “wrongful act.”[16] The takeaway for companies suffering from a cyberattack is that a careful review of all policies held by the insured is warranted to make certain that the most comprehensive coverage may be pursued.

[1] Larry Dignan, Cyberattacks on Critical Infrastructure Intensify, ZDNet, http://m.zdnet.com/blog/btl/cyberattacks-on-critical-infrastructure-intensify/47455 (Apr. 19, 2011).

[2] U.S. Government Sites Among Those Hit by Cyberattack, CNN, http://www.cnn.com/2009/TECH/07/08/government.hacking/index.html (July 8, 2009).

[3] Siobhan Gorman & Evan Ramstad, Cyber Blitz Hits U.S., Korea, Wall St. J., http://online.wsj.com/article/SB124701806176209691.html (July 9, 2009).

[4] Larry Dignan, Cyberattacks on Critical Infrastructure Intensify, ZDNet, http://m.zdnet.com/blog/btl/cyberattacks-on-critical-infrastructure-intensify/47455 (Apr. 19, 2011).

[5] Denial of Service Attacks, CERT, http://www.cert.org/tech_tips/denial_of_service.html (last visited July 9, 2009); About CERT, CERT, http://www.cert.org/meet_cert/ (last visited July 10, 2009).

[6] Kelly Jackson Higgins, Permanent Denial-of-Service Attack Sabotages Hardware, Security Dark Reading, http://www.darkreading.com/security/management/showArticle.jhtml?articleID=211201088 (May 19, 2008).

[7] Id.

[8] See, e.g., Lambrecht & Assocs., Inc. v. State Farm Lloyds, 119 S.W.3d 16 (Tex. App. 2003) (first party property coverage for data damaged because of hacker attack or computer virus); Am. Guar. & Liab. Ins. Co. v. Ingram Micro, Inc., No. 99-185 TUC ACM, 2000 U.S. Dist. LEXIS 7299, at *6 (D. Ariz. Apr. 18, 2000) (construing “physical damage” beyond “harm of computer circuitry” to encompass “loss of access, loss of use, and loss of functionality”).

[9] Se. Mental Health Ctr., Inc. v. Pac. Ins. Co., 439 F. Supp. 2d 831, 837-39 (W.D. Tenn. 2006) (finding coverage under business interruption policy for computer corruption); see also Scott N. Godes, Ensuring Contingent Business Interruption Coverage, Law360 (Apr. 8, 2009), http://insurance.law360.com/articles/94765 (discussing coverage under first party policies resulting from third party interruptions).

[10] For example, in Retail Ventures, Inc. v. National Union Fire Insurance Co., No. 06-443, slip op. (S.D. Ohio Mar. 30, 2009), the court held that a crime policy provided coverage for a data breach and hacking attack.

[11] See, e.g., Computer Corner, Inc. v. Fireman’s Fund Ins. Co., 46 P.3d 1264, 1266 (N.M. Ct. App. 2002).

[12] See, e.g., Claire Wilkinson, Is Your Company Prepared for a Data Breach?, Ins. Info. Inst., at 20 (Mar. 2006), http://www.iii.org/assets/docs/pdf/informationsecurity.pdf (discussing the Insurance Services Office, Inc.’s endorsement for “electronic data liability”).

[13] See Eyeblaster, Inc. v. Fed. Ins. Co., 613 F.3d 797 (8th Cir. 2010).

[14] See, e.g., Harsco Corp. v. Scottsdale Ins. Co., No. 49D12-1001-PL-002227, slip op. (Ind. Super. Ct. Apr. 26, 2011).

[15] See MBIA Inc. v. Fed. Ins. Co., 652 F.3d 152, 160 (2d Cir. 2011).

[16] See Eyeblaster, 613 F.3d at 804.

