Category Archives: Data breach insurance coverage

Please check out: “5 Tips For Reviewing And Buying Cyberinsurance.”

Highway Signpost "Cyber Attack"Law360 published an article that I wrote with tips for buying and reviewing cyberinsurance, with special tips for retailers who are considering buying or reviewing cyberinsurance policies.

The article is “5 Tips for Reviewing and Buying Cyberinsurance.”  With the recent rash of cyberattacks, data breaches, and other incidents affecting retailers around the country, it is a good time to turn a careful eye to insurance for cyber and privacy risks.  After a privacy, cybersecurity, or data breach incident, retailers may face a host of issues as a result of those incidents.  The issues may include individual consumer claims, putative class actions, federal and state investigations and regulatory inquiries, and demands from banks, credit card brands, and/or credit card processors.

The introduction to the article reads:

It seems that the cybersecurity was all over the news in 2013, and in 2014, retailers cannot escape the potential of a data breach. In fact, it’s been reported that six further retailers may be suffering data breaches and cyberattacks, beyond the two big retailers that were in the news over the holiday season. If you already have forgotten about your personal New Year’s resolution, consider one for your business: understanding your insurance policies with a view toward coverage for cyber risks.

If you are interested in some take aways regarding your cyberinsurance program, including considerations relating to Payment Card Industry Council compliance (“PCI compliance”), account data compromise events (“ADC events”), case management fees, operational fraud demands, operational reimbursement demands, and more, please take a look at the entire article.  Please check out “5 Tips for Reviewing and Buying Cyberinsurance.”

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2014.

Advertisements

Rodd Zolkos and Bill Kenealy quote me in their article, “Target tested by holiday credit card data breach.”

Credit card readerRodd Zolkos And Bill Kenealy wrote an article for Business Insurance discussing the alleged data breach that Target Corporation suffered in late 2013, titled, “Target tested by holiday credit card data breach.”

The lede is:

The Target Corp. data breach that exposed 40 million shoppers’ debit and credit card account information has caused lawsuits, state and federal investigations and potential company reputation damage, while raising fresh concerns among other businesses about the worsening risk of cyber attacks.

Rodd and Bill were kind enough to quote me in the piece.  I discuss risk management, cyber security, and insurance coverage for cyber risks.  You may have to register with Business Insurance to see that part of the article.  Other people who work on cyber security and cyber risk questions were cited in the piece as well, and contain comments as to whether PCI-DSS certification, and certification as being PCI compliant, can prevent all cyber attacks and data breaches.

The article has interesting points for risk managers, in house counsel, compliance, and IT personnel.  Please click on over and read the entire piece.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2014.

Please join me for IAPP’s Global Privacy Summit, March 5-7, 2014 in Washington, DC!

PrivacyI’m excited to announce that I’m going to be presenting a session on insurance coverage issues relating to data privacy and cybersecurity at the upcoming International Association of Privacy Professionals (IAPP) Global Privacy Summit.  It’s a premier privacy conference for privacy professionals, in house counsel, risk managers, and others who are interested in privacy and cybersecurity issues.  IAPP advertises that up to 23.5 hours of continuing legal education (CLE) credits are available, and up to 20 hours of continuing privacy education (CPE) credits are available.

Here is a brief overview of the Global Privacy Summit, from the IAPP website:

The privacy conversation starts right here.
The story is happening right now.
Be part of it at the Summit.

Thanks to new technologies and increasing public awareness, we are seeing record engagement in the privacy space—there’s more dialogue than ever before.

And for years, the IAPP Global Privacy Summit has helped to drive this change, engaging minds and creating discourse. It is the largest and most-anticipated privacy conference in the world.

Conference Hotel and Location:

Washington Marriott Wardman Park
2660 Woodley Rd. NW
Washington, DC 20008

My panel will be:

Thursday, March 6, 2:30-4:00 pm

You can click this link to register now.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2013.

