Tag Archives: D&O Insurance

Please join me for “2014 Year in Review: A National Insurance Recovery Webinar”

free webinarAs noted previously here, at Barnes & Thornburg LLP‘s Policyholder Protection blog, I welcome you to mark your calendar and join us for a national insurance recovery webinar on Tuesday, Jan. 27 at 3 p.m. (Eastern). The Barnes & Thornburg insurance recovery attorneys will review 2014’s major legal developments and trends in insurance coverage and recovery. You will learn more about how the events of the past year affected:

  • Directors and Officers (D&O) coverage
  • Excess umbrella liability coverage
  • Coverage for business torts and consumer false advertising claims
  • Coverage for environmental contamination claims
  • Cyber liability and data breach

 

You won’t want to miss this lively discussion of some of 2014’s most important developments for policyholders. Webinar access and dial-in information will be delivered upon registration.

 

Register today!

 

2.0 General CLE Credits Pending for CA, GA, IL, IN, MD, MN, OH, PA

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2015.

“A Lawyer’s Advice for Evaluating Your Cyber Coverage”

I recently wrote an article titled, “A Lawyer’s Advice for Evaluating Your Cyber Coverage:  Policies vary significantly from carrier to carrier—and even within the various forms of one company.”  It has been published on the Property Casualty 360° website, republished from the February 6, 2012 issue of National Underwriter.

In the article, I discuss insurance coverage for data breaches, cyber risks, cyberattacks, and cyber events, including what factors to consider when buying cyberinsurance policies for cyber risks.  I also discuss how different cyber risks may be characterized, whether as within first party, or third party insurance coverages, and how to keep those risk factors in mind when brokering, broking, or buying a cyberinsurance policy.

Here is a brief excerpt from the article:

Policyholders and insureds exposed to cyber risks would be well served to analyze carefully their insurance policies to determine exactly which coverages apply to them—and to see if any critical coverages are missing.

Cyber Liability insurance should provide coverage for the vast majority of key cyber risks, and there may also be overlapping coverage under other policies for such exposures.

The first place that a company should look to determine whether it has, or may have, coverage for cyber risks is any specific Cyber Liability policies that the entity holds. A very close look at these policies is warranted, as the coverage under such policies often varies significantly from carrier to carrier—and even within the various forms that one particular insurance company offers.

Want to read moreThen click on over to the full article.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2011.

“Legal Corner: Insurance Recovery for Loss or Liability Arising from Cyberattacks; Obtain and preserve insurance for your company’s protection”

My former colleague, Ken Trotter, and I recently wrote an article titled, “Insurance Recovery for Loss or Liability Arising from Cyberattacks; Obtain and preserve insurance for your company’s protection.”  The article is reprinted below, courtesy of and permission from, the fine people at Hospitality Upgrade magazine:

Scott Godes  godess@dicksteinshapiro.com
Kenneth Trotter  trotterk@dicksteinshapiro.com
Hospitality© 2011 Hospitality Upgrade. No reproduction without written permission. It is no secret that the hospitality industry continues to be vulnerable to data breaches and other cyberattacks.  A report by Willis Group Holdings, a British insurance firm, states that the largest share of cyberattacks (38 percent) were aimed at hotels, resorts and tour companies.  According to the report, insurance claims for data theft worldwide jumped 56 percent last year, with a bigger number of those attacks targeting the hospitality industry. Because businesses in the hospitality industry obtain and maintain confidential data from consumers–countless credit card records in particular–they will continue to be attractive targets for hackers and data thieves.Cybersecurity risks can cause a company to incur significant loss or liability.  A data breach could result in the loss of important and sensitive customer information and, in some cyberevents, stolen company funds.  Companies also may face liabilities to third parties under statutory and regulatory schemes, incurring costs to mitigate, remediate and comply with the liability under these statutes.  Worse still, class action lawsuits have been filed around the country after data breaches, with plaintiffs alleging, among others, the loss of the value of their personal information, identity theft, invasion of privacy, negligence or contractual liability.  Even when companies have had success in defeating class actions, they nonetheless incurred significant legal expenses when defending those lawsuits.Many businesses in the hospitality industry have undertaken important steps to reduce the likelihood of cyberattacks and to protect data and confidential information.  Such measures are important, but equally important is understanding what insurance policies those companies have, or could purchase, to cover loss or liability associated with a data breach or other cyberattack.Involving Technology and Privacy Managers in Insurance-related Matters  Because of the variation in cyberinsurance coverages and the underwriting inquiries that often go along with the purchase of such insurance policies, companies may find the process to be a great opportunity for a company’s risk managers, technology managers and privacy managers to work together to help understand potential risks to the company and what risk transfers are being purchased through the insurance policies offered.  Working together aligns the risk managers’ understanding of specific insurance-related issues, the technology managers’ technical expertise regarding the companies’ systems and protections that will be helpful to understand any technical requirements in an application or insurance policy, and the privacy managers’ knowledge of the potential privacy risks that the company faces in light of the information held and how and where it is used.  Indeed, given their understanding of the technical and practical considerations involved in protecting a company’s data from a cyberattack, technology and information managers may be in a unique position to assist the company’s risk managers in understanding the technical implications of specific policy language.Insurance Coverage Considerations  When considering what coverages may apply or purchasing cyberinsurance coverage, it is essential to consider many types of coverage, as coverages often are written and offered in different modules and on varying insurance policy forms.  On a regular basis, insurers are writing and introducing new policies marketed as being tailored specifically to cover data breaches and cyberattacks.  In addition, coverage may be available under traditional forms of insurance.  Indeed, policyholders may have overlapping coverage for data breaches and certain cyberrisks, with the potential for coverage under cybersecurity policies as well as traditional insurance policies.  When analyzing the coverage afforded by such policies, it is critical to understand the impact of exclusions on coverages and any sublimits on the amount of coverage afforded by the policy.  Because of the variety of coverages being offered, as discussed below, technology managers can assist the company by providing a careful review of the technical language used in the policy to help determine the scope and limitations of the coverage being purchased with respect to a specific company’s operations.

