I wrote a post that discusses card brand liabilities – the demands from payment card brands and payment card processors after a data breach of credit card and debit card numbers – and getting cyberinsurance to cover those liabilities. The post discusses Target’s disclosure of a $19 million settlement with MasterCard for card brand liabilities and whether Target’s cyberinsurance might cover the losses.
Tag Archives: cyber risks
As noted previously here, at Barnes & Thornburg LLP‘s Policyholder Protection blog, I welcome you to mark your calendar and join us for a national insurance recovery webinar on Tuesday, Jan. 27 at 3 p.m. (Eastern). The Barnes & Thornburg insurance recovery attorneys will review 2014’s major legal developments and trends in insurance coverage and recovery. You will learn more about how the events of the past year affected:
- Directors and Officers (D&O) coverage
- Excess umbrella liability coverage
- Coverage for business torts and consumer false advertising claims
- Coverage for environmental contamination claims
- Cyber liability and data breach
You won’t want to miss this lively discussion of some of 2014’s most important developments for policyholders. Webinar access and dial-in information will be delivered upon registration.
2.0 General CLE Credits Pending for CA, GA, IL, IN, MD, MN, OH, PA
Please check out: “If Your System Was Attacked By ‘Backoff’ Malware, Would Your Insurance Cover A Data Breach Involving Credit Card Numbers?”
I wrote a post that discusses the disclosure of so-called “Backoff” malware by the Department of Homeland Security. I also discuss and how insurance might apply to retailers and card processors facing a data privacy incident (or a data breach) with allegedly exposed credit cards, debit cards, and payment cards in general as a result of a Backoff malware attack.
Please check out: “Scott Godes Interview Featured in, ‘If Attorney Needed to Explain Cyber Coverage, the Policy Is Not Clear.'”
I wrote a post that discusses an interview I recently gave for an Advisen article regarding cyber risk and cyberinsurance.
Please check out: “Increasing data breach costs should lead to a review of insurance policies and vendor contracts.”
I wrote a post that discusses increasing data breach costs, as discussed in the latest Ponemon Institute report, and gives some tips regarding risk management, insurance coverage, and vendor contracts, in light of this expanding and changing risk.
The article is “5 Tips for Reviewing and Buying Cyberinsurance.” With the recent rash of cyberattacks, data breaches, and other incidents affecting retailers around the country, it is a good time to turn a careful eye to insurance for cyber and privacy risks. After a privacy, cybersecurity, or data breach incident, retailers may face a host of issues as a result of those incidents. The issues may include individual consumer claims, putative class actions, federal and state investigations and regulatory inquiries, and demands from banks, credit card brands, and/or credit card processors.
The introduction to the article reads:
It seems that the cybersecurity was all over the news in 2013, and in 2014, retailers cannot escape the potential of a data breach. In fact, it’s been reported that six further retailers may be suffering data breaches and cyberattacks, beyond the two big retailers that were in the news over the holiday season. If you already have forgotten about your personal New Year’s resolution, consider one for your business: understanding your insurance policies with a view toward coverage for cyber risks.
If you are interested in some take aways regarding your cyberinsurance program, including considerations relating to Payment Card Industry Council compliance (“PCI compliance”), account data compromise events (“ADC events”), case management fees, operational fraud demands, operational reimbursement demands, and more, please take a look at the entire article. Please check out “5 Tips for Reviewing and Buying Cyberinsurance.”
Please join me for: Data Breaches and Advanced Persistent Threats: Planning for Them, Getting Them Resolved, and Getting Insurance to Cover Them
Dickstein Shapiro LLP and General Dynamics Fidelis Cybersecurity Solutions invite you to participate in a webcast, “Data Breaches and Advanced Persistent Threats: Planning for Them, Getting Them Resolved, and Getting Insurance to Cover Them” on Friday, June 21, 2013. This interactive program, of particular interest to chief privacy officers, risk managers, those in government affairs, and privacy counsel, will discuss how enterprises can deal with a risk that has been in the news on a daily basis: data breaches and advanced persistent threats. With these risks quickly becoming board-level concerns, enterprises should have a plan in advance of a data breach and know what happens after a data breach. The discussion will include:
- Internal and forensics investigations;
- Inquiries from governmental entities, including State Attorneys General and the Federal Trade Commission; and
- Insurance coverage that could apply to help defray the costs related to getting the breach or threat resolved.
