Category Archives: Computer Fraud

Please check out: “5 Tips For Reviewing And Buying Cyberinsurance.”

Posted on by 3 comments

Highway Signpost "Cyber Attack"Law360 published an article that I wrote with tips for buying and reviewing cyberinsurance, with special tips for retailers who are considering buying or reviewing cyberinsurance policies.

The article is “5 Tips for Reviewing and Buying Cyberinsurance.”  With the recent rash of cyberattacks, data breaches, and other incidents affecting retailers around the country, it is a good time to turn a careful eye to insurance for cyber and privacy risks.  After a privacy, cybersecurity, or data breach incident, retailers may face a host of issues as a result of those incidents.  The issues may include individual consumer claims, putative class actions, federal and state investigations and regulatory inquiries, and demands from banks, credit card brands, and/or credit card processors.

The introduction to the article reads:

It seems that the cybersecurity was all over the news in 2013, and in 2014, retailers cannot escape the potential of a data breach. In fact, it’s been reported that six further retailers may be suffering data breaches and cyberattacks, beyond the two big retailers that were in the news over the holiday season. If you already have forgotten about your personal New Year’s resolution, consider one for your business: understanding your insurance policies with a view toward coverage for cyber risks.

If you are interested in some take aways regarding your cyberinsurance program, including considerations relating to Payment Card Industry Council compliance (“PCI compliance”), account data compromise events (“ADC events”), case management fees, operational fraud demands, operational reimbursement demands, and more, please take a look at the entire article.  Please check out “5 Tips for Reviewing and Buying Cyberinsurance.”

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2014.

Rodd Zolkos and Bill Kenealy quote me in their article, “Target tested by holiday credit card data breach.”

Posted on by One comment

Credit card readerRodd Zolkos And Bill Kenealy wrote an article for Business Insurance discussing the alleged data breach that Target Corporation suffered in late 2013, titled, “Target tested by holiday credit card data breach.”

The lede is:

The Target Corp. data breach that exposed 40 million shoppers’ debit and credit card account information has caused lawsuits, state and federal investigations and potential company reputation damage, while raising fresh concerns among other businesses about the worsening risk of cyber attacks.

Rodd and Bill were kind enough to quote me in the piece.  I discuss risk management, cyber security, and insurance coverage for cyber risks.  You may have to register with Business Insurance to see that part of the article.  Other people who work on cyber security and cyber risk questions were cited in the piece as well, and contain comments as to whether PCI-DSS certification, and certification as being PCI compliant, can prevent all cyber attacks and data breaches.

The article has interesting points for risk managers, in house counsel, compliance, and IT personnel.  Please click on over and read the entire piece.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2014.

Please check out: “Cyberattacks and Insurance Coverage.”

Posted on by 2 comments

The Policyholder Informer blog of the insurance coverage and insurance recovery practice of my former firm, Dickstein Shapiro LLP, is featuring a post that I co-authored with my former colleague Brian Finch.  Brian is a partner and the practice leader for our firm‘s Global Security practice.

The post, which is found via the Internet Archive, is “Cyberattacks and Insurance Coverage.”  The introduction to the post reads:

Most everyone agrees that the cyber threat is real at this point.  The recent release of a report alleging that individuals in China engaged in a sustained campaign of cyberattacks against the United States only served to drive this point home.  All of this information has naturally intensified the debate in Washington, DC on what to do regarding cybersecurity.  Congress is continuing its years long back and forth about whether to impose regulations on sectors of the economy, and the White House has issued an Executive Order to create a voluntary program to encourage companies to practice better cybersecurity.

The post discusses risk management and the idea of threat elimination in the context of cybersecurity, as well as insurance coverage for cyberrisks.  It provides a brief overview of the insurance marketplace for cyberinsurance and refers to recent decisions finding coverage for cyberrisks under other insurance policies, including a crime insurance policy with a computer fraud rider.  Please check out the entire post by clicking here.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2013.

Please check out: “The Alleged LivingSocial Hack and Data Breach Highlights Importance of Insurance for Cyberrisks.”

Posted on by 2 comments

The Policyholder Informer blog of the insurance coverage and insurance recovery practice of my formerComputer security concept firm, Dickstein Shapiro LLP, had featured my post, “The Alleged LivingSocial Hack and Data Breach Highlights Importance of Insurance for Cyberrisks.”

The introduction to the post read:

On April 26, 2013, there were reports that LivingSocial had been hacked and suffered a data breach. A page on LivingSocial’s website stated: “The information accessed includes names, email addresses, date of birth for some users, and encrypted passwords — technically ‘hashed’ and ‘salted’ passwords.” CNNMoney reported that data for more than 50 million customers may have been accessed. With similar data breach events taking place seemingly with more frequency, it is critical that entities understand whether they have insurance that provides coverage for such risks.

The post provided details of insurance coverage for data breaches and hacks.  It discusses cyberinsurance, crime insurance, CGL insurance, and other insurance policies, and whether and how they could provide insurance for data breaches.  The entire post has been archived by the Internet Archive Wayback Machine, and may be found by clicking here.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2013.

Please check out my VentureBeat article, “Risky business: How cloud tech & mobile workers add up to an insurance nightmare”

Posted on by 2 comments

Cloud Computing on TabletVentureBeat recently published an article that I wrote regarding the cloud and insurance coverage for cloud-based risks.  I discuss the rise of cloud computing within the enterprise, including the use of personal cloud providers by employees that bring their own device (BYOD), potential risks related to the cloud, and insurance coverage for cloud-based risks.  I discuss whether and what types of insurance policies might cover cloud-based risks.  I also give tips on what companies should consider when purchasing insurance policies for cloud-related risks.

