Category Archives: Cloud computing

Rodd Zolkos and Bill Kenealy quote me in their article, “Target tested by holiday credit card data breach.”

Credit card readerRodd Zolkos And Bill Kenealy wrote an article for Business Insurance discussing the alleged data breach that Target Corporation suffered in late 2013, titled, “Target tested by holiday credit card data breach.”

The lede is:

The Target Corp. data breach that exposed 40 million shoppers’ debit and credit card account information has caused lawsuits, state and federal investigations and potential company reputation damage, while raising fresh concerns among other businesses about the worsening risk of cyber attacks.

Rodd and Bill were kind enough to quote me in the piece.  I discuss risk management, cyber security, and insurance coverage for cyber risks.  You may have to register with Business Insurance to see that part of the article.  Other people who work on cyber security and cyber risk questions were cited in the piece as well, and contain comments as to whether PCI-DSS certification, and certification as being PCI compliant, can prevent all cyber attacks and data breaches.

The article has interesting points for risk managers, in house counsel, compliance, and IT personnel.  Please click on over and read the entire piece.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2014.

Please join me for: “Cyber Security Liability and Privacy: When a Breach Happens.”

cybersecurityI’m excited to present on cybersecurity and insurance coverage issues to emerging growth companies at a live seminar on Thursday, November 7, 2013, from 8:30 am to 10:30 am.  It will be at bwtech@UMBC North : 5520 Research Park Dr, St 110, Baltimore, MD 21228.  The seminar is:

 

Cyber Security Liability and Privacy: When a Breach Happens

CYBERInnovation Briefings

Here are the details from the website announcement:


Cyber Security Liability and Privacy: When a Breach Happens – Who’s Liable, Who’s Responsible

As cyber attacks plague critical infrastructure, financial institutions, and the federal government, liability and privacy remains a growing concern. With losses mounting and sensitive information being leaked several questions remain unanswered – who’s liable, who’s responsible, what are enterprises doing to protect their customers?

We’ll discuss cyber security liability, privacy, and insurance issues.  We’ll also explore some of the basic coverages offered under insurance policies for cyber and privacy risks, provide details on claims that have been covered, discuss the costs for these insurance products, provide an overview of data breach claims and litigation, cyber forensics, and more.

My panel will include:

Event Info
event type Workshop/Training
posted October 16, 2013
sponsor bwtech@UMBC
share
add to calendar

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2013.

Note:  as a speaker at the conference, I will not be charged a fee to attend the conference.

myspace profile views counter

Join me for ACI’s 7th Cyber & Data Risk Insurance Conference!

cybersecurityAre you looking for a conference discussing insurance coverage for cyber and data risk issues, “that provides the highest level insights on advancements in technology, products, pricing, coverage options, prevention strategies and more”? And do you want a conference that gives you the chance to earn CLE credit while hearing from “enforcement and regulatory initiatives straight from the federal and state agencies“?  Of course you do.  Then you should join me for the American Conference Institute 7th Cyber & Data Risk Insurance conference.

Here are some introductory details:

Cyber & Data Risk Insurance

Monday, September 30 to Tuesday, October 01, 2013
In response to new risks and exposures, American Conference Institute has developed the 7th installment of its lauded Cyber & Data Risk Insurance conference. A September tradition in NYC, join us to hear from a highly regarded faculty including the FTC, DOJ, SEC, FDIC, various state AG offices, as well as the industry’s leaders from around the country. Each year the event has grown in scope and size and this year the agenda is brimming with cutting edge topics and new additions to the faculty. This is the “go to” event where you can learn about advancements in technology, products, pricing, coverage options, prevention strategies and more.

Hear and network with the industry leaders about the right coverage options for your company and how you can protect data from financial and reputational loss. Compare products, and learn about pricing policies and new exposures to risk in this ever growing industry. Whether you are an insurance agent, broker, risk adjuster, claims manager, and/or counsel you will walk away from the conference with invaluable information that you can use in your practice right away.

My panel will be:

September 30, 2013, 9:35 am Eastern

State of the Market: New Exposures, Coverage Options, Claim Trends and Risk Evaluation, Pricing and Selling, and What Policyholders Should Now Be Looking for in a Policy

Graeme Newman
Marketing Director
CFC Underwriting

Adam Sills
Vice President
Allied World National Assurance Company

Scott N. Godes
Partner
Barnes & Thornburg LLP

Erica Davis
Vice President – Senior Advisory Specialist
Underwriting Manager
Zurich North America, Specialty E&O

Scott Kannry
Vice President
Financial Services Group | Professional Risk Solutions
AON

Maria Treglia
Chief Sales Officer, SVP-Professional Liability
Program Brokerage Corp.

New Exposures & Coverage Options

  • How has the market evolved and how have forms changed in the last 12 months?
  • Where will the coverage head in the next 12 months and what are the most significant issues that need to be addressed?
  • Network security and privacy policies: how they are changing and what are the different carrier approaches

Insurance and Policy Forms

  • Examining the issue of lack of uniform forms
  • How more forms are offering built in media liability exposure What Policyholders Are and Should be Looking For in a Cyber Policy
  • What liability and fi rst-party coverages are desirable?
  • Identifying and understanding pitfalls in coverage
  • Reasons companies have or have not bought coverage
  • How standards are evolving in response to new technology threats
  • Consumer redress: when is it covered and when not?
  • Filling in the coverage gap: Understanding the disconnect in what is purchased and what is actually covered

Key Considerations for Cyber Liability Coverage

  • Understanding of the products and their variety in the market
  • What is the effect of expanded risk on insurance coverage?
  • Evaluating risk and how the clients wants to proceed
  • Clarifying confusion as to whether a cyber liability product should be stand alone or better built as an existing product or endorsement

Pricing, Selling and Marketing Cyber Risk Policies

  • Pricing of network security and privacy policies
  • Examining the competitive marketplace and how various types of coverage are formulated and priced
  • Where do brokers see the coverage going and what are the most significant issues that need to be addressed?
  • Tailoring the product to accommodate a buyer’s needs: privacy issues; media exposures; cyber crime; security breaches
  • Marketing and selling coverage

Please register here:
Register Now

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2013.