Cybersecurity and Data Breach Policies  The market for cybersecurity policies has been called the Wild West of insurance marketplaces.  Such policies are relatively new to the marketplace and are constantly changing. Specific policies for cybersecurity and data breach have been known as Network Risk, Cyberliability, Privacy and Security or Media Liability insurance.  The Insurance Services Office, Inc., which designs and seeks regulatory approval for many insurance policy forms and language, has a standard insurance form called the Internet Liability and Network Protection Policy, and insurance companies may base their coverages on this basic insuring agreement or they may provide their own company-worded policy form.  Because these policies are frequently updated and changed, it is important to compare the coverages offered across companies and within a company’s offerings.

Traditional Forms of Insurance  Although it is ideal to purchase a policy designed specifically for cybersecurity risks, more traditional forms of insurance may also provide overlapping coverage for data breaches and cyberrisks, depending on the particular coverage terms and exclusions in the individual policy.  Coverage may be provided by the following types of policies:  commercial general liability; first-party property and business interruption; directors and officers or errors and omissions; crime; kidnap, ransom and extortion.  Insurance companies, however, have been fighting their obligations to pay claims for cyber-related loss under such traditional insurance policies.  A major insurer recently sued a corporate policyholder in New York, asking the court to rule that traditional insurance policies do not cover a series of high-profile data breaches, cyberattacks and cyberrisks.

Making a Claim for Coverage   If a cyberevent occurs, such as a data breach, then it is vital that risk managers, technology managers and privacy managers work together to seek recovery under all potentially available insurance policies.  It is recomended that policyholders send notice of the claim or occurrence to all potentially applicable insurers, whether under a special cybersecurity policy or under the more traditional forms of insurance. After an insurance claim is tendered to insurers, they may raise various defenses to coverage. Companies, however, should not assume that such defenses will defeat coverage. Whether an event is covered will often depend on careful analysis of the specific policy language involved, the facts of a company’s particular losses and the law of the applicable jurisdiction. Insurance carriers may take a hard line regarding the application of the exclusions in their policies.  For example, under certain insurance policies, there is coverage for property damage and insurers have asserted that there has been no property damage as a result of a cyberattack. Technology managers, however, may be able to assist the company in marshalling evidence to prove that a cyberattack has damaged the company’s computer equipment, or that there has been a loss of use of computer equipment (another way of demonstrating property damage under certain insurance policies).  Technology managers should stay involved throughout the insurance recovery process to help assure that any representations and statements about the company’s technology and the cyberevent are accurate and properly characterized.

Beyond in-house technology personnel, companies that have sustained losses due to a data breach or cyberattack should consider speaking with an attorney who represents policyholders and has familiarity with this area. Because of the assistance of such lawyers, some policyholders have been able to obtain substantial recovery even after the insurer initially denied the policyholder’s claim.

Scott Godes and Kenneth Trotter are attorneys with Dickstein Shapiro LLP who devote a significant portion of their practice to the representation of policyholders in complex insurance disputes with insurance companies. They may be reached at godess@dicksteinshapiro.com or trotterk@dicksteinshapiro.com. This information is general and educational and is not legal advice.  For more information, please visit www.hospitalitylawyer.com.

Thank you to the Hospitality Upgrade website for permission to use this article.