This webcast will be interactive with an opportunity for Q&A with our speakers.
Friday, June 21, 2013
2:00 PM – 3:00 PM ET
Scott Godes, co-chair of the American Bar Association’s Computer Technology Subcommittee of the Insurance Coverage Litigation Committee
Brian Finch, Global Security Practice Leader, Dickstein Shapiro LLP
Divonne Smoyer, Partner, State Attorneys General Practice, Dickstein Shapiro LLP; IAPP Certified Information Privacy Professional
Jim Jaeger, Vice President, Cybersecurity Services, General Dynamics Fidelis Cybersecurity Solutions
Please click here to register for this complimentary program.
The materials in this message are provided for informational purposes only and do not constitute legal advice. In some states, this email message may be considered advertising. Please see Dickstein Shapiro’s full disclaimer.
Copyright Dickstein Shapiro LLP 2013. All Rights Reserved. Reposted with permission.
The Policyholder Informer blog of the insurance coverage and insurance recovery practice of my former firm, Dickstein Shapiro LLP, is featuring a post that I co-authored with my former colleague Brian Finch. Brian is a partner and the practice leader for our firm‘s Global Security practice.
Most everyone agrees that the cyber threat is real at this point. The recent release of a report alleging that individuals in China engaged in a sustained campaign of cyberattacks against the United States only served to drive this point home. All of this information has naturally intensified the debate in Washington, DC on what to do regarding cybersecurity. Congress is continuing its years long back and forth about whether to impose regulations on sectors of the economy, and the White House has issued an Executive Order to create a voluntary program to encourage companies to practice better cybersecurity.
The post discusses risk management and the idea of threat elimination in the context of cybersecurity, as well as insurance coverage for cyberrisks. It provides a brief overview of the insurance marketplace for cyberinsurance and refers to recent decisions finding coverage for cyberrisks under other insurance policies, including a crime insurance policy with a computer fraud rider. Please check out the entire post by clicking here.
Please join me for the January 11, 2013 Delaware Valley RIMS Chapter Meeting: “Cyber Risk Management and Control”
Every day the media reports another major cyber breach. No person or corporation is immune. And the inevitable class action privacy breach lawsuits follow. The trend among courts and government regulators has been to allow these suits to proceed to discovery and beyond. The associated costs are increasing exponentially. Become better informed by a debate on cyber risks and litigation, crisis management, loss control, the applicability of insurance and cyber risk strategies by joining us on January 11, 2013 at Aramark’s Philadelphia office.
The panelists will be Scott Godes [formerly] from Dickstein Shapiro and Richard Bortnick [formerly] from Cozen and O’Connor. Scott Godes [was] counsel in the Insurance Coverage Practice and focuses on representing corporate policyholders in insurance coverage disputes. He is a seasoned litigator who has extensive experience in trying complex insurance coverage disputes, including class actions, in state, federal, bankruptcy, and appellate courts, as well as in commercial arbitrations. He [was] co-leader of the firm’s Cyber Security Insurance Coverage Initiative.
Richard Bortnick, from Cozen & O’Connor is a member resident in Cozen O’Connor’s Philadelphia office. He litigates and counsels U.S. and international clients on cyber and technology, directors’ and officers’ liability, securities fraud, professional liability, insurance coverage, products liability, and commercial litigation cases. He also drafts professional liability insurance policies of varying types, including Cyber/Tech policies, and is co-publisher of the cyber industry blog, Cyberinquirer.com.
Moderating the discussion will be Art Boyle, Vice President of Enterprise Risk at Radian Group.