Note:  as a speaker at the conference, I will not be charged a fee to attend the remainder of the conference.

myspace profile views counter

Please check out my VentureBeat article, “Risky business: How cloud tech & mobile workers add up to an insurance nightmare”

Cloud Computing on TabletVentureBeat recently published an article that I wrote regarding the cloud and insurance coverage for cloud-based risks.  I discuss the rise of cloud computing within the enterprise, including the use of personal cloud providers by employees that bring their own device (BYOD), potential risks related to the cloud, and insurance coverage for cloud-based risks.  I discuss whether and what types of insurance policies might cover cloud-based risks.  I also give tips on what companies should consider when purchasing insurance policies for cloud-related risks.

If you are interested in reading the entire article, please click here.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2013.

myspace profile views counter

Matt Dunning quotes me in his article, “Risk management strategy must be in place before moving data to the cloud.”

Cloud computingMatt Dunning wrote an article for Business Insurance discussing potential risks and risk management techniques that companies consider when making the move to the cloud.

The lede is:

Companies using cloud computing to supplement or replace in-house data storage systems without a cohesive risk management strategy can expose themselves to substantial financial losses and reputational harm, cyber risk experts say.

Matt was kind enough to quote me in the piece.  I discuss insurance coverage for the cloud and cloud-based risks.  You may have to register with Business Insurance to see that part of the article.

The article has interesting points for risk managers, as well as compliance and IT personnel that are considering moving data, software, operations, or more to the cloud.  Please click on over and read the entire piece.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2013.  As a presenter at the conference for Business Insurance, I was not be charged a fee to attend the meeting.

Matt Dunning quotes me in “Cloud-based storage greatly increases cyber security exposures: Panel.”

2013 Risk Management SummitThis week, I was a speaker at the Business Insurance Risk Management Summit. My session addressed cloud computing issues.  Here’s the write up from the agenda:

Cloud Computing — Cloud computing offers opportunities for efficiency and cost savings but can introduce a host of risks in areas such as information security, reputation, business interruption, jurisdictional issues and regulation and compliance. This session will focus on the nature of the exposures associated with cloud computing services and how to address the risks looking at such mitigation areas as risk management, contractual issues and insurance coverage options.

Matt Dunning wrote an article that details the tips that our panel, and the prior presenter, Emily Cummins, gave to risk managers regarding cloud computing.  We summarized the risks and opportunities related to the cloud, and gave takeaways that could be put to use after the conference ended.  Matt quoted me in the piece:

Panelists said that while reported incidents of cloud-based data breaches have been scarce among manufacturers, software companies, communications firms and financial institutions, risk managers should not assume the technology can be implemented easily or without thorough risk analyses and data security control tests.

“There may have only been a few breaches so far, but risk managers have jobs and attorneys have jobs because the world continues to change,” said Scott Godes, a Washington-based attorney [formerly] at Dickstein Shapiro L.L.P.

The article has helpful pointers for risk managers considering moving their data, applications, or infrastructure to the cloud.  Be sure to click on over and read the entire piece.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2013.  As a presenter, I was not be charged a fee to attend the meeting.

Please join me for the March 5 and 6, 2013 Business Insurance Risk Management Summit.

2013 Risk Management SummitI am happy to announce that I will be a speaker at the Business Insurance Risk Management Summit, March 5 & 6, 2013.  It will be held at the Westin Grand Central in New York City. I hope that you will join me for this exciting event.

The two day conference is designed to serve the information and networking needs of senior risk managers from the largest US and Global companies.

As Business Insurance explains:

The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry leaders.

My session, from 2:30 – 3:30 pm on March 5, will address cloud computing issues.  Here’s the write up from the agenda:

Cloud Computing — Cloud computing offers opportunities for efficiency and cost savings but can introduce a host of risks in areas such as information security, reputation, business interruption, jurisdictional issues and regulation and compliance. This session will focus on the nature of the exposures associated with cloud computing services and how to address the risks looking at such mitigation areas as risk management, contractual issues and insurance coverage options.

Please be sure to join us!  Registration for the Risk Management Summit is now open.  If you are a Risk Manager at a Fortune 1000 or higher company, a former Business Insurance Risk Manager of the Year, a former Business Insurance Risk Manager of the Year Honor Roll member, or a Risk Executive at a privately-held company with revenues in excess of $2.5 billion, please register for the Summit here.  Additional registration categories are available, please review the information provided in the Registration Link to see if you qualify.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2013.  As a presenter, I will not be charged a fee to attend the meeting.

Join me for the ABA Insurance Coverage Litigation Committee’s 2013 Annual CLE Seminar in Tucson, Arizona!

Tucson skyline and Catalina Mountains at duskWinter got you down?  Want to get away to someplace warm and dry?  Do you want to learn about insurance coverage, mingle with insurance coverage practitioners, and get continuing legal education (CLE) credits while you are enjoying the weather?  Of course you do.  Insurance coverage is crucial at any time, and you know that insurance coverage during the economic downturn is essential.  And if you are an attorney licensed in a jurisdiction that requires CLE credits, aren’t you always on the lookout for high quality legal education seminars that will help you meet your CLE annual requirements?

If you said yes to any of those questions, then you’ll want to join me in Tucson, Arizona at the Loews Ventana Canyon Resort for the ABA’s 2013 Insurance Coverage Litigation Committee (ICLC) CLE seminar, from February 28 through March 2, 2013 in Tucson, Arizona.

Here’s what the ABA ICLC says about the seminar:

Please join the nation’s top insurance and policyholders’ counsel and other industry leaders at the Insurance Coverage Litigation Committee’s 25th Anniversary CLE Seminar at the Loews Ventana Canyon Resort in Tucson, Arizona starting on February 28 through March 2, 2013. This year’s program will feature high-quality presentations and valuable networking opportunities as prior ICLC programs. Our program chairs Suzan Charlton and Rahul Karnani and vice chairs, Anna Torres and Jim Cooper have put together a great program touching on multiple hot topics that are sure to touch upon your practice, and cutting edge trial techniques. Please look for the brochure shortly and be sure to reserve you room quickly.  If you missed last year’s meeting, you will certainly enjoy the amenities at the Loews including its hiking trails, pool side bar and restaurant, spa and golf course.  We look forward to seeing you in Tucson.

