Over the past few years, ransomware attacks have increased in frequency and demand size. And, increasingly, those attacks have targeted businesses and critical infrastructure organizations from across the globe. This trend is likely to continue. The Cybersecurity & Infrastructure Security Agency noted that cybersecurity authorities in the United States, Australia and the United Kingdom assess that “if the ransomware criminal business model continues to yield financial returns for ransomware actors, ransomware incidents will become more frequent. Every time a ransom is paid, it confirms the viability and financial attractiveness of the ransomware criminal business model.”
As cybercrimes and data breaches continue to cause significant damage to companies of all types, policyholders are looking to their various insurance policies for coverage to help weather the storm and recoup losses. A recent decision by the U.S. Court of Appeals for the Fifth Circuit highlights the need for companies to review all of their policies for potential cyber-related coverage, including their CGL policies.
Winning a championship ring is everything. Just ask the Los Angeles Dodgers, who won 11 National League West titles between their 1988 and 2020 World Series Championships and would likely have traded several of those division titles for more World Series championships. But, of course, not all rings are equal. Neither are sports collectibles.
The Biden administration has hit the ground running with executive orders, regulatory and legislative priorities, and cabinet-level and other top posts being announced on a daily basis. Our public policy colleagues have been closely tracking many of the policy priorities of the new administration and highlighting important regulatory and legislative developments that businesses can expect coming down the pipeline.
Almost four months have passed since the World Health Organization declared COVID‑19 a global pandemic on March 11, 2020. Continued social distancing and other precautionary measures have driven many organizations to expand work-from-home protocols for the foreseeable future or even permanently—in turn prompting many organizations to review their cyber insurance policies in addition to the rest of their insurance portfolios. While cyber risk policies are not widely standardized, there are several common traps that are found in many cyber risk policies, and early awareness of them can be the difference between a covered claim and a hard-fought coverage battle. While these traps are not specific to COVID-19 concerns, they may become increasingly important as organizational cyber exposures increase. Three of the more salient pitfalls are discussed in this post.
A couple months into the widespread shift to remote work for many employees on a temporary basis, an increasing number of companies are considering or already implementing a permanent shift to remote work for most or all of their employees. Unsurprisingly, this shift is rapidly occurring in the technology industry. For example, Twitter’s CEO announced this week that its employees will be allowed to work from home permanently. But it is also occurring across other industries, including the insurance industry. For example, Nationwide is planning to permanently exit its building space, other than four main campuses, before the end of the year and is moving its other employees to permanent remote-working status.
A few months into the COVID-19 pandemic, the insurance focus (understandably) has been on business interruption and event cancellation coverage. Various other coverages are in play as well, given the types of COVID-19-related claims and lawsuits being filed (and that will be filed in the future) against corporate policyholders, from bodily injury due to exposure to the virus, to breach of contract, to securities violations, to misrepresentations and consumer protection violations, just to name a few. However, cyber risks are also highly salient for companies in this “new normal,” and companies must consider the role their insurance plays in preparing for and responding to those risks.
Cyberattacks are an increasingly frequent and costly risk faced by almost every business today. While the availability and scope of cyber-specific insurance has developed exponentially over the past few years, it is important to remember that more traditional policies (such as general liability and first-party property insurance) can still be a source for coverage in connection with cyber incidents, as a recent court decision demonstrates.
Recent headlines have raised significant concerns about the possibility of cyberattacks on U.S. businesses as a result of the heightened tensions with Iran. The Department of Homeland Security, through its Cybersecurity and Infrastructure Security Agency (CISA), has published alerts and guidance recommending heightened awareness and vigilance. In “International Pressure Raises Cybersecurity Threats,” Tamara D. Bruno and Brian E. Finch explore some of the practical steps companies can take toward cybersecurity precautions, compliance and insurance when heightened tension in the Middle East or other events increase the threat of cybersecurity incidents.