Here are the time and location details:
DATE: Friday, January 11th from 8:00 AM – 10:00 AM
LOCATION: Aramark office, Center City, Philadelphia
Please be sure to join us! Click here to register.
This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2013. As a presenter, I will not be charged a fee to attend the meeting.
My friend, Christine Marciano, who is President, Cyber Data Risk Managers, just released her 2012 Data Privacy and Information Security Predictions. The report is an interesting series of predictions on what 2012 will hold in the areas of privacy and cyber risks. Here is how Christine describes the report:
This is our first Data Privacy and Information Security Predictions report. We asked
leading Data Privacy and Information Security professionals what they thought the New
Year will hold in terms of the threats that are on the 2012 landscape. The predictions
that are included in this report offer a wide range of threats and concerns that need to
be considered by every business or organization that operates in cyberspace regardless
of its size.
Christine starts off the report with some of her own predictions regarding 2012 and what people might expect in terms of cyber risks and cyber threats:
As we start 2012, we can expect to see a continuance of data breaches and increasing cyber attacks. Taking a look back at 2011, we have learned that no system is ever 100% secure no matter the name or the size of an organization. It’s important for businesses and organizations to know what they need to be prepared for and to take steps to help minimize the threats that do not appear to be going away. Looking ahead, it appears that in 2012 we will see an increase of heightened and very sophisticated threats than what was seen in 2011. We can recall 2011 as the year the hackers and the hacktivists got started on the data breach and gained a great amount of attention. With all of the digital information and big data that is being stored, it should come as no surprise that data breaches are not going away in 2012 as they are only going to get bigger. I expect that we will also see more serious hacktivists attacks. It seems that the hacktivist is no longer hacking organizations just for the fun of it. They are attacking for specific causes and I believe that hacktivists are going to be a very serious threat in 2012 and organizations must be prepared.
Christine cites me for a prediction about data breaches and insurance coverage for data breaches and privacy risks. Here is her write up for me in the report:
DATA BREACHES WILL FORCE MANY TO REVIEW THEIR EXISTINGINSURANCE POLICIES TO SEE WHAT’S COVERED
Scott N. Godes, [formerly] Counsel, Dickstein Shapiro LLP, states…
In terms of a trend in the areas of privacy and information security, I have noticed a sea change in both areas, leading to more need for analysis of insurance policies to cover these risks. When considering privacy risks, there has been an expansion of risks and potential liability for privacy violations, with the Pineda v. Williams Sonoma decision serving as one example. This year also has been called the year of the data breach, and companies are taking a hard look at how their insurance might and does cover such claims. These risks are being considered much more closely by companies, along with a careful analysis of how their insurance policies might cover.
Follow Scott Godes on Twitter:
She also quotes several people who write and speak a good deal about cyber risks, including:
- Misha Glenny, Author of DarkMarket: Cyberthieves, Cybercops and You (Knopf, 2011), about smartphones and international cybercrime;
- Jim Duster, Vice President of Sales, Debix; and Jake Kouns, Director of Cyber Security and Technology Risks, Underwriting, Markel Corporation, about the growth of cyberinsurance for 2012;
- InfoLawGroup Senior Counsel, Richard Santales, about EU Data Protection regulation changes, HIPAA breach notification changes, upcoming FTC privacy report, and cloud computing;
- InfoLawGroup Partner, David Navetta, about concerns over BYOD (“bring your own device”) and COIT (“consumerization of information technology);
- Bruce Anderson, CEO, Cyber Investigation Services, about small and medium businesses becoming a target for data breaches in 2012, increased cyber attacks, growth in website attacks, mobile threats, and hacktivists targeting the cloud;
- Anthony M. Freed, Managing Editor at Infosec Island, about cyber attacks on critical infrastructure;
- Shaun Dakin, Managing Director, Webbmedia Group, about the FTC using existing power to regulate commercial enterprises; and
- Robert Fletcher, founder and CEO of Intellectual Property Insurance Services Corporation, as to how Changes in America Invents Act will drive intellectual property owners to explore specialized intellectual property insurance policies to fund IP litigation.
This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2012.