Disclaimer:

“Legal Corner: Insurance Recovery for Loss or Liability Arising from Cyberattacks; Obtain and preserve insurance for your company’s protection”

Posted on October 27, 2011 by Scott Godes One comment

My former colleague, Ken Trotter, and I recently wrote an article titled, “Insurance Recovery for Loss or Liability Arising from Cyberattacks; Obtain and preserve insurance for your company’s protection.” The article is reprinted below, courtesy of and permission from, the fine people at Hospitality Upgrade magazine:

Scott Godes godess@dicksteinshapiro.com

Kenneth Trotter trotterk@dicksteinshapiro.com

^© 2011 Hospitality Upgrade. No reproduction without written permission. It is no secret that the hospitality industry continues to be vulnerable to data breaches and other cyberattacks. A report by Willis Group Holdings, a British insurance firm, states that the largest share of cyberattacks (38 percent) were aimed at hotels, resorts and tour companies. According to the report, insurance claims for data theft worldwide jumped 56 percent last year, with a bigger number of those attacks targeting the hospitality industry. Because businesses in the hospitality industry obtain and maintain confidential data from consumers–countless credit card records in particular–they will continue to be attractive targets for hackers and data thieves.Cybersecurity risks can cause a company to incur significant loss or liability. A data breach could result in the loss of important and sensitive customer information and, in some cyberevents, stolen company funds. Companies also may face liabilities to third parties under statutory and regulatory schemes, incurring costs to mitigate, remediate and comply with the liability under these statutes. Worse still, class action lawsuits have been filed around the country after data breaches, with plaintiffs alleging, among others, the loss of the value of their personal information, identity theft, invasion of privacy, negligence or contractual liability. Even when companies have had success in defeating class actions, they nonetheless incurred significant legal expenses when defending those lawsuits.Many businesses in the hospitality industry have undertaken important steps to reduce the likelihood of cyberattacks and to protect data and confidential information. Such measures are important, but equally important is understanding what insurance policies those companies have, or could purchase, to cover loss or liability associated with a data breach or other cyberattack.Involving Technology and Privacy Managers in Insurance-related Matters Because of the variation in cyberinsurance coverages and the underwriting inquiries that often go along with the purchase of such insurance policies, companies may find the process to be a great opportunity for a company’s risk managers, technology managers and privacy managers to work together to help understand potential risks to the company and what risk transfers are being purchased through the insurance policies offered. Working together aligns the risk managers’ understanding of specific insurance-related issues, the technology managers’ technical expertise regarding the companies’ systems and protections that will be helpful to understand any technical requirements in an application or insurance policy, and the privacy managers’ knowledge of the potential privacy risks that the company faces in light of the information held and how and where it is used. Indeed, given their understanding of the technical and practical considerations involved in protecting a company’s data from a cyberattack, technology and information managers may be in a unique position to assist the company’s risk managers in understanding the technical implications of specific policy language.Insurance Coverage Considerations When considering what coverages may apply or purchasing cyberinsurance coverage, it is essential to consider many types of coverage, as coverages often are written and offered in different modules and on varying insurance policy forms. On a regular basis, insurers are writing and introducing new policies marketed as being tailored specifically to cover data breaches and cyberattacks. In addition, coverage may be available under traditional forms of insurance. Indeed, policyholders may have overlapping coverage for data breaches and certain cyberrisks, with the potential for coverage under cybersecurity policies as well as traditional insurance policies. When analyzing the coverage afforded by such policies, it is critical to understand the impact of exclusions on coverages and any sublimits on the amount of coverage afforded by the policy. Because of the variety of coverages being offered, as discussed below, technology managers can assist the company by providing a careful review of the technical language used in the policy to help determine the scope and limitations of the coverage being purchased with respect to a specific company’s operations.

Cybersecurity and Data Breach Policies The market for cybersecurity policies has been called the Wild West of insurance marketplaces. Such policies are relatively new to the marketplace and are constantly changing. Specific policies for cybersecurity and data breach have been known as Network Risk, Cyberliability, Privacy and Security or Media Liability insurance. The Insurance Services Office, Inc., which designs and seeks regulatory approval for many insurance policy forms and language, has a standard insurance form called the Internet Liability and Network Protection Policy, and insurance companies may base their coverages on this basic insuring agreement or they may provide their own company-worded policy form. Because these policies are frequently updated and changed, it is important to compare the coverages offered across companies and within a company’s offerings.

Traditional Forms of Insurance Although it is ideal to purchase a policy designed specifically for cybersecurity risks, more traditional forms of insurance may also provide overlapping coverage for data breaches and cyberrisks, depending on the particular coverage terms and exclusions in the individual policy. Coverage may be provided by the following types of policies: commercial general liability; first-party property and business interruption; directors and officers or errors and omissions; crime; kidnap, ransom and extortion. Insurance companies, however, have been fighting their obligations to pay claims for cyber-related loss under such traditional insurance policies. A major insurer recently sued a corporate policyholder in New York, asking the court to rule that traditional insurance policies do not cover a series of high-profile data breaches, cyberattacks and cyberrisks.

