Co-Authors: Josephine Cicchetti, Steven Blickensderfer Last week, New York’s Department of Financial Services released its long-awaited proposed cybersecurity regulation, which promises to deliver sweeping protections to consumers and financial institutions alike. The proposed regulation, titled "Cybersecurity Requirements for Financial Services Companies" (23 NYCRR Part 500), if implemented, would be a first-of-its-kind state provision that creates mandatory ... Keep Reading »
Cybersecurity
Cybersecurity Awareness Month: Visits From the Ghosts of Claims Past and Claims Future
Cybersecurity awareness month is nigh upon us again, and thus perspective is in order. 2016 brought us the first collection and analysis of the nascent claims history of the burgeoning cyber-insurance market. On August 27, 2016, the National Association of Insurance Commissioners (NAIC) released its “Report on the Cybersecurity Insurance Coverage Supplement,” which provides helpful analysis of NAIC’s first data cull from insurers writing various forms of cyber coverage. ... Keep Reading »
NAIC Exposes Revised Draft Model Cybersecurity Law for Insurers for Public Comment
Insurers are a prime target for hackers as a result of the vast stores of valuable data they maintain. Not all information is created equal, and it varies in value. Hacker services and software, illegal drugs, cyberweapons, and all kinds of other types of stolen, confidential, and compromised information is monetized and traded daily on darknet markets using various forms of cryptocurrency, by governments, hackers, criminals, and businesses. While a stolen credit card ... Keep Reading »
Defining the Contours of Cyber Coverage for Data Breach: a Warning in Arizona
A year ago in this space, we looked at the receding wave of coverage litigation regarding whether various cyber-related exposures were covered under traditional policies, such as CGL and professional liability policies. Deemed “square peg” litigation, those cases were mostly a mixed bag. And, as predicted, since the advent of the now burgeoning cyber-specific coverage market, those cases are largely becoming irrelevant, as insurers have begun to place exclusions in ... Keep Reading »
Eighth Circuit Orders Coverage For Hackers’ Fraudulent Wire Transfer
Financial institution bonds come in various forms, depending on the nature of the insured business (e.g. bank, broker, insurance company). Common forms are fidelity bonds and commercial crime policies. These policies provide first party coverage against losses caused by employee dishonesty, forgery, kidnap, ransom & extortion, computer fraud and other specified financial frauds. These policies are common, and in some cases required by law, for banks, insurers, and ... Keep Reading »
Insuring Cyber Exposure Through a Captive Insurer
Cyber risks have been confounding insurers and policyholders alike as those risks have evolved and expanded in recent years. Indeed, the risks have effectively outgrown the confines of standard commercial insurance coverage, and numerous insurers have developed new products, creating a market for cyber-specific coverages and policies. While predictions about growth in this market have generally been bullish, there are some signs it may be flattening. One recent survey ... Keep Reading »
Hot Topics in Cyber Coverage [PODCAST]
Insurers face a potential double whammy when it comes to cybersecurity threats. Like other companies, they must be vigilant about protecting the sensitive data they collect and store from hacks and breaches. On the other hand, insurers also are responsible for paying for claims when a breach occurs. Insurers are scrambling to craft new coverages in the wake of new risks and liabilities, while insurance regulators are scrambling to implement enhanced regulations requiring ... Keep Reading »
Phishing for Cybersecurity Coverage: When is a Fraud a “Computer Fraud”?
In late June, the New York Court of Appeals affirmed a trial court ruling that there was no coverage for a health insurance company policyholder, under a "Computer Systems Fraud" rider issued by its insurer, for an underlying $18 million liability it incurred as a result of paying fraudulent claims submitted by providers for services never performed, under certain of its Medicare Advantage plans. In August, a Texas federal court found coverage under a "Computer Fraud" ... Keep Reading »
Cybersecurity as a Regulatory Issue: The NAIC Considers The Anthem Breach And Weighs a “Cybersecurity Bill of Rights”
The Cybersecurity Task Force of the National Association of Insurance Commissioners (the "NAIC") met last month, as part of on the NAIC's 2015 Summer National Meeting in Chicago. The Task Force focused on two issues: the recent massive data breach suffered by Anthem, Inc., and a draft "Consumer Cybersecurity Bill of Rights" that was released for public comment in late July. The Anthem Breach Anthem's general counsel reported that the FBI has completed its ... Keep Reading »
Cyberclaim Coverage Denied: The TCPA Protects Privacy, Not Personally Identifiable Information
In Doctors Direct Ins., Inc. v. Beaute’ E’mergente, LLC, No. 1-14-2919 (Ill. App. Ct. June 22, 2015), an Illinois state appellate court recently affirmed that a medical malpractice liability insurer did not owe a duty to defend or indemnify its insured in an underlying class action lawsuit alleging violations of the Telephone Consumer Protection Act (the “TCPA”) and the Illinois Consumer Fraud and Deceptive Business Practices Act (the “ICFA”), because there was no ... Keep Reading »