Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Insurance Coverage: Issues & Risk Management Approaches

Similar presentations


Presentation on theme: "Cyber Insurance Coverage: Issues & Risk Management Approaches"— Presentation transcript:

1 Cyber Insurance Coverage: Issues & Risk Management Approaches
Anderson Kill Cyber Insurance & Risk Management Issues SRMC Montreal, Quebec Insurance Conference Oct. 27 – 29, 2016 Cyber Insurance Coverage: Issues & Risk Management Approaches

2 Joshua Gold, Esq. 212-278-1886 jgold@andersonkill.com
Speaker Joshua Gold, Esq

3 Insurance Coverage In Context
An Array of Cyber Risks Ashley Madison, Sony Pictures, German Steel Mill, NY Dam, “Internet of Things“ Office of Personnel Management hack: biometric data of 22.1 million people Target: 40 million credit cards compromised; $291mm loss (and counting?) Ransomware crime wave; Bitcoins demanded Class action settlements in eight figures Class action litigation reinstated twice by 7th Circuit Home Depot settlement of class litigation $81 to 101 million SWIFT theft at Bangladesh Bank through NY Fed Dropbox compromised Yahoo accounts: 500mm reported

4 Potential Exposures Exposures Regulatory Investigations
Information (own and of others) Business Reputation/ Crisis Mgt. Business Interruption Regulatory Investigations Cyber Extortion Third Party Liability Network Itself

5 Policies Possibly Covering Cyber Losses
Take Policy Inventory NOW (Not Just After Incidents) Coverage For Cyber-related Claims May Be Asserted Under: GL, D&O, E&O, Crime, All Risk Property, Cyber Policies For “Social Engineering”, Hacking, Fraudulent Wire Transfers, Malware, Hardware Damage Claims. 1st Party, 3rd Party, Hybrid Coverage Issues

6 Cyber Risk Management Issues
Being engaged and proactive minimizes threat and makes insurance recovery more likely Examine vendor contracts, including cloud services Map all business data Limit access to sensitive data inside and outside of the office Make sure senior management is involved in plans and processes to secure data. Educate, educate, educate, test.

7 A Sample Cyber Insurance Template

8 Top Tips For Nailing Down Cyber Insurance Coverage
Insurance applications: “known risks” “Retro dates” Create a clear policy structure: Modules and key coverage grants Gain symmetry among insurance policies (e.g., CGL and property insurance) Establish endorsements for particular coverage needs when it comes to cloud storage and service providers and other relevant third-party vendors “Company as Merchant” exposure: PCI Issues and Brand fines and penalties Beware of “sub-limit” issues Beware of breach of contract exclusions (PCI coverage implications) Beware of conditions respecting "reasonable“ cyber security measures Business Interruption and “Reputation Damage” insurance—more relevant

9 Various ways to intrude / hack / steal / disclose:
1. Company computers (direct attack) 2. Hosting platforms (infiltration) 3. Vendor credentials / access (spoofing) Coverage options are available typically for Company computer and hosting platform exposures, but coverage for vendor credential attacks is rarer and often sub-limited when offered in policies we have seen.

10 Coverage for Data/Systems Damages
Focus on defined terms in policies Particularly relevant for terms such as “Data”, “Records” and “Personal Information” Definitions of “Computer Systems” and similar terms: Do the definitions encompass devices such as tablets, laptops, thumb drives and other forms of portable storage? Do the definitions encompass off-line as well as online components?

11 Coverage for EU Rules /Foreign Agency Regulations Exposures?
Some of the (better) cyber insurance policy forms promise coverage for regulatory and civil law enforcement actions, potentially including; Coverage for violation of EU rules on storage and transmission of foreign customers’ data Coverage for proceedings, inquiries, or investigations by foreign equivalents of FTC, DHHS, and other regulators

12 Problematic Clauses (Time Sensitive, Etc.)
Fear of Reporting Claims? Timely Notice Comprehensive Proofs of Loss Suit Limitation Restrictions Arbitration Requirements Choice of Law (Assume the Worst)

13 Coverage for More Than “Mere” Hacks
Coverage, understandably, is focused on hacks, denial of service attacks, malware, etc. But “risk” often is more than that—especially considering the role human error often will play Is there coverage for inadvertent disclosure? loss of thumb drive with unencrypted data? Failure to protect data from online search engines? Is there coverage for violation of Company’s own privacy or data handling policies?

14 Social Media Insurance Issues
New Avenues for Classic Risks Traditional Policies May Already Cover CGL Professional Liability/E&O EPLI Cyber Policies May Provide Tailored Coverage Comprehensive Pursuit Bridges Potential Gaps

15 Cyber Litigation Issues
Some cases emerging: PF Changs (Ariz. Federal court decision) CNA declaratory judgment lawsuit (Cal. Federal court) Hotel Monteleone (La. Court & arbitration: sublimits) Beware of Disclosure During Discovery: E.g., Sensitive Data, Customer Information, Network Security Blueprints

16 Cyber Litigation Issues Continued
Not Much Precedent, But Stay Tuned Current Precedent Not Uniform: compare Sony I case vs. Portal Health 4th Circuit decision and Recall Total Provide Notice To All Potentially applicable policies We have secured coverage for policyholders under E&O, D&O, Crime, GL, business package policies, and property policies for cyber related losses and claims.

17 Joshua Gold, Esq. 212-278-1886 jgold@andersonkill.com
Questions? Have a question that that did not get addressed during Presentation on Cyber Insurance Coverage? Give us a shout. Joshua Gold, Esq

18 Disclaimer The views expressed by the participants in this program are not those of the participants’ employers, their clients, or any other organization. The opinions expressed do not constitute legal advice, or risk management advice. The views discussed are for educational purposes only, and provided only for use during this session.

19 Joshua Gold, Esq. 212-278-1886 jgold@andersonkill.com
Thank You Joshua Gold, Esq

20 Attorney Bio Joshua Gold, Esq.
As Chair of Anderson Kill's Cyber Insurance Recovery Group, Joshua Gold has represented numerous corporate and non-profit policyholders in a broad range of industries in insurance coverage disputes, obtaining recoveries for his clients well in excess of $1.5 billion. His practice involves matters ranging from data breaches to international arbitration, D&O, business income/property and commercial crime claims, and marine insurance. He has been lead trial counsel in multi-party bench and jury trials, and has negotiated and crafted scores of settlement agreements including coverage-in-place agreements. In a cyber claim dispute of particular importance to businesses purchasing fidelity, crime and financial institution bond coverage, Josh won a multi-million dollar recovery in a landmark U.S. Court of Appeals, Sixth Circuit decision on behalf of a retailer that suffered a data breach as a result of a computer hacking scheme.


Download ppt "Cyber Insurance Coverage: Issues & Risk Management Approaches"

Similar presentations


Ads by Google