This article appeared on the Hospitality Upgrade website on 1 October 2011—link to article:

http://www.hospitalityupgrade.com/_magazine/magazine_Detail-ID-694.asp

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2011.  [Note that the contact information for Ken Trotter and me since has changed.]

Insurance coverage against cyberattacks and data breaches relating to the hospitality industry and hotels.

four star hotelMy former colleague, Ken Trotter, and I recently wrote an article titled, “Insurance Recovery for Loss or Liability Arising from Cyberattacks; Obtain and preserve insurance for your company’s protection.”  It has been published in Hospitality Upgrade magazine‘s Fall 2011 issue.  In the article, we discuss insurance coverage for data breaches, cyber risks, cyberattacks, and cyber events, in light the risks for such events that the hospitality industry, and hotels in particular, face.  We discuss coverages for cyberattacks and data breaches against hotels and the hospitality industry under new cyberinsurance policies, and overlapping coverage with other insurance policies for data breaches, cyber risks, cyberattacks, and cyber events.  We also discuss involving multiple people within the company to discuss the risks and evaluate the purchase of new insurance and cyberinsurance policies.

Here is a brief excerpt from the article:

It is no secret that the hospitality industry continues to be vulnerable to data breaches and other cyberattacks. . . .

Cybersecurity risks can cause a company to incur significant loss or liability. A data breach could result in the loss of important and sensitive customer information and, in some cyberevents, stolen company funds. Companies also may face liabilities to third parties under statutory and regulatory schemes, incurring costs to mitigate, remediate and comply with the liability under these statutes. Worse still, class action lawsuits have been filed around the country after data breaches, with plaintiffs alleging, among others, the loss of the value of their personal information, identity theft, invasion of privacy, negligence or contractual liability. . . .

Many businesses in the hospitality industry have undertaken important steps to reduce the likelihood of cyberattacks and to protect data and confidential information. Such measures are important, but equally important is understanding what insurance policies those companies have, or could purchase, to cover loss or liability associated with a data breach or other cyberattack. . . .

Read more

Want to read moreThen click on over to the full article.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2011.

“Protecting Your Company Against Loss or Liability Arising from Cyberattacks”

My former colleague, Ken Trotter, and I recently wrote an article titled, “Protecting Your Company Against Loss or Liability Arising from Cyberattacks.”  It has been published in Hospitality Lawyer‘s September 2011 In-House Counsel Newsletter.  In the article, we discuss insurance coverage for data breaches, cyber risks, cyberattacks, and cyber events.  We discuss coverages under new cyberinsurance policies, and overlapping coverage with other insurance policies for data breaches, cyber risks, cyberattacks, and cyber events.

We provide an overview of potential coverage under:

  • First party property policies;
  • Business interruption coverage and policies;
  • Commercial General Liability (CGL) policies;
  • Directors and Officers Liability (D&O) policies;
  • Errors and Omissions policies; and
  • Crime and Fidelity policies.

We also give practical considerations when making claims for coverage.

Here is the opening paragraph to the article:

Does your company have insurance policies that will cover data breaches and cyber attacks?  The hospitality industry is particularly vulnerable to data breaches and other cyberattacks.  According to Willis Group Holdings, a British insurance firm, insurance claims for data theft worldwide jumped 56% last year, with a large number of those attacks targeting the hospitality industry.  The report said the largest share of cyber attacks—38%—were aimed at hotels, resorts and tour companies.  As just one example of these attacks, computer hackers broke into the computer system of a national hotel chain and stole the guests’ credit card information.  This summer, the Secret Service informed the owner of a family-run Italian restaurant that a thief hacked into the communication system between the cash register and the credit card processing company, stole credit card numbers, and then used them to fraudulently make purchases across the United States.  Businesses in the hospitality industry will continue to be attractive targets for hackers and data thieves, particularly since they obtain and maintain confidential data from consumers including countless credit card records.  There are risks for companies well beyond the possibility of hackers stealing consumer data.  Vital corporate data, whether it’s shared on the company’s servers or by third parties, may become inaccessible or even destroyed in a hacker attack.  Managing such risk is critical to successful business operations. Read more

Want to read moreThen click on over to the newsletter.

Podcast on D&O insurance, cybersecurity, cyber liabilities, privacy class actions, and insurance: “Executive Summary Webinar Series: What You Need to Know Before You Walk Into the Boardroom (July 2011)”

I recently joined Priya Cherian Huskins and Lauri Floresca of Woodruff Sawyer & Co. to discuss D&O insurance, cyberinsurance, and insurance coverage for privacy issues, data breaches, cyberattacks, denial-of-service attacks and more.   Lauri and Priya gave an overview of the D&O insurance marketplace, including changes in pricing, availability of limits, and new insurance policies and insurance products.  Then we shifted gears and talked about cybersecurity, cyber liability, and insurance coverage for cybersecurity risks.  We touched on the latest data breaches, privacy claims and class actions, and other cyber incidents to have hit the news and discussed the related insurance coverage issues.  The audio and supporting materials (that Woodruff Sawyer prepared) have been put online as a podcast and supporting PDF, so that you listen, in case you missed the live presentation.

