One thing is for certain: cyberattacks have become the norm, not the exception. Not even the NSA is capable of completely warding off security breaches. Major banking and retail institutions, as well as the government, are not surprisingly the most likely targets because of the amount of sensitive and private data they control. Still, other companies outside these sectors must heed the warnings and not become the next cyber victim. Protecting against cyber vulnerability is not merely a domestic issue. Rather, multinational companies are prime targets, and are currently undergoing institutional changes to navigate the EU General Data Protection Regulation (GDPR) that goes into effect May 2018.
Cyber insurance continues to be one of the hottest topics in the insurance industry. In the last several years it has evolved from a little-known specialty product to a standard purchase for some corporate risk departments. By now, most companies generally are aware that cyber attacks present substantial risks. Many unfortunately have first-hand experience as victims of an attack. But many companies still do not necessarily view cyber insurance as a “must-have” type of insurance, like general liability or property insurance. Some companies may believe their potential cyber exposure is minimal or simply think that cyber coverage is cost prohibitive. A recent D.C. Circuit decision is a sobering reminder that cyber insurance should at least be considered in connection with a company’s risk management plan, and is probably a “must-have” for companies that maintain records containing a substantial amount of personal information.
On May 12, 2017, a massive ransomware cyber-attack infected over 100,000 computers in more than 150 countries. This malware, a Trojan virus known as “WannaCry,” encrypts files, and then threatens to destroy them, unless the victim pays a ransom. Colleagues Jamie Bobotek and Peri Mahaley opined about this recent attack and stress the necessity to take the time now to review and confirm your cyber-privacy insurance in a Pillsbury client alert.
Cyber sages tell us the question is not whether your business will suffer a data breach, but when. To prepare for the inevitable, businesses want to know what is the next threat on the horizon. In the past few months, experts have offered many views on the top cyber trends for 2017, and plenty of advice about security measures companies should take in light of these predictions. But if some loss is a given, businesses also want to know if there will be insurance to cover that loss. We look at some of the forecasts and try to answer that question.
In its Fourth Annual Data Breach Industry Forecast, Experian Data Breach Resolution, a vendor of data breach response and protection services with a track record of handling high-profile incidents, issued and identified five top data breach trends for 2017. We’ll address the first two of those trends in this post.
The vaults of the world’s financial capital are getting stronger locks. On March 1, 2017, new “first-in-the-nation” cybersecurity regulations of the New York Department of Financial Services (DFS) went into effect to protect consumers and the financial system from cyber attacks. While the regulations apply to covered finance and insurance companies, their influence is likely to be felt beyond the companies targeted initially. For this reason, it’s important that all companies with cybersecurity risks understand how the new DFS regulations work, and the insurance coverage issues they may raise.
In the client alert The “Panama Papers” and the Secret World of Shell Corporations, Insurance attorneys Joseph Jean, Alexander Hardiman and Matthew Putorti along with their colleagues Carolina Fornos, Mark Hellerer, Maria Galeno, William Sullivan, Nancy Fischer, Nora Burke and Danielle Vrabie discuss a leak of 11.5 million documents from a law firm in Panama that may implicate politicians, criminals and celebrities in sheltering of fortunes in offshore tax havens through the use of shell companies. In light of these events, financial institutions and other entities may need to consider whether they are implicated, how to assess the risks, how to minimize exposure, if any, and whether insurance coverage is available.