You ABA Section of Litigation Insurance Coverage Litigation Co-Chairs,

Ronald L. Kammer and Sherilyn Pastor

I will be speaking at a roundtable discussion about cyber legislation and regulation, and insurance coverage for those issues.  Will we discuss issues such as the Securities and Exchange Commission’s (SEC) Corporation Finance’s Disclosure Guidance Topic No. 2, Cybersecurity and insurance coverage in light of that guidance?  Come to the session and find out!:

Friday, March 1, 2013
12:35 pm – 2:00 pm

Cyber Legislation and Regulation: The Full Employment for Lawyers Acts.

Speakers:

Scott N. Godes

Rick Bortnick

Elissa Doroff

Interested in attending?  Then head on over to the ABA’s website to register.  If you’re looking for the reservations page for the event on the Loews Ventana Canyon hotel website, you can find it by clicking here.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2013.

myspace profile views counter

Please join me for the January 11, 2013 Delaware Valley RIMS Chapter Meeting: “Cyber Risk Management and Control”

Please join me for a luncheon hosted by the Delaware Valley chapter of RIMS on Friday, January 11, 2013:  Cyber Risk Strategies Meeting.

Here are the details that the Delaware Valley chapter of RIMS has postedCybersecurity about the meeting:

Every day the media reports another major cyber breach. No person or corporation is immune. And the inevitable class action privacy breach lawsuits follow. The trend among courts and government regulators has been to allow these suits to proceed to discovery and beyond. The associated costs are increasing exponentially. Become better informed by a debate on cyber risks and litigation, crisis management, loss control, the applicability of insurance and cyber risk strategies by joining us on January 11, 2013 at Aramark’s Philadelphia office.

The panelists will be Scott Godes [formerly] from Dickstein Shapiro and Richard Bortnick [formerly] from Cozen and O’Connor. Scott Godes [was] counsel in the Insurance Coverage Practice and focuses on representing corporate policyholders in insurance coverage disputes. He is a seasoned litigator who has extensive experience in trying complex insurance coverage disputes, including class actions, in state, federal, bankruptcy, and appellate courts, as well as in commercial arbitrations. He [was] co-leader of the firm’s Cyber Security Insurance Coverage Initiative.

Richard Bortnick, from Cozen & O’Connor is a member resident in Cozen O’Connor’s Philadelphia office. He litigates and counsels U.S. and international clients on cyber and technology, directors’ and officers’ liability, securities fraud, professional liability, insurance coverage, products liability, and commercial litigation cases. He also drafts professional liability insurance policies of varying types, including Cyber/Tech policies, and is co-publisher of the cyber industry blog, Cyberinquirer.com.

Moderating the discussion will be Art Boyle, Vice President of Enterprise Risk at Radian Group.

Here are the time and location details:

DATE:  Friday, January 11th from 8:00 AM – 10:00 AM
LOCATION:  Aramark office, Center City, Philadelphia

Please be sure to join us!  Click here to register.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2013.  As a presenter, I will not be charged a fee to attend the meeting.

Alison Diana cites me in her post, “Insuring the Cloud”

Cloud ComputingIn her post, Insuring the Cloud, author Alison Diana writes about insurance coverage for risks relating to the cloud.  She discusses insurance policies and insurance products available in the marketplace to cover the cloud and risks relating to the cloud.

The post opens:

As cloud becomes more pervasive, many organizations are seeking ways to insure themselves from unexpected downturn. Traditional and new insurers are starting to offer insurance programs designed to protect companies’ information, networks, and operations from cloud failure, a market likely to grow and help spur further adoption of cloud among enterprises.

Insurance companies have struggled with ways to address the business continuity and protection needs of cloud customers.

The article then cites an insurance broker and insurance industry CEO, who work in the area of insurance coverage for cybersecurity, data, privacy, and other cyberrisks, discussing what new offerings are available to corporate insureds and corporate policyholders looking to buy cyberinsurance for the cloud.  She also cites an article from Judy Greenwald at Business Insurance that quoted me discussing cyberinsurance and the cloud.  (You may recall seeing this earlier blog post about the article.)  Citing me, Ms. Diana writes, in part:

Scott Godes [who was] of counsel at law firm Dickstein Shapiro L.L.P. told BusinessInsurance.com (registration required) that he’s seen few, if any, policies that specifically named cloud computing. Typically, he said, liability policies and first-party policies are written to include cloud computing. “Close attention should be paid to when the term ‘computer system’ or ‘computer network’ is defined, if those are the operative terms of what is covered,” he told BusinessInsurance.com.

I stand behind that discussion, and note that I recently have seen a package cyberinsurance policy that did specifically reference insurance coverage for the cloud.  The times, they are a changin’?  As I have written before, the marketplace for cyberinsurance policies may be considered the “Wild West,” so insurance policies, including cyberinsurance policies, should be reviewed carefully.

Want to read the other opinions and thoughts offered on the subject?  Then click on over to Insuring the Cloud to read the entire post.

 

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2012.

Bibeka Shrethsa quotes me in her article, “Insurers Grow Tentative About Coverage For Cloud Users”

Today, Law360 published another great piece about insurance coverage for cyberrisks, and insurance coverage for cloud-based risks in particular.  In her article, Insurers Grow Tentative About Coverage For Cloud Users, author Bibeka Shrestha addresses the issue of the growth of cloud computing, risks with cloud computing, and, perhaps most important, insurance coverage for cloud computing risks.

The article opens:

Insurers are starting to scrutinize coverage for companies using third-party data services, seeing cloud providers as especially vulnerable to hacking attacks, and with cyberpolicy language constantly evolving, attorneys say policyholders should pay closer attention to whether their cloud-related losses would be covered in the event of a breach.

Last year, hackers reportedly used Amazon.com‘s cloud service to launch a cyberattack that compromised the account data of more than 77 million Sony Playstation users. But that much-publicized data breach hasn’t slowed a trend of companies turning to . . .

