I'll be interested to see what actually gets covered in this case. The general rule in Europe is that you cannot insure against fines and penalties but this needs to be clarified...: [...] Representatives for the insurers, either had no comment or could not immediately be reached. Capital One did not respond to requests for comment. Meanwhile, Capital One and affiliates face allegation of negligence among other things in at least three putative class action lawsuits that
Cyber Insurance
News about insuring cyber risks
Equifax’s Hefty $700M Bill is a Powerful Reminder to Close Cyber D&O Coverage Gaps
Would your insurance cover you if your company 'did an Equifax'? Time to check with specialist brokers and/or lawyers...: [...] Notably, directors and officers of companies that fall victim to a data breach sometimes face additional liabilities. Shareholder and regulatory enforcement actions against directors and officers are on the rise, and increasingly are an inevitable—and expensive—consequence of a data breach. Even for breaches far smaller in scope than the one suffere
From Data Breach to Bankruptcy – A Cautionary Tale for Those Without Cyber Insurance
Two lessons from this: 1. It's worth investing in cyber security (a full program, not just shiny security tools); 2. Insurance can make the difference between survival and bankruptcy if/when the worst happens...: A data breach may cost a company millions in recovery and liability damages, but rarely does a breach force a company into bankruptcy. However, a months-long data breach at American Medical Collection Agency (AMCA) in 2018-2019 did just that, forcing its parent comp
Announced GDPR Fine Against Marriott Raises Reporting and Coverage Implications
It's worth following the Marriott case for several reasons but, probably most importantly, to see if GDPR fines are insurable...: [...] There has been significant discussion as to whether cyber liability insurance policies issued in the United States will cover GDPR fines. (Authorities in the EU have been more coy as to whether GDPR fines are insurable.) This question may be affirmatively answered, if available insurance is not already exhausted from other liabilities rela
The Cost of Ransomware Attacks on Cities
This article contains a pitch to buy a new-fangled 'next-generation' firewall (be aware of any vendor claims to be a solution) but is actually a good discussion of the merits of 'pay-up' vs. 'pain of recovery' approaches: Ransomware attacks on cities are becoming more prevalent with ransom demands increasing with each attack. Recently, two cities have gone against conventional wisdom and decided to pay the ransom amount demanded by hackers who held their cities hostage. This
Cyber attacks won’t be covered by the Terrorism Insurance Act – yet
Australia has chosen not to include cyber attacks in its coverage of terrorist incidents. It's an interesting omission and one that other governments are sure to look at. Time to check if your own insurance covers you for acts of cyber terrorism... A recent review of the Terrorism Insurance Act by the National Audit Office has opted to leave protection for cyber incidents off the table - for now. The Act was established in 2003 after the September 11 terrorist attacks to
Overcoming Dearth of Data Remains Key to Cyber Insurance Underwriting, Say Experts
Those insurance companies that have already dipped their toes in the water are building a risk database that might give them an advantage. However, unlike hurricanes and other natural events, cyber risks continue to change so it's questionable whether what happened in the 00's is relevant to the risk landscape in the '20s and beyond...: While there are “huge opportunities” on the horizon for the cyber insurance industry, cyber insurance underwriters still face the challenge
Two New London Market Model Cyber Exclusion Clauses Published by IUA
If you assume (probably wrongly) that your current insurance covers you for cyber-related risks, the wording of the policy is going to get updated so you should be under no illusions anymore...: Two new London Market model clauses to help underwriters manage cyber losses have been published by the International Underwriting Association (IUA). The wordings have been developed in order to address issues of non-affirmative or “silent” cover, where traditional insurance polic
Questions to Consider Asking Your Broker About Cyberliability Coverage
Advice from Robinson+Cole, a specialist law firm...: [...] To help with your conversation with your broker, here are some basic questions (this is not an exhaustive list) to discuss with your broker as you evaluate your cyber-liability insurance needs: Confirm first-party coverage for a security incident/data breach for forensic analysis, legal, costs associated with data breach notification to individuals and regulators, and coverage for fines/penalties and costs assoc
Baltimore ransomware nightmare could last weeks more, with big consequences
Cyber risk insurance, especially the ability to call out emergency support, is looking like a very good idea for Baltimore. Pity they are too late for this attack...: [...] To top it off, unlike the City of Atlanta—which suffered from a Samsam ransomware attack in March of 2018—Baltimore has no insurance to cover the cost of a cyber attack. So the cost of cleaning up the RobbinHood ransomware, which will far exceed the approximately $70,000 the ransomware operators demanded,