Making a Claim for Coverage If a cyberevent occurs, such as a data breach, then it is vital that risk managers, technology managers and privacy managers work together to seek recovery under all potentially available insurance policies. It is recomended that policyholders send notice of the claim or occurrence to all potentially applicable insurers, whether under a special cybersecurity policy or under the more traditional forms of insurance. After an insurance claim is tendered to insurers, they may raise various defenses to coverage. Companies, however, should not assume that such defenses will defeat coverage. Whether an event is covered will often depend on careful analysis of the specific policy language involved, the facts of a company’s particular losses and the law of the applicable jurisdiction. Insurance carriers may take a hard line regarding the application of the exclusions in their policies. For example, under certain insurance policies, there is coverage for property damage and insurers have asserted that there has been no property damage as a result of a cyberattack. Technology managers, however, may be able to assist the company in marshalling evidence to prove that a cyberattack has damaged the company’s computer equipment, or that there has been a loss of use of computer equipment (another way of demonstrating property damage under certain insurance policies). Technology managers should stay involved throughout the insurance recovery process to help assure that any representations and statements about the company’s technology and the cyberevent are accurate and properly characterized.

Beyond in-house technology personnel, companies that have sustained losses due to a data breach or cyberattack should consider speaking with an attorney who represents policyholders and has familiarity with this area. Because of the assistance of such lawyers, some policyholders have been able to obtain substantial recovery even after the insurer initially denied the policyholder’s claim.

Scott Godes and Kenneth Trotter are attorneys with Dickstein Shapiro LLP who devote a significant portion of their practice to the representation of policyholders in complex insurance disputes with insurance companies. They may be reached at godess@dicksteinshapiro.com or trotterk@dicksteinshapiro.com. This information is general and educational and is not legal advice. For more information, please visit www.hospitalitylawyer.com.

Thank you to the Hospitality Upgrade website for permission to use this article.

This article appeared on the Hospitality Upgrade website on 1 October 2011—link to article:

http://www.hospitalityupgrade.com/_magazine/magazine_Detail-ID-694.asp

Disclaimer:

Insurance coverage against cyberattacks and data breaches relating to the hospitality industry and hotels.

Posted on October 22, 2011 by Scott Godes 3 comments

My former colleague, Ken Trotter, and I recently wrote an article titled, “Insurance Recovery for Loss or Liability Arising from Cyberattacks; Obtain and preserve insurance for your company’s protection.” It has been published in Hospitality Upgrade magazine‘s Fall 2011 issue. In the article, we discuss insurance coverage for data breaches, cyber risks, cyberattacks, and cyber events, in light the risks for such events that the hospitality industry, and hotels in particular, face. We discuss coverages for cyberattacks and data breaches against hotels and the hospitality industry under new cyberinsurance policies, and overlapping coverage with other insurance policies for data breaches, cyber risks, cyberattacks, and cyber events. We also discuss involving multiple people within the company to discuss the risks and evaluate the purchase of new insurance and cyberinsurance policies.

Here is a brief excerpt from the article:

It is no secret that the hospitality industry continues to be vulnerable to data breaches and other cyberattacks. . . .

Cybersecurity risks can cause a company to incur significant loss or liability. A data breach could result in the loss of important and sensitive customer information and, in some cyberevents, stolen company funds. Companies also may face liabilities to third parties under statutory and regulatory schemes, incurring costs to mitigate, remediate and comply with the liability under these statutes. Worse still, class action lawsuits have been filed around the country after data breaches, with plaintiffs alleging, among others, the loss of the value of their personal information, identity theft, invasion of privacy, negligence or contractual liability. . . .

Many businesses in the hospitality industry have undertaken important steps to reduce the likelihood of cyberattacks and to protect data and confidential information. Such measures are important, but equally important is understanding what insurance policies those companies have, or could purchase, to cover loss or liability associated with a data breach or other cyberattack. . . .

Disclaimer:

Other People’s Money? Learn About Additional Insured Issues And Indemnification Agreements Teleconference And CLE.

Posted on October 12, 2011 by Scott Godes Leave a comment

Is your company an additional insured under another company’s insurance policies? Does your company issue certificates of insurance? Do you deal with indemnity agreements? Do you know whether indemnity agreements are covered by insurance? Would you like to learn the answers to these questions? Of course you would.