Note:  as a speaker at the conference, I will not be charged a fee to attend the remainder of the conference.

myspace profile views counter

Please join me for: “Cyber Security Liability and Privacy: When a Breach Happens.”

cybersecurityI’m excited to present on cybersecurity and insurance coverage issues to emerging growth companies at a live seminar on Thursday, November 7, 2013, from 8:30 am to 10:30 am.  It will be at bwtech@UMBC North : 5520 Research Park Dr, St 110, Baltimore, MD 21228.  The seminar is:

 

Cyber Security Liability and Privacy: When a Breach Happens

CYBERInnovation Briefings

Here are the details from the website announcement:


Cyber Security Liability and Privacy: When a Breach Happens – Who’s Liable, Who’s Responsible

As cyber attacks plague critical infrastructure, financial institutions, and the federal government, liability and privacy remains a growing concern. With losses mounting and sensitive information being leaked several questions remain unanswered – who’s liable, who’s responsible, what are enterprises doing to protect their customers?

We’ll discuss cyber security liability, privacy, and insurance issues.  We’ll also explore some of the basic coverages offered under insurance policies for cyber and privacy risks, provide details on claims that have been covered, discuss the costs for these insurance products, provide an overview of data breach claims and litigation, cyber forensics, and more.

My panel will include:

Event Info
event type Workshop/Training
posted October 16, 2013
sponsor bwtech@UMBC
share
add to calendar

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2013.

Note:  as a speaker at the conference, I will not be charged a fee to attend the conference.

myspace profile views counter

Join me for ACI’s 7th Cyber & Data Risk Insurance Conference!

cybersecurityAre you looking for a conference discussing insurance coverage for cyber and data risk issues, “that provides the highest level insights on advancements in technology, products, pricing, coverage options, prevention strategies and more”? And do you want a conference that gives you the chance to earn CLE credit while hearing from “enforcement and regulatory initiatives straight from the federal and state agencies“?  Of course you do.  Then you should join me for the American Conference Institute 7th Cyber & Data Risk Insurance conference.

Here are some introductory details:

Cyber & Data Risk Insurance

Monday, September 30 to Tuesday, October 01, 2013
In response to new risks and exposures, American Conference Institute has developed the 7th installment of its lauded Cyber & Data Risk Insurance conference. A September tradition in NYC, join us to hear from a highly regarded faculty including the FTC, DOJ, SEC, FDIC, various state AG offices, as well as the industry’s leaders from around the country. Each year the event has grown in scope and size and this year the agenda is brimming with cutting edge topics and new additions to the faculty. This is the “go to” event where you can learn about advancements in technology, products, pricing, coverage options, prevention strategies and more.

Hear and network with the industry leaders about the right coverage options for your company and how you can protect data from financial and reputational loss. Compare products, and learn about pricing policies and new exposures to risk in this ever growing industry. Whether you are an insurance agent, broker, risk adjuster, claims manager, and/or counsel you will walk away from the conference with invaluable information that you can use in your practice right away.

My panel will be:

September 30, 2013, 9:35 am Eastern

State of the Market: New Exposures, Coverage Options, Claim Trends and Risk Evaluation, Pricing and Selling, and What Policyholders Should Now Be Looking for in a Policy

Graeme Newman
Marketing Director
CFC Underwriting

Adam Sills
Vice President
Allied World National Assurance Company

Scott N. Godes
Partner
Barnes & Thornburg LLP

Erica Davis
Vice President – Senior Advisory Specialist
Underwriting Manager
Zurich North America, Specialty E&O

Scott Kannry
Vice President
Financial Services Group | Professional Risk Solutions
AON

Maria Treglia
Chief Sales Officer, SVP-Professional Liability
Program Brokerage Corp.

New Exposures & Coverage Options

  • How has the market evolved and how have forms changed in the last 12 months?
  • Where will the coverage head in the next 12 months and what are the most significant issues that need to be addressed?
  • Network security and privacy policies: how they are changing and what are the different carrier approaches

Insurance and Policy Forms

  • Examining the issue of lack of uniform forms
  • How more forms are offering built in media liability exposure What Policyholders Are and Should be Looking For in a Cyber Policy
  • What liability and fi rst-party coverages are desirable?
  • Identifying and understanding pitfalls in coverage
  • Reasons companies have or have not bought coverage
  • How standards are evolving in response to new technology threats
  • Consumer redress: when is it covered and when not?
  • Filling in the coverage gap: Understanding the disconnect in what is purchased and what is actually covered