The article then explains risks relating to cloud computing and insurance-related issues for cloud computing risks.  Ms. Shrestha quotes several people who deal with cloud computing, cyberrisks, cybersecurity questions, data breach issues, and insurance coverage for those risks and potential liabilities.  The article provides helpful information to companies that are buying cyberinsurance policies for cloud-based risks in the cloud.  Ms. Shrestha cites me and my advice multiple times in the article.  She reiterates my advice as to people who may be involved with purchasing cyberinsurance with coverage for the cloud, what coverages well-crafted cyberinsurance policies should include, and whether “additional insured” status may be available to cloud users from cloud providers.  You can see my comments and the rest of the article after the jump, with the full content available to subscribers of the Law360 site and its content.

Want to read the other opinions and thoughts offered on the subject?  Then click on over to Insurers Grow Tentative About Coverage For Cloud Users to read the entire article.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2012.

Please join me for the September 19, 2012 Potomac RIMS Meeting: “Cyber Security Workshop”

Please join me for a luncheon hosted by the Potomac chapter of RIMS on Wednesday, September 19:  “Cyber Security Workshop.”

Here is the meeting topic:

Does Cyber Security seem like a term from Star Wars to you?  Do you not understand the meaning of this field but feel you should??? Join our session and lose sleep no more!

I’ll be joined by Don Nelson, the Director of Information Security Governance for Fannie Mae, and Robert Lowe, who manages the Third Party Due Diligence program for Information Security at Fannie Mae, and also acts as a subject matter expert and supporting resource for strategic initiatives across the enterprise.

Here are the time and location details:

Wednesday, September 19,  2012

Meeting: 11:00 a.m. – 1:30 p.m.
Lunch:    11:30 a.m.

Please be sure to join us!  To register, please click here:  “Cyber Security Workshop.”

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2012.  As a presenter, I will not be charged a fee to attend the meeting.

My Co-Authored Chapter, “Helping Clients Evaluate Their Cyber Risks” Just Published In “Understanding Developments in Cyberspace Law, 2012 ed.”!

I’m happy to announce that the chapter that I co-authored with Mike Tomasulo, who practices intellectual property law in our firm‘s Los Angeles office, was published in “Understanding Developments in Cyberspace Law, 2012 ed.: Leading Lawyers on Analyzing Recent Trends, Case Laws, and Legal Strategies Affecting the Internet Landscape (Inside the Minds) New Edition.”

Here is a brief overview of what’s in the book, Understanding Developments in Cyberspace Law, 2012 ed.: Leading Lawyers on Analyzing Recent Trends, Case Laws, and Legal Strategies Affecting the Internet Landscape (Inside the Minds) New Edition:
This Aspatore legal title provides an authoritative, insider’s perspective on recent cases and legislation that are influencing the Internet. Written by partners from some of the nation’s leading law firms, this book examines current issues such as privacy, intellectual property, and data security. From mobile commerce to social media, these experts analyze the ways in which cyberspace demands new legal perspectives. In addition, these top lawyers discuss e-discovery issues and the best methods for helping clients protect themselves in a rapidly growing electronic environment.
For more information on the entire book, please check out the Summary of Contents.
Here is an excerpt from the introduction to our chapter:

Due to the increasing implementation of connected computer systems, courts and legislators around the world are creating Internet law, also known as cyber law, on a daily basis. . . .  Among many issues in cyber law, property rights are one of the most conceptually challenging issues that attorneys must assist their clients with. . . .

The chapter  discusses multiple cyber-related topics, including:

I.  Trends in Cyberspace Law

II.  Legislation and Rulings Impacting Cyber Law Issues

III.  The Intersection of Insurance and Cyber Risks

IV.  Patent Issues and Litigation in Cyberspace 

V.  Contracting in Cyberspace Media 

VI.  Understanding Cyber Law in Other Jurisdictions 

We conclude the chapter with some key takeaways for companies facing these risks.
Here are more details about the book, click here.  Ordering information is below:
ISBN-13: 9780314285249
Last Updated: 6/29/2012
Availability: In Stock
List Price:
$90.00

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2012.

myspace profile views counter

Susan Kelly quotes me in her article, “Cloudy Coverage? Cyber policies may fall short for cloud computing” in Treasury & Risk.


In her article, Cloudy Coverage? Cyber policies may fall short for cloud computing, author  writes about insurance coverage for cloud computing risks for Treasury & Risk.  She also discusses whether insurance and cyber insurance policies provide coverage for cloud computing risks.

The article opens:

The ability to outsource a company’s technology infrastructure to a third party via cloud computing may seem like a dream come true—until the cloud arrangement breaks down. In April 2011, many Web sites that used Amazon’s cloud services business for hosting went down when Amazon encountered technical difficulties.

The article then discusses insurance coverage for cloud computing risks.  Ms. Kelly quotes me in the article:

One tricky question is the extent to which companies’ insurance covers losses caused by cloud computing problems. Scott Godes, [formerly] counsel at the law firm of Dickstein Shapiro, calls cyber coverage “the Wild West of insurance.”

“It’s a new marketplace . . . .”  . . . Godes notes that it’s rare to see the term “cloud computing” in a cyber policy and advises that companies look carefully at the wording of their policies. “It’s important to pay attention to things like what is the scope of the term ‘network,’” he says. “If that term is written in a way where it could encompass the outsourcing of hosting or support, you have a strong argument that cloud services are covered.”

Want to read the other opinions and thoughts offered on the subject?  Then click on over to Cloudy Coverage? Cyber policies may fall short for cloud computing to read the entire article.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2012.

Business Insurance quotes me in “Risk managers’ expertise valuable in cyber risk efforts”

In the article, Risk managers’ expertise valuable in cyber risk effortsBusiness Insurance writes about managing cyber risks and insurance for those risks.

The article opens:

Most risk managers might not be information technology experts, but they can effectively manage cyber risks by applying their expertise in such areas as contract risks, assessing the value of exposures and communicating the potential impact of exposures across their organizations.