You’d like to hear about this from a commercial litigator and insurance coverage attorneys, wouldn’t you?

Plus, you’d like CLE credit for listening, wouldn’t you?

Well, say no more!

If you’re looking for all of that and more, organized and hosted by my good friends at HB Litigation Conferences, please join me for the:

Additional Insured Issues & Indemnification Agreements Teleconference

Date: October 12, 2011
Time: 2:00-3:40 PM, ET
Price: $169*
CLE Credit: 1.5-2 CLE Credits

Indemnification Agreements

May a company be indemnified for its own negligence?

Additional Insured Coverage

How does a company become an additional insured?

What is the scope of additional insured coverage?

Who pays the deductible?

Is there insurance coverage for contractual indemnity agreements?

Assumption of Liability

How does it differ from an indemnity agreement?

Does it survive a bankruptcy?

3:30 Question and Answer Session

3:40 Adjourn

Faculty
Timothy Delahunt, Esq., Kenney Shelton Liptak Nowak LLP, Buffalo, NY
Scott Godes, Esq., [formerly] Counsel Dickstein Shapiro LLP, Washington, DC
Adam Shienvold, Esq., Eckert Seamans Cherin & Mellott, LLC, Harrisburg

Register Now!

Click to Register.

*This is valid for only one connection per firm/company location. Multiple attendees can listen in to the conference on that one connection for no additional charge (an additional CLE fee of $25 per additional listener will apply for those pursuing CLE credit, names required in advance). If more than one connection is used, you will be billed after the conference $169 per each additional connection used.

Disclaimer:

Note: as a speaker at the conference, I will not be charged a fee related to the conference.

Join me for the “CyberCrime 2011 Symposium: Security in the Age of WikiLeaks – Cybercrime, Espionage & Hacktivism”!

Posted on October 7, 2011 by Scott Godes 2 comments

Sage Data Security is going to host the “CyberCrime 2011 Symposium: Security in the Age of WikiLeaks – Cybercrime, Espionage & Hacktivism.” Sage gives this brief overview of the Symposium:

2011 has been an unprecedented year of data compromise, exposure and harm to organizations large and small. At the CyberCrime 2011 Symposium, you’ll learn what’s being done – and what you can do – to detect, deter, and defeat cybercriminals causing mayhem around the world.

Join us on November 3 and 4 and learn from the experts about the latest threats coming from today’s smart and subversive cybercriminals. You’ll gain essential knowledge to help your organization protect itself – and its customers – against sophisticated malware, spiteful hacktivists, and financially motivated cybercrime.

Now in its second year, the CyberCrime 2011 Symposium is THE must-attend conference for any financial, healthcare or governmental professional involved in operations, compliance, security or information services. Seats are limited – be sure to reserve yours now.

Here are the highlights, from the conference website:

Conference Highlights:

WikiLeaks – Is Any Secret Safe? Lunch session keynote address: Wired.com Senior Editor Kevin Poulsen, the man who broke the WikiLeaks story.

50 Days of Mayhem: What We Can (and Should) Learn from LulzSec – How a small band of “hacktivists” caused (and are still causing) sleepless nights for security professionals around the world…and how we should have been able to stop them.

The Malware Behind the RSA Breach and other Advanced Persistent Threats – Joe Stewart of Dell SecureWorks reveals how the APT/cyber-espionage behind the breach of RSA last spring can be traced back to an attack originating in China.

Respond and Defeat – 2011 Secret Service Cyber Intelligence Update – Learn how the Cyber Intelligence Section (CIS) within the U.S. Secret Service’s Criminal Investigative Division is combatting cybercrime that targets the nation’s financial payment systems and critical infrastructures.

Krebs on Security: ZeuS, Thieves and Money Mules –Award-winning blogger and columnist Brian Krebs returns to the Symposium with the dinner keynote detailing the latest exploits of organized cybercrime.

Learn from the Mistakes of Others: Be Better Prepared to Combat Security Risks to Your Organization – Trends, recommendations and insights from the 2011 Verizon Data Breach Investigations Report.

What You Need to Know Before It Happens to You – An expert panel of forensic, legal and industry experts discuss what it takes to minimize the impact of a malicious external attack, an insider threat, a vendor compromise or an accidental exposure.