Key Considerations for Cyber Liability Coverage

  • Understanding of the products and their variety in the market
  • What is the effect of expanded risk on insurance coverage?
  • Evaluating risk and how the clients wants to proceed
  • Clarifying confusion as to whether a cyber liability product should be stand alone or better built as an existing product or endorsement

Pricing, Selling and Marketing Cyber Risk Policies

  • Pricing of network security and privacy policies
  • Examining the competitive marketplace and how various types of coverage are formulated and priced
  • Where do brokers see the coverage going and what are the most significant issues that need to be addressed?
  • Tailoring the product to accommodate a buyer’s needs: privacy issues; media exposures; cyber crime; security breaches
  • Marketing and selling coverage

Please register here:
Register Now

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2013.

Note:  as a speaker at the conference, I will not be charged a fee to attend the remainder of the conference.

myspace profile views counter

Please join me for: Data Breaches and Advanced Persistent Threats: Planning for Them, Getting Them Resolved, and Getting Insurance to Cover Them

Cybersecurity_email_banner

Hosted by

DS+Logo+Green+2_67+inch+72dpGeneral_Dynamics

Data Breaches and Advanced Persistent Threats:
Planning for Them, Getting Them Resolved, and Getting Insurance to Cover Them

Dickstein Shapiro LLP and General Dynamics Fidelis Cybersecurity Solutions invite you to participate in a webcast, “Data Breaches and Advanced Persistent Threats: Planning for Them, Getting Them Resolved, and Getting Insurance to Cover Them” on Friday, June 21, 2013. This interactive program, of particular interest to chief privacy officers, risk managers, those in government affairs, and privacy counsel, will discuss how enterprises can deal with a risk that has been in the news on a daily basis: data breaches and advanced persistent threats. With these risks quickly becoming board-level concerns, enterprises should have a plan in advance of a data breach and know what happens after a data breach. The discussion will include:

  • Internal and forensics investigations;
  • Inquiries from governmental entities, including State Attorneys General and the Federal Trade Commission; and
  • Insurance coverage that could apply to help defray the costs related to getting the breach or threat resolved.

This webcast will be interactive with an opportunity for Q&A with our speakers.

DATE
Friday, June 21, 2013
2:00 PM – 3:00 PM ET

SPEAKERS
Scott Godes, co-chair of the American Bar Association’s Computer Technology Subcommittee of the Insurance Coverage Litigation Committee
Brian Finch, Global Security Practice Leader, Dickstein Shapiro LLP
Divonne Smoyer, Partner, State Attorneys General Practice, Dickstein Shapiro LLP; IAPP Certified Information Privacy Professional
Jim Jaeger, Vice President, Cybersecurity Services, General Dynamics Fidelis Cybersecurity Solutions

REGISTER
Please click here to register for this complimentary program.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2013.

The materials in this message are provided for informational purposes only and do not constitute legal advice. In some states, this email message may be considered advertising. Please see Dickstein Shapiro’s full disclaimer.

Copyright Dickstein Shapiro LLP 2013. All Rights Reserved.  Reposted with permission.

Please check out: “Cyberattacks and Insurance Coverage.”

The Policyholder Informer blog of the insurance coverage and insurance recovery practice of my former firm, Dickstein Shapiro LLP, is featuring a post that I co-authored with my former colleague Brian Finch.  Brian is a partner and the practice leader for our firm‘s Global Security practice.

The post, which is found via the Internet Archive, is “Cyberattacks and Insurance Coverage.”  The introduction to the post reads:

Most everyone agrees that the cyber threat is real at this point.  The recent release of a report alleging that individuals in China engaged in a sustained campaign of cyberattacks against the United States only served to drive this point home.  All of this information has naturally intensified the debate in Washington, DC on what to do regarding cybersecurity.  Congress is continuing its years long back and forth about whether to impose regulations on sectors of the economy, and the White House has issued an Executive Order to create a voluntary program to encourage companies to practice better cybersecurity.

The post discusses risk management and the idea of threat elimination in the context of cybersecurity, as well as insurance coverage for cyberrisks.  It provides a brief overview of the insurance marketplace for cyberinsurance and refers to recent decisions finding coverage for cyberrisks under other insurance policies, including a crime insurance policy with a computer fraud rider.  Please check out the entire post by clicking here.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2013.

« Older Entries Recent Entries »