The article provides viewpoints from multiple people who deal with risk management, cyber risk, and insurance issues.  Business Insurance quotes a risk manager, underwriter, and a broker.  Business Insurance also quoted me in the article, writing:

Using last year’s California Supreme Court ruling in Pineda vs. Williams Sonoma Stores Inc. that held that ZIP codes can be considered personally identifiable information in certain cases as an example, “It’s really quite a changing time in terms of what’s out there in terms of risks and what companies’ potential risks and liabilities might be,” said Scott N. Godes, [formerly] of counsel in the insurance coverage practice at Dickstein Shapiro L.L.P. in Washington.

“We now have 46 states with data breach notification statutes. There’s pending legislation in Congress,” Mr. Godes said. In addition, the U.S. Securities and Exchange Commission has produced cyber security disclosure guidance requiring publicly traded companies to disclose their cyber risks to investors and makes those companies’ boards responsible for assessing their exposures and taking appropriate steps to address them, he said.

“Because of the ongoing changes, it’s certainly something companies need to be paying attention to,” he said.

Want to read the other opinions and thoughts offered on the subject?  Then click on over to Risk managers’ expertise valuable in cyber risk efforts to read the entire article.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2012.

Bibeka Shrethsa quotes me in her article, “Companies Eye Data Breach Policies As CGL Exclusions Multiply”


In her article, Cos. Eye Data Breach Policies As CGL Exclusions Multiply, author Bibeka Shrestha writes about insurance coverage for cyber risks, such as hacks and data breaches, and what insurance coverage might be available under commercial general liability (CGL) and other insurance policies, in addition to cyberinsurance policies.

The article opens:

More and more companies, including law firms, are seeking out cyber policies that specifically cover hack attacks, as insurers grow bolder about repudiating coverage for data breaches under commercial general liability policies.

Insurance brokers and underwriters have admitted to providing coverage for cyber losses under general liability policies in the past, according to Scott Godes, [former] co-leader of Dickstein Shapiro LLP’s cyber security insurance coverage initiative.

The article then explains, “But the insurance industry is starting to push back on covering data breaches under these broad policies . . . .”  Ms. Shrestha uses another two quotes from me.  They all are after the jump, and the full content is available if you or your firm subscribe to the Insurance Law360 site and its content.

Want to read the other opinions and thoughts offered on the subject?  Then click on over to Cos. Eye Data Breach Policies As CGL Exclusions Multiply to read the entire article.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2012.

Insurance for Cyber Risks: Coverage Under CGL and “Cyber” Policies

Recently, I gave a presentation, along with Rick BortnickJennifer SmithWilliam T. Um, and Hon. Carl West (Ret.), about cyber risks, privacy class action claims, and insurance coverage for cybersecurity claims, cyber risks, privacy claims and privacy class actions, and other emerging risks.  We discussed these claims and we gave our thoughts about insurance coverage for cyber risks under cyberinsurance policies, as well as under Commercial General Liability policies (CGL), commercial crime policies, first party property and all risks policies, directors and officers policies (D&O), errors and omissions policies (E&O), and more.

As part of the presentation, Jennifer and I submitted a paper, Insurance for Cyber Risks:  Coverage Under CGL and “Cyber” Policies.  A nicely formatted version may be found here, hosted by Lockton.

ABA Section of Litigation 2012 Insurance Coverage Litigation Committee CLE Seminar,

March 1-3, 2012:
Insurance coverage for data breaches, denial of service attacks, and cybersecurity events

Insurance for Cyber Risks:
Coverage Under CGL and “Cyber” Policies

Scott Godes, Esq.
[formerly] Dickstein Shapiro LLP

Washington, DC

Jennifer G. Smith, Esq.
Lockton Companies

Washington, DC

THE RISE IN CYBER RISKS

It may seem like a few years ago, every firm had a Y2K practice, and was prepared to provide advice and counseling about how to handle the anticipated end of the world.  Luckily for society at large, the worst case scenario was not realized.  Just a few years later, the focus on liability and risks as related to computers and network security has changed to another, but far more real, issue:  the risk of data breaches, hacks, network interruptions, and other cyber risks.  The number of data breaches and cyber attacks that companies and other entities have faced has been so widespread and expensive that 2011 was dubbed “the year of the cyber attack.”  A recent PricewaterhouseCoopers report characterized “Cybercrime . . . as one of the top four economic crimes.”

Two of the most well-known cyber risks are cyber attacks and data breaches.  One form of cyber attack is a denial of service incident.  Denial of service attacks may be designed to bring a website or service down, preventing customers from accessing the site or the company’s products or services.  One research and development center has explained that denial of service attacks come in a variety of forms.  The three basic types of denial of service attacks are:

  • consumption of scarce, limited, or non-renewable resources;
  • destruction or alteration of configuration information;
  • and physical destruction or alteration of network components.

Some attacks are comparable to “tak[ing] an ax to a piece of hardware” and may be called “permanent denial-of-service (PDOS) attack[s].”  If a system suffers such an attack, which also has been called “pure hardware sabotage,” it “requires replacement or reinstallation of hardware.”

Another cyber risk, perhaps more widely discussed in the news, is a data breach.  The term data breach is used broadly, usually to describe incidents in which hackers, rogue current or former employees, or others steal or otherwise gain access to personally identifiable information or personal health information.  For example, in Anderson v. Hannaford Brothers Co., the court described a data breach against “a national grocery chain whose electronic payment processing system was breached by hackers . . . [with] hackers [having] stole[n] up to 4.2 million credit and debit card numbers, expiration dates, and security codes . . . .”

In the context of personal health information, “[U.S. Department of Health and Human Services] HHS issued regulations requiring health care providers, health plans, and other entities covered by the Health Insurance Portability and Accountability Act (HIPAA) to notify individuals when their health information is breached.”  HIPAA imposes liability immediately for breaches of certain information by certain parties; the requirements state that the entity “shall” provide notice, and do not make reference to a letter from the government or a lawsuit to enforce the law.  When a “violation is not corrected . . . a penalty” may be imposed that is $50,000 for each violation, up to $1,500,000 in a calendar year, rather than $10,000 and a cap of $250,000.