I’m a “featured speaker” at the event. My session will be:

Cyber Insurance: Will You Be Covered if Your Company Suffers a Cyber Event?
The price tag on corporate data breaches is soaring. Does Cyber Risk Insurance make sense for your organization? Cyber Insurance policies generally cover third-party liability – e.g. suits filed by customers whose accounts have been hacked; direct costs – e.g. notification letters sent to affected customers; and, increasingly, fines and penalties associated with data breaches. This session will focus on what policy holders should be looking for in Cyber and Data Security Coverage and how to avoid potential pitfalls.

So, please register and join me!

Disclaimer:

Note: as a speaker at the conference, my travel costs will be covered, and I will not be charged a fee to attend the remainder of the conference.

Judy Greenwald quotes me in her Business Insurance article, “Plan ahead to tackle data breaches.”

Posted on September 22, 2011 by Scott Godes 5 comments

In her article, Plan Ahead to Tackle Data Breaches: Response strategy should be in place before problems arise, Business Insurance author Judy Greenwald writes about data breaches, responding to and remediating data breaches, and insurance for data breaches.

The article opens:

Establishing a data breach response plan before a problem occurs will help firms navigate the delicate issue of when they should inform those affected by a breach.

The article discusses incident response plans for dealing with data breaches. Ms. Greenwald quotes some of the luminaries in the area of data breach responses, giving the reader insights from Jon A. Neiditz, John Doernberg, and others who handle data breach preparedness issues. Ms. Greenwald also quoted me in the article, writing:

Scott N. Godes, [formerly] of counsel at law firm Dickstein Shapiro L.L.P. in Washington, said the first thing to do when there is a data breach is “look at your insurance policies, and figure out whom you can notify and from whom you can request coverage right away.” To the extent an insurer agrees to cover the breach, “they can start providing you with resources right away,” he said.

She also put in one of the warnings that I gave. Interested in seeing the warning? And learning more about data breach incident response plans? Then click on over to Plan Ahead to Tackle Data Breaches and read the whole thing.

Disclaimer:

“Protecting Your Company Against Loss or Liability Arising from Cyberattacks”

Posted on September 22, 2011 by Scott Godes 2 comments

My former colleague, Ken Trotter, and I recently wrote an article titled, “Protecting Your Company Against Loss or Liability Arising from Cyberattacks.” It has been published in Hospitality Lawyer‘s September 2011 In-House Counsel Newsletter. In the article, we discuss insurance coverage for data breaches, cyber risks, cyberattacks, and cyber events. We discuss coverages under new cyberinsurance policies, and overlapping coverage with other insurance policies for data breaches, cyber risks, cyberattacks, and cyber events.

We provide an overview of potential coverage under:

First party property policies;
Business interruption coverage and policies;
Commercial General Liability (CGL) policies;
Directors and Officers Liability (D&O) policies;
Errors and Omissions policies; and
Crime and Fidelity policies.

We also give practical considerations when making claims for coverage.

Here is the opening paragraph to the article:

Does your company have insurance policies that will cover data breaches and cyber attacks? The hospitality industry is particularly vulnerable to data breaches and other cyberattacks. According to Willis Group Holdings, a British insurance firm, insurance claims for data theft worldwide jumped 56% last year, with a large number of those attacks targeting the hospitality industry. The report said the largest share of cyber attacks—38%—were aimed at hotels, resorts and tour companies. As just one example of these attacks, computer hackers broke into the computer system of a national hotel chain and stole the guests’ credit card information. This summer, the Secret Service informed the owner of a family-run Italian restaurant that a thief hacked into the communication system between the cash register and the credit card processing company, stole credit card numbers, and then used them to fraudulently make purchases across the United States. Businesses in the hospitality industry will continue to be attractive targets for hackers and data thieves, particularly since they obtain and maintain confidential data from consumers including countless credit card records. There are risks for companies well beyond the possibility of hackers stealing consumer data. Vital corporate data, whether it’s shared on the company’s servers or by third parties, may become inaccessible or even destroyed in a hacker attack. Managing such risk is critical to successful business operations. Read more

Corporate Insurance Blog nominated to Lexis’ Insurance Law Community’s Top 50 Insurance Blogs for 2011!