To listen to this podcast, click here.

To view a pdf of the presentation, click here.

Date and Time


 

Tuesday, July 19, 2011


Webinar

11:00 AM – 11:30 AM PST


This webinar is offered free of charge.


Visit Us At:

LinkedIn   Facebook   Twitter


Woodruff-Sawyer & Co.

50 California St., 12th Fl.

San Francisco, CA 94111

Before you walk into your next board meeting, what do you need to know when it comes to current D&O liability issues? The “Executive Summary” is Woodruff-Sawyer’s webinar series for CFOs, GCs, Controllers and others who work with boards of directors.  The upcoming session will feature a conversation with Woodruff-Sawyer’s Priya Cherian Huskins and Lauri Floresca, both nationally-recognized insurance experts, and Scott Godes [formerly] of Dickstein Shapiro.Scott [was] the co-leader of Dickstein Shapiro’s Cyber Security Coverage Initiative. Areas of Discussion

  • D&O Market Update
  • D&O Litigation Update

– Newest numbers on D&O suits
– Latest on Supreme Court rulings

  • Lessons from Sony & Citi: What boards should be asking about cyber liability

– Updates on the recent high-profile data security breaches
– Understanding the impact of California’s recent Supreme Court zip code decision
– What should boards do to mitigate cyber risks?

Click here to register for this webinar.

For questions, please email seminar@wsandco.com


Woodruff-Sawyer is one of the largest independent insurance brokerage firms in the nation, and is an active partner of International Benefits Network and Assurex Global. For over 90 years, Woodruff-Sawyer has been partnering with clients to implement and manage cost-effective and innovative insurance, employee benefits and risk management solutions, both nationally and abroad. Headquartered in San Francisco, Woodruff-Sawyer has offices throughout California and in Portland, Oregon. For more information, call 415.391.2141 or visit www.wsandco.com.


Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2011.

myspace profile views counter

Join me for a free webinar about D&O and cyberinsurance: “Executive Summary”: What You Need to Know Before You Walk into the Boardroom

Please join me on July 19, 2011, at 2:00 pm Eastern, for a free webinar hosted by Woodruff Sawyer & Co. Priya Cherian Huskins, Lauri Floresca, and I will discuss D&O insurance, cyberinsurance, and insurance coverage for privacy issues, data breaches, cyberattacks, denial-of-service attacks and more. Here are the details from Woodruff Sawyer‘s announcement:

 

Date and Time


 

Tuesday, July 19, 2011


Webinar

11:00 AM – 11:30 AM PST


This webinar is offered free of charge.


Visit Us At:

LinkedIn   Facebook   Twitter


Woodruff-Sawyer & Co.

50 California St., 12th Fl.

San Francisco, CA 94111

Before you walk into your next board meeting, what do you need to know when it comes to current D&O liability issues? The “Executive Summary” is Woodruff-Sawyer’s webinar series for CFOs, GCs, Controllers and others who work with boards of directors.  The upcoming session will feature a conversation with Woodruff-Sawyer’s Priya Cherian Huskins and Lauri Floresca, both nationally-recognized insurance experts, and Scott Godes [formerly] of Dickstein Shapiro.Scott [was] the co-leader of Dickstein Shapiro’s Cyber Security Coverage Initiative. Areas of Discussion
  • D&O Market Update
  • D&O Litigation Update

– Newest numbers on D&O suits
– Latest on Supreme Court rulings

  • Lessons from Sony & Citi: What boards should be asking about cyber liability

– Updates on the recent high-profile data security breaches
– Understanding the impact of California’s recent Supreme Court zip code decision
– What should boards do to mitigate cyber risks?

Click here to register for this webinar.

For questions, please email seminar@wsandco.com


Woodruff-Sawyer is one of the largest independent insurance brokerage firms in the nation, and is an active partner of International Benefits Network and Assurex Global. For over 90 years, Woodruff-Sawyer has been partnering with clients to implement and manage cost-effective and innovative insurance, employee benefits and risk management solutions, both nationally and abroad. Headquartered in San Francisco, Woodruff-Sawyer has offices throughout California and in Portland, Oregon. For more information, call 415.391.2141 or visit www.wsandco.com.

 

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2011.

myspace profile views counter

« Older Entries