Setting the legal and enforcement issues aside, consider certain business issues that may motivate an organization to choose  insurance as a risk transfer solution:

  • Loss of assets, brand, and reputation.
  • Investor fallout from uncovered losses with large claim and class action potential.
  • Many functions are conducted by outside vendors and contractors who may lack insurance and assets to respond. What if the vendor makes a systemic mistake? What if they fail to purchase insurance or keep it? What if they are located in a country where this insurance cannot be obtained? What if the policy they purchased denies coverage or has inadequate limits?
  • PCI (credit card industry security standards) compliant companies have had their security compromised from processes lapse, human error, or criminal insider.
  • No system can be designed to eliminate the potential for loss, as people and processes failures cannot be eliminated. Insiders may be perpetrators.
  • Responsibility rests with the data owner from a legal, regulatory perspective, and credit card association operating regulations.
  • Insurance companies have become more aggressive in asserting (even if wrongfully so) that “traditional” insurance may not cover security liability or adequately cover privacy risks.

COVERAGE UNDER CGL POLICIES

Policyholders and insureds facing cyber risks and liabilities would be well served to analyze their entire slate of insurance policies to determine what coverages might apply to such risks.  Indeed, the Division of Corporation Finance of the U.S. Securities and Exchange Commission recently released “CF Disclosure Guidance:  Topic No. 2 – Cybersecurity.”  That guidance, in the context of cyber risks, notes insurance coverage for such risks, stating:  “Depending on the registrant’s particular facts and circumstances, and to the extent material, appropriate disclosures may include: . . . [a d]escription of relevant insurance coverage.”

Is there coverage for cyber risks under a “standard form” commercial general liability (“CGL”) insurance policy, one with insuring agreements drafted by the Insurance Services Office (“ISO”)?  That question is at issue at the time of this writing between Zurich (among other insurance companies) and various Sony entities in litigation.  In 2011, Sony allegedly suffered various cyber attacks and data breaches, with the events allegedly costing Sony nine figures, and leading to multiple putative class action lawsuits against various Sony entities.  Seeking to avoid defending or indemnifying Sony, Zurich filed an action against Sony, seeking declarations that there is no coverage under various CGL policies, among other requests for rulings.

Zurich itself had recognized, in at least one article, that “[t]hird-party liability policies such as Commercial General Liability (CGL) policies provide coverage to a company . . . for data security breaches.”

Standard form CGL policies often provide coverage for personal and advertising injury, bodily injury, and property damage.  “Personal and advertising injury” has several definitions; but for purposes of data breaches and cyber risks, one relevant definition is “[o]ral or written publication, in any manner, of material that violates a person’s right of privacy.”  The term “bodily injury” often is defined as including “bodily injury, sickness or disease . . . including death resulting . . . at any time.”  When analyzing the scope of bodily injury coverage in the context of cyber risks, however, consider whether the definition of “bodily injury” has been expanded to include mental anguish, mental injury, shock, fright, or similar terms.  “Property damage” in standard form CGL policies often includes “[p]hysical injury to tangible property, including all resulting loss of use of that property” and “[l]oss of use of tangible property that is not physically injured,” but often states that “electronic data is not tangible property.”

The leading case addressing these issues held that personal and advertising injury coverage was available for computer- and internet-based class action claims.  In Netscape Communications Corp. v. Federal Insurance Co., the U.S. Court of Appeals for the Ninth Circuit’s brief (and unpublished) opinion, along with the earlier trial court opinion that the Ninth Circuit reversed, illustrates that Netscape Communications Corporation (“Netscape”) was sued in putative class action lawsuits regarding a software program that provided Netscape with information about users’ internet activities and which Netscape used for targeted advertising.  The claimants alleged that Netscape’s program violated the Electronic Communications Privacy Act (“ECPA”) and the Computer Fraud and Abuse Act (“CFAA”).  The court held that “[a]lthough the underlying claims against AOL were not traditional breach of privacy claims, given that coverage provisions are broadly construed, the underlying complaints sufficiently alleged that AOL had intercepted and internally disseminated private online communications.”

With a dearth of cases interpreting publication in the cybersecurity context, it is helpful to consider analogous cases.  In Zurich American Insurance Co. v. Fieldstone Mortgage Co., a leading case on the issue, the insurance company argued “that in order to constitute a publication, the information that violates the right to privacy must be divulged to a third party.”  The court correctly rejected that argument, explaining that “the majority [of circuits] have found that the publication need not be to a third party.”  Other courts have followed the well-reasoned Fieldstone decision, finding that unauthorized access of credit reports meets the publication requirement under the relevant personal and advertising injury provisions.

Those holdings are critical in the context of data breaches.  Data breaches, as noted above, consist of situations in which private information has been publicized to third parties.  Therefore, the basic insuring agreement relating to personal and advertising injury should be considered broad enough to encompass a data breach.

To the extent that CGL policies have broadened definitions of bodily injury, there may be an argument that bodily injury coverage applies to, or (at a minimum) provides a defense for, data breach claims.  For example, one of the class action complaints filed against Sony alleges that “plaintiff and the Class have suffered damages, including, but not limited to, . . . fear and apprehension of fraud . . . .”  Such an allegation could be read as falling within an expanded definition of “bodily injury,” depending on how broadly the definition is written and whether it is construed as being tied to a physical bodily injury from the rest of the definition of the term.

The potential application of property damage coverage may be a more fact specific inquiry in the context of cyber risks.  For those policies excluding “electronic data” from the definition of “property damage,” convincing an insurer that a data breach alone caused covered property damage, or gives rise to a duty to defend under property damage coverage, will be challenging for policyholders and insureds.  Nonetheless, certain cyber attacks may result in property damage in the form of physical damage to tangible property.  For example, certain denial-of-service attacks cause physical destruction or alteration of network components.  If an insured can demonstrate that there were allegations of such damage, or actual evidence of such damage, property damage coverage should apply, as the claim does not implicate software and data alone.

The definition of property damage, in a standard form CGL policy, typically includes “[l]oss of use of tangible property that is not physically injured.”  This phrase presents an opportunity to seek coverage for loss of use of tangible property, such as the loss of use of computers or networks rendered inaccessible or inoperable as a result of a cyber attack.