Posted on September 21, 2011 by Scott Godes 2 comments

I’m honored that that Lexis’ Insurance Law Community has nominated the Corporate Insurance Blog as one of its Top 50 Insurance Blogs for 2011. Here is how Lexis describes the Corporate Insurance Blog:

Corporate Insurance Blog

https://corporateinsuranceblog.com/

Written and Maintained by Scott Godes

This blog is for corporate policyholders, risk managers, and in-house counsel who deal with insurance policies, programs, purchases, renewals, claims, and recovery. It offers a fresh perspective, top notch writing, keen insight, and tackles the tough issues head on.

Thanks, Lexis, for the kind words!

Lexis has explained the process for narrowing down the list of nominees to the 50 final top blogs for 2011. I’d appreciate it if you’d submit a comment in support of the Corporate Insurance Blog. Here’s how Lexis explains the process:

The Top Blogs campaign on the LexisNexis Insurance Law Community will move ahead in several phases. We will start by taking nominations during a comment period that starts today and ends on October 7, 2011. We have gathered a group of initial nominees, which are listed below, and we welcome our Community members to make additional nominations and support their favorite blogs. We will select the Top 50 based on our review of the sites and comments from our Community members.

To “talk up” or nominate your favorite Insurance Law blog, you will need to be a registered Community member and be logged in. If you have not registered previously, follow this link to create a new registration or use your sign in credentials from your favorite social media site. Registration is free! Once you are logged in, scroll all the way to the very bottom of this page. You should see a comment box similar to this one:

Add a comment in the box at the bottom of the page to vote or nominate your favorite blog, and that’s it! If you are having problems registering, click here, or please contact us at ted.zwayer@lexisnexis.com. As a Community Manager, I want to make sure that everyone gets to vote!

We would also appreciate your help with spreading the news about our Top Blogs campaign. Please tell your colleagues and your online groups and networks that our Insurance Law Community is seeking nominations and comments for the Top 50 Insurance Law Blogs so that they can participate in our recognition event. After all, it’s only through input from others that we can continue to maintain the value and quality that our Community relies upon when it searches our Top Blogs for insight and information.

Disclaimer:

Uncategorized

Other People’s Money? Learn About Additional Insured Issues And Indemnification Agreements Teleconference And CLE.

Posted on September 13, 2011 by Scott Godes One comment

You’d like to hear about this from a commercial litigator and insurance coverage attorneys, wouldn’t you?

Plus, you’d like CLE credit for listening, wouldn’t you?

Well, say no more!

If you’re looking for all of that and more, organized and hosted by my good friends at HB Litigation Conferences, please join me for the:

Additional Insured Issues & Indemnification Agreements Teleconference

Date: October 12, 2011
Time: 2:00-3:40 PM, ET
Price: $169*
CLE Credit: 1.5-2 CLE Credits

Indemnification Agreements

May a company be indemnified for its own negligence?

Additional Insured Coverage

How does a company become an additional insured?

What is the scope of additional insured coverage?

Who pays the deductible?

Is there insurance coverage for contractual indemnity agreements?

Assumption of Liability

How does it differ from an indemnity agreement?

Does it survive a bankruptcy?

3:30 Question and Answer Session

3:40 Adjourn

Faculty
Timothy Delahunt, Esq., Kenney Shelton Liptak Nowak LLP, Buffalo, NY
Scott Godes, Esq., [formerly] Counsel Dickstein Shapiro LLP, Washington, DC
Adam Shienvold, Esq., Eckert Seamans Cherin & Mellott, LLC, Harrisburg

Register Now!

Click to Register.

*This is valid for only one connection per firm/company location. Multiple attendees can listen in to the conference on that one connection for no additional charge (an additional CLE fee of $25 per additional listener will apply for those pursuing CLE credit, names required in advance). If more than one connection is used, you will be billed after the conference $169 per each additional connection used.

Disclaimer:

Note: as a speaker at the conference, I will not be charged a fee related to the conference.

Interested in learning more about insurance for technology firms’ outsourcing relationships?

Posted on September 5, 2011 by Scott Godes 2 comments

Julie Davis of Risk Communities asked me to speak with her again about insurance coverage issues for high tech firms. In this video, we talk about insurance coverage for outsourcing relationships, particularly for technology firms. Here is how Risk Communities described the video interview:

The technology industry is rich in its outsourcing relationships. The industry outsources R&D, manufacturing, supply chain management, logistics, product servicing and more.

Due to changes in the economy, many technology firms are in the process of reviewing and re-evaluating their outsourcing contracts. RiskCommunities had the opportunity to interview counsel, Scott Godes, [formerly] Dickstein Shapiro LLP, Washington D.C. on risks associated with outsourcing.