If you are interested in reading the entire article, please click here.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2013.

myspace profile views counter

Please join me for the January 11, 2013 Delaware Valley RIMS Chapter Meeting: “Cyber Risk Management and Control”

Posted on by 2 comments

Please join me for a luncheon hosted by the Delaware Valley chapter of RIMS on Friday, January 11, 2013:  Cyber Risk Strategies Meeting.

Here are the details that the Delaware Valley chapter of RIMS has postedCybersecurity about the meeting:

Every day the media reports another major cyber breach. No person or corporation is immune. And the inevitable class action privacy breach lawsuits follow. The trend among courts and government regulators has been to allow these suits to proceed to discovery and beyond. The associated costs are increasing exponentially. Become better informed by a debate on cyber risks and litigation, crisis management, loss control, the applicability of insurance and cyber risk strategies by joining us on January 11, 2013 at Aramark’s Philadelphia office.

The panelists will be Scott Godes [formerly] from Dickstein Shapiro and Richard Bortnick [formerly] from Cozen and O’Connor. Scott Godes [was] counsel in the Insurance Coverage Practice and focuses on representing corporate policyholders in insurance coverage disputes. He is a seasoned litigator who has extensive experience in trying complex insurance coverage disputes, including class actions, in state, federal, bankruptcy, and appellate courts, as well as in commercial arbitrations. He [was] co-leader of the firm’s Cyber Security Insurance Coverage Initiative.

Richard Bortnick, from Cozen & O’Connor is a member resident in Cozen O’Connor’s Philadelphia office. He litigates and counsels U.S. and international clients on cyber and technology, directors’ and officers’ liability, securities fraud, professional liability, insurance coverage, products liability, and commercial litigation cases. He also drafts professional liability insurance policies of varying types, including Cyber/Tech policies, and is co-publisher of the cyber industry blog, Cyberinquirer.com.

Moderating the discussion will be Art Boyle, Vice President of Enterprise Risk at Radian Group.

Here are the time and location details:

DATE:  Friday, January 11th from 8:00 AM – 10:00 AM
LOCATION:  Aramark office, Center City, Philadelphia

Please be sure to join us!  Click here to register.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2013.  As a presenter, I will not be charged a fee to attend the meeting.

“Cybersecurity: Does Your Company Have Insurance For Claims Arising Out Of An Alleged Data Breach?”

Posted on by 2 comments

HospitalityLawyer e-magazine recently published an article that my former colleague, Ken Trotter, and I wrote regarding insurance coverage for data breaches and cybersecurity risks.  It’s in the November 2012 edition of the magazine.  We discuss risks relating to data breaches, cybersecurity, and privacy, as well as what insurance might apply to provide coverage for those risks.  The article is focused on cyberrisks and insurance coverage for the hospitality industry.

The article’s lede is:

Cybersecurity risks, including data breaches, are among the most significant risks facing any company in the hospitality industry that receives what may be characterized as personally identifiable information, including credit card information.  When hackers, rogue current or former employees, or others steal or otherwise gain access to such personally identifiable information, the data breach may expose the company to liabilities under statutory and regulatory schemes and to third parties, resulting in significant costs to mitigate, remediate, and comply with the obligations arising out of the liabilities.

We then discuss insurance coverage for data breaches, cybersecurity risks, and other privacy-based risks.  We analyze coverage under commercial general liability (CGL) insurance policies and crime insurance policies, and provide comments and pointers regarding the scope of coverage under cyberinsurance policies.

If you are interested in reading the entire article, please click here and check out the article starting on page 8.

An archived version of the article, via the Internet Wayback machine, may be found here.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2014.

myspace profile views counter

Bibeka Shrethsa quotes me in her article, “6th Circ. DSW Ruling Reveals New Data Breach Coverage Path”

Posted on by 4 comments



In her article, 6th Circ. DSW Ruling Reveals New Data Breach Coverage Path, author Bibeka Shrestha writes about a recent ruling from the United States Court of Appeals for the Sixth Circuit.  The decision, Retail Ventures, Inc. v. National Union Fire Insurance Co. of Pennsylvania, — F.3d —, No. 10-4576/4608, slip op. (6th Cir. Aug. 23, 2012), affirmed the trial court ruling[1] that there was coverage relating to a data breach under a crime policy.  Specifically, the court found coverage under the Computer Fraud and Funds Transfer endorsement in the National Union insurance policy.

The article opens:

The Sixth Circuit’s Thursday ruling that a computer fraud rider in DSW Inc.’s crime insurance policy covers losses from hackers’ theft of customer credit card data shows that policyholders without cyber policies can turn to yet another common policy to score data breach coverage, experts say.

The article then explains that the appellate court affirmed the trial court’s ruling “The appeals court upheld a ruling that AIG Inc. subsidiary National Union Fire Insurance Co. of Pittsburgh, Pa., owed $6.8 million to cover a slew of losses the popular shoe retailer suffered after hackers lifted the credit card and checking” information related to customers and multiple stores.  Ms. Shrestha quotes me in the article, in which I opined that this should be a very helpful decision for getting coverage for data breaches.  You can see the quote and the rest of the article, after the jump, and the full content is available if you or your firm subscribe to the Insurance Law360 site and its content.

Want to read the other opinions and thoughts offered on the subject?  Then click on over to 6th Circ. DSW Ruling Reveals New Data Breach Coverage Path to read the entire article.

1 I’ve referenced the excellent trial court decision in multiple pieces that I’ve written about insurance coverage for data breaches, with this article specifically discussing the trial court ruling.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2012.