A real world example is found in the Johns v. Sony complaint.  The putative class alleges that “Plaintiffs seek damages to compensate themselves and the Class for their loss (both temporary and permanent) of use of their PlayStation consoles . . . .”  Those loss of hardware use allegations should be considered loss of use of tangible property for purposes of pursuing and maximizing any insurance recovery.

In Eyeblaster, Inc. v. Federal Insurance Co., the U.S. Court of Appeals for the Eighth Circuit considered a similar set of allegations.  That dispute involved a complaint in which the claimant “alleg[ed] that Eyeblaster injured his computer, software, and data after he visited an Eyeblaster website.”  The court analyzed the scope of property damage coverage.  After determining that one prong of the property damage definition was not met, because the claimant alleged software and operating system damage, without allegations of damage to hardware, the court then considered whether the loss of use of tangible property prong of property damage was met.  The court held that alleged computer freezes, pop-up ads, hijacked browsers, random error messages, slowed performance and crashes, and ads based on past Internet surfing habits constituted property damage in the form of loss of use of tangible property sufficient for coverage under a CGL policy.  Likewise, in State Auto Property & Casualty Insurance Co. v. Midwest Computers & More, an Oklahoma federal district court held that loss of use of a computer system allegations fell within the loss of use of tangible property terms of the policy.

A final note specific to data breaches is the question of coverage for credit monitoring under CGL policies.  Policyholders and insureds should anticipate that insurance companies will assert that credit monitoring costs are not covered under CGL policies.  One such anticipated argument is that credit monitoring does not consist of “damages” “because of” personal and advertising injury, bodily injury, or property damage.  Policyholders and insureds should note that courts have rejected similar insurance company arguments in analogous contexts.  For example, class action plaintiffs have alleged that certain products (such as asbestos or lead paint) cause bodily injury at the cellular level, and, as such, they are entitled to the cost of medical monitoring that would allow said plaintiffs to know whether they will develop a cognizable injury or disease.  For those decisions recognizing the underlying claim alleges a covered claim, those decisions have recognized that medical monitoring costs are “damages” “because of” bodily injury.  That authority should be considered a persuasive basis in response to anticipated insurance company arguments that credit monitoring costs are excluded from coverage.

COVERAGE UNDER “CYBER” POLICIES

No doubt countless side-by-side coverage comparisons have been lost in the land of good intentions trying to delineate the distinctions between CGL, property, and cyber insurance solutions.  There are solid arguments that there is coverage for cyber risks under the insuring agreements within a standard ISO form CGL policy.  Likewise, policyholders have had some success in arguing that coverage may be afforded under the Computer Funds Transfer, Theft or Employee Theft/Dishonesty insuring agreements within a Fidelity and/or Commercial Crime program.  There also are solid arguments that coverage for private companies may provide coverage (specifically entity coverage) for cyber-related losses under a private company Directors & Officers Liability insurance program.  Notwithstanding those solid arguments and favorable case decisions, policyholders found themselves facing denials or in insurance coverage litigation to determine whether a CGL or other insurance policy will cover a data breach or other cyber event.

What is the solution then, for those organizations that are concerned with insurance companies taking aggressive positions as to coverage under CGL or other policies for cyber risks in the wake of a data breach or other cyber event?  Insurance companies now are marketing stand-alone, dedicated insurance policies as being designed to address information risk.  Those insurance policies should provide the solution.

Many refer to this solution as “cyber insurance.”  Cyber insurance is a coat of many colors, with as many product names as there are colors of the rainbow.  Other variations include:  Information Security Insurance, Network Security Insurance, Privacy Insurance, Data Breach Insurance, Network Breach Insurance, Technology Solutions, Cyber-this, Cyber-that (e.g., “plus”, “enhancement”, “solution”), Information Insurance, or, when all else fails, some iteration of Professional Liability or E&O – seemingly irrespective of the buyer’s actual services.  For the purposes of this article and to avoid calling attention to any one particular insurer, we will continue to refer to this solution as “cyber insurance.”

Although the expression “no two forms are alike” may be a stretch under other circumstances, it is painfully, tediously true in the cyber insurance context.  These forms vary vastly from the fundamental structure and scope of the policy to the retention and use of outside experts.  Certain policies are duty to defend policies; others are indemnity policies.  Certain policies have specifically delineated intentional torts drafted into the definition of “personal injury” or “wrongful act”; other policies – perhaps in an effort to avoid changing forms amid rapidly evolving regulations – leave such definitions or insuring agreements rather broadly defined.  Some might even argue “vague and ambiguous.”  Each of these issues, and the many others not listed herein, serves as a reminder to potential buyers to rely on their experts in the search for the best cyber insurance solution for that particular organization.

The core elements of cyber insurance that are unique to this particular insurance solution may include coverage in varying degrees for the following:

  • Network Security Liability
    • Claim Expenses and Damages emanating from Network and non-Network security breaches.
  • Media Liability
    • Claim Expenses and Damages emanating from Personal Injury Torts and Intellectual Property Infringement (except Patent Infringement).
    • Claim Expenses and Damages emanating from Electronic Publishing (website) and some will provide coverage for all ways in which a company can utter and disseminate matter.
  • Privacy Liability
    • Claim Expenses and Damages emanating from violation of a Privacy Tort, Law or Regulation.
    • Claim Expenses and Damages emanating from a violation of a law or regulation arising out of a Security Breach.
  • Privacy Regulatory Proceeding and Fines
    • Claim Expenses in connection with a Privacy Regulatory inquiry, investigation or proceeding.
    • Damages/Fines related to a Consumer Redress Fund.
    • Privacy Regulations Fines.
    • PCI Fines.
  • Privacy Event Expense Reimbursement
    • Expense reimbursement for third party forensics costs.
    • Public Relations costs.
    • Legal.
    • Mandatory Notification Costs (Compliance with Security Breach Notification Laws) and Voluntary Notification Costs.
    • Credit Monitoring.
    • Call Center.
    • Second Security Audits required by Financial Institutions (varies by market).
  • Data/Electronic Information Loss
    • Covers the cost of recollecting or retrieving data destroyed, damaged or corrupted due to a computer attack.
  • Business Interruption or Network Failure Expenses
    • Covers cost of lost net revenue and extra expense arising from a computer attack and other human-related perils.  Especially valuable for computer networks with high availability needs.
  • Cyber-Extortion
    • Covers both the cost of investigation and the extortion demand amount related a threat to commit a computer attack, implant a virus, etc.