The full video interview, on risk management and outsourcing risks for technology firms, can be found at: http://youtu.be/K1BEz8zPSME

Disclaimer:

Learn about cyber risk, data breaches, and cyber insurance by joining me for the NetDiligence® West Coast Cyber Risk & Privacy Liability Forum!

Posted on August 16, 2011 by Scott Godes 2 comments

It’s been said that 2011 is the year of the data breach and cyber attack. If you’re looking to learn more about data breaches, privacy claims and privacy breaches, health care sector risks, cyber risk insurance coverage, and about state and federal regulations and laws covering data breaches and cyber risks, then you should join me for the NetDiligence® West Coast Cyber Risk & Privacy Liability Forum, organized and hosted by my good friends at HB Litigation Conferences. You can get continuing legal education (CLE) credit, too.

Here are the details:

NetDiligence® West Coast Cyber Risk & Privacy Liability Forum

Date: October 4-5, 2011
Location: The Ritz-Carlton, Marina del Rey, CA
Chairs: Brad Gow, Endurance Specialty Holdings Ltd.;
Anne De Vries, Managing Director, Digital Risk Managers, A division of Wells Fargo Special Risks, Inc.; Christopher Novak, Managing Principal, Verizon Business – Investigative Response; and Ben Beeson, Partner, Global Technology and Privacy Risks Practice, Lockton Companies LLP

Agenda and Speakers

Register Now!

Delegate Rates:
Attorneys: $1,195**
Insurers & Brokers: $895**
Risk Managers and CFOs: $795**
Sitting Judges or Special Masters: FREE

Individual & Group Discounts Available

Please contact Brownie Bokelman at 484-324-2755 x212 or Brownie.Bokelman@litigationconferences.com to discuss these options.

Conference Venue and Hotel Information

The Ritz-Carlton, Marina del Rey is located at 4375 Admiralty Way, Marina del Rey, CA. Attendees should make reservations directly with the hotel by calling 1-800-241-3333 or click here to book online and enter code HBLHBLG. A block of rooms has been reserved for $239/night – mention the HB Litigation Cyber Risk Conference. The cut-off for this rate is September 12, 2011. If you have any questions or need assistance, please contact Cyndy Noonan directly at 484-324-2755 x201 or cyndy.noonan@litigationconferences.com.

Can’t Attend?

You can still benefit from our programs! Audio, video recordings and handbooks are available for our conferences! Individually priced and packaged, each captures the information and insights delivered by our faculty. Hear from experts, gain new perspectives, and learn proven techniques. For more information, click here, call 484-324-2755, or email allison.emery@litigationconferences.com to reserve your copy today!

My session will be:

State of the Cyber Nation Address

Notable recent cases and their impact on this budding litigation area

What plaintiffs’ counsel look for when evaluating new data breach class actions

Current theories of liability and claims alleged

How to present damages in this era?

Considerations to minimize the chance of litigation after a breach and settlement opportunities

More sophisticated defenses

Identity Theft Restoration Act-suing hackers?

How federal courts may change the game

Meredith Schnur, Wells Fargo Insurance Services USA, Inc.(Moderator)

Jon Lambiras, Berger & Montague, PC

John Mullen, Sr., Esq., Nelson Levine de Luca & Horst, LLC

Scott Godes, Esq., [formerly] Dickstein Shapiro

Disclaimer:

Note: as a speaker at the conference, I will not be charged a fee to attend the remainder of the conference.

Join me for “Revisiting Policy Limits,” part of HB’s “Asbestos Insurance Litigation Audiocast” CLE

Posted on August 2, 2011 by Scott Godes 2 comments

On August 10, 2011, from 1:00 pm to 3:30 pm (Eastern), my friends at HB Litigation Conferencesare hosting a CLE teleconference: “Asbestos Insurance Litigation Audiocast.” It is going to be a great event. I’m going to be speaking at 1:00 pm, presenting with Jack Gerstein on a panel titled, “Revisiting Policy Limits.” You can review the entire agenda by clicking here (PDF). You’ll get either 3 or 3.5 CLE credits, depending on your jurisdiction.

My presentation will include a discussion about the following points, in the context of insurance coverage for asbestos claims:

• The impact of products hazard versus premises/operations (non-products) claims
• The impact of the number of occurrences
• The impact of additional insureds
• Issues relating to annualized limits
• Types of actions – from Wellington arbitrations to claims alleging misrepresentation

To register, you can download the Registration Form (PDF) and mail/fax/email it to HB Litigation Conferences, complete the online form, or e-mail or call Brownie Bokelman at 484-324-2755 x 212 to register.

Disclaimer:

Note: as a speaker at the conference, I will not be charged a fee to attend the remainder of the conference.

Podcast on D&O insurance, cybersecurity, cyber liabilities, privacy class actions, and insurance: “Executive Summary Webinar Series: What You Need to Know Before You Walk Into the Boardroom (July 2011)”

Posted on August 1, 2011 by Scott Godes 2 comments

I recently joined Priya Cherian Huskins and Lauri Floresca of Woodruff Sawyer & Co. to discuss D&O insurance, cyberinsurance, and insurance coverage for privacy issues, data breaches, cyberattacks, denial-of-service attacks and more. Lauri and Priya gave an overview of the D&O insurance marketplace, including changes in pricing, availability of limits, and new insurance policies and insurance products. Then we shifted gears and talked about cybersecurity, cyber liability, and insurance coverage for cybersecurity risks. We touched on the latest data breaches, privacy claims and class actions, and other cyber incidents to have hit the news and discussed the related insurance coverage issues. The audio and supporting materials (that Woodruff Sawyer prepared) have been put online as a podcast and supporting PDF, so that you listen, in case you missed the live presentation.

To listen to this podcast, click here.

To view a pdf of the presentation, click here.

If you missed it, here was the original announcement:

Date and Time

Tuesday, July 19, 2011

Webinar

11:00 AM – 11:30 AM PST

This webinar is offered free of charge.

Visit Us At:

Woodruff-Sawyer & Co.

50 California St., 12th Fl.

San Francisco, CA 94111

Before you walk into your next board meeting, what do you need to know when it comes to current D&O liability issues? The “Executive Summary” is Woodruff-Sawyer’s webinar series for CFOs, GCs, Controllers and others who work with boards of directors. The upcoming session will feature a conversation with Woodruff-Sawyer’s Priya Cherian Huskins and Lauri Floresca, both nationally-recognized insurance experts, and Scott Godes [formerly] of Dickstein Shapiro.Scott [was] the co-leader of Dickstein Shapiro’s Cyber Security Coverage Initiative. Areas of Discussion

D&O Market Update
D&O Litigation Update

– Newest numbers on D&O suits
– Latest on Supreme Court rulings

Lessons from Sony & Citi: What boards should be asking about cyber liability

– Updates on the recent high-profile data security breaches
– Understanding the impact of California’s recent Supreme Court zip code decision
– What should boards do to mitigate cyber risks?

Click here to register for this webinar.

For questions, please email seminar@wsandco.com

Woodruff-Sawyer is one of the largest independent insurance brokerage firms in the nation, and is an active partner of International Benefits Network and Assurex Global. For over 90 years, Woodruff-Sawyer has been partnering with clients to implement and manage cost-effective and innovative insurance, employee benefits and risk management solutions, both nationally and abroad. Headquartered in San Francisco, Woodruff-Sawyer has offices throughout California and in Portland, Oregon. For more information, call 415.391.2141 or visit www.wsandco.com.

Disclaimer:

« Older Entries Recent Entries »

Author Archives: Scott Godes

Rate this:

Share this:

Rate this:

Share this:

The Value of Attending

Cyber Attacks and Privacy Claims: Litigation, Insurance and Crisis Management

Rate this:

Share this:

Rate this:

Share this:

Managing the Risk and Impact of Data Breaches without Disrupting Business Innovation and Growth

Rate this:

Share this:

The essential forum that shapes the future of bad faith litigation strategies for leading outside counsel, in-house counsel and claims examiners in the insurance industry

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Register Now!

Rate this:

Share this:

Conference Highlights:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Register Now!

Rate this:

Share this:

Rate this:

Share this:

Delegate Rates: Attorneys: $1,195** Insurers & Brokers: $895** Risk Managers and CFOs: $795** Sitting Judges or Special Masters: FREE

Individual & Group Discounts Available

Conference Venue and Hotel Information

Can’t Attend?

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Delegate Rates:
Attorneys: $1,195
Insurers & Brokers: $895
Risk Managers and CFOs: $795**
Sitting Judges or Special Masters: FREE