Also significant, and perhaps unique to the cyber insurance market, is the rapid rate at which the underwriters have modified and/or enhanced their forms. Issues like contractual liability/indemnification, mandatory versus voluntary notification, and even the defining triggers under the policy(ies) appear to change every 18 months – with new product introductions every six months.  Again, buyers are encouraged to carefully review the different program terms and conditions, so that they can prioritize and weigh their coverage needs against the solutions offered by the underwriters.

Although sorting through various cyber insurance solutions may be a daunting task to first-time buyers, it is worth repeating that insurance companies market this solution as being designed expressly to contemplate information risk, including data privacy and network security.  A properly designed insurance solution may very well pre-empt a difficult explanation to senior management after a cyber loss, a much more favorable position to be in than explaining why the policyholder’s insurance companies have sued the policyholder, simply because the policyholder put the insurance company on notice.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2012.


Join me at the 2012 NetDiligence® Cyber Risk & Privacy Liability Forum.

My good friends at HB Litigation Conferences present:

NetDiligence® Cyber Risk & Privacy Liability Forum
June 4-5, 2012| Hyatt at the Bellevue, Philadelphia, PA

I’ll be a speaker on a panel discussing the “State of the Cyber Nation – Cases, Theories, and Damages”:

State of the Cyber Nation – Cases, Theories, and Damages
•Is actual harm still needed?
•Statutory framework – CMIA litigation, Video Protection Privacy Act, and the Driver’s Privacy Protection Act
•Notable recent cases and their impact
•Current theories of liability and claims alleged
•How to present damages in this era
•How to minimize the chance of litigation after a breach and settlement opportunities
•More sophisticated defenses
•Identity Theft Restoration Act-suing hackers?  How federal courts may change the game
•Medical disclosure cases and how they fit into the mix
•Developments in insurance coverage for cyber and privacy risks

Theodore Kobus III, Esq., Baker & Hostetler LLP (Moderator)
John Mullen Sr., Esq., Nelson Levine de Luca & Horst, LLC
Scott Godes, Esq, [formerly] Dickstein Shapiro
Jamie Sheller, Esq.
, Sheller P.C.
Mark Camillo, Chartis Insurance
Ben Barnow, Esq., Barnow & Associates, P.C.

Take a look at the full agenda by clicking here.  And you can register online by clicking here.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2011.

Note:  as a speaker at the conference, I was not charged a fee to attend the remainder of the conference.
myspace profile views counter

Join me for the IRMI Cyber & Privacy Risk Conference.

IRMI Cyber & Privacy Risk Conference.  Mark your calendar to join us in Baltimore, MD on May 16-17, 2012.

Noted cybersecurity, homeland and national security expert Richard A. Clarke will deliver the keynote address.

Discussing the last IRMI Cyber & Privacy Risk Conference, IRMI notes:

This past July in San Francisco, 100 risk managers, underwriters, agents and brokers attended the first IRMI Cyber & Privacy Risk Conference.

These industry thought leaders came away with a greatly improved understanding of how to identify, contractually transfer, and insure liability risks arising from the use of technology and the Internet in business. Many networking opportunities were provided to build relationships with leaders in cyber and privacy risk management and insurance.

My session will be:

Wednesday, May 16, 10:45 a.m. – 12:15 p.m.

The Cyber Risk Regulatory and Legal HorizonAs the web of laws and regulatory requirements increases, managing the risks of cyber security becomes even more challenging. On top of the multitude of state laws, the SEC recently released reporting requirements and Congress is set to take up a number of bills during 2012. This workshop will provide an overview the range of laws and regulations in place and explore the new legislative developments affecting cyber insurance and risks, as well as the reporting requirements issued recently by the SEC.

Panelists:

  • Scott N. Godes, Counsel in the Insurance Coverage Practice, [formerly] Dickstein Shapiro LLP
  • Jacob Olcott, Principal, Cybersecurity, Good Harbor Consulting, LLC
  • Tim Stapleton, Assistant Vice President and Professional Liability Product Manager, Zurich North America
  • Other Panelists To Be Announced

Interested in attending?  Then head on over to the RIMS 2012 website to register.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2012.

Note:  as a speaker at the conference, I will not be charged a fee related to the conference.

myspace profile views counter

Allen Smith quotes me in his article, “‘Wild West’ of Cyber Insurance Might Cover Spear Phishing, Other Cybercrime.”

In his article, ‘Wild West’ of Cyber Insurance Might Cover Spear Phishing, Other CybercrimeSociety for Human Resource Managementauthor Allen Smith, manager, workplace law content, for SHRM writes about cyber risks and cyber insurance.

The article opens:

The cyber insurance policy market is “a little like the Wild West of insurance,” but cyber insurance might help cover notification and legal costs incurred for data breaches or losses stemming from cybercrime, according to Scott Godes, an attorney [formerly] with Dickstein Shapiro in Washington, D.C., and author of the Corporate Insurance Blog.

In addition to quoting me on cyber insurance, the article also provides viewpoints from multiple people who deal with insurance and cyber risk issues, including Larry Ponemon, chairman of the Ponemon Institute in Traverse City, Michigan,  Ken Goldstein, vice president with Chubb Group Insurance Cos. in Simsbury, Connecticut, Peter Foster, senior vice president with Willis North America in New York, Don Fergus, an independent risk consultant in the Washington, D.C., metro area, and chairman of the ASIS IT Security Council, and Eric Sinrod, an attorney with Duane Morris in San Francisco.

Want to read the other opinions and thoughts offered on the subject?  Then click on over to ‘Wild West’ of Cyber Insurance Might Cover Spear Phishing, Other Cybercrime to read the entire article.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2012.

« Older Entries