“It’s Not What You Think: The Surprising Diversity of Data Breach Causes”
Let’s play a word association game. What is the first word that comes to mind when I say the phrase, “data breach”? If you thought, “hacking,” you’re not the only one. But according to many...
View Article“Just Another Manic Cyber Monday”
If this post gets lost amid the too-good-to-be-true Cyber Monday deals and e-mail ambushes, it won’t be a complete surprise but would be something of a shame. Since arriving on the holiday shopping...
View Article“Beware the Terrorism Exclusion or Else…”
Commercial property and liability insurance policies typically contain exclusions for terrorist acts. Terrorism exclusions became industry standard following 9/11, the largest single insured loss...
View Article“Employees’ Intentional Misconduct Rising Cause of Data Breaches”
And your policy may or may not have you covered. If you want to know a little bit more (I know you do), follow this link to TheEmployerHandbook.com, where my colleague, Eric Meyer (aka “The Blog King,...
View Article“HIPAA Fines and the Physical-Digital Divide”
Health and Human Services’ (HHS) Office for Civil Rights recently issued a $239,000.00 HIPAA fine to Lincare, Inc. I don’t know if the fine will be covered by cyberinsurance. I don’t even know...
View Article“Show Me the Money – Seriously, Because We Can’t Find It”
ALERT: Companies have been receiving emails and other electronic instructions to make payments or transfer funds that – oops – are not truly authorized to be paid or transferred. This is fraud. But...
View Article“Cyber Extortion Coverage Is Good for Your Health (Records)”
Most of you are probably aware of the Hollywood Presbyterian Medical Center data breach. On February 5, 2016, hackers froze the hospital out of its electronic patient records. Reports have indicated...
View Article“Are You Down with B.E.C.?”
You probably are not. The FBI, however, is reporting that an increasing number of cybercriminals are running “business e-mail compromise” scams. A “B.E.C.” is when someone misuses social media or...
View Article“Travelers v. Portal Healthcare Solutions – NBD”
FYI, NBD is “internet slang” for “no big deal.” “Internet slang” is what my little brother uses in text messages. Anyway. Last week, the Fourth Circuit affirmed an Eastern District of Virginia ruling...
View Article“When Retro Isn’t Cool”
Those new, old-school Air Jordans are retro cool (and I have them). Those new cyberinsurance retroactive dates – eh. I blogged about retroactive dates here. Reminder: an insurance policy retroactive...
View Article“P.F. Chang’s On the Hook for Contractual Liabilities”
On May 31, 2016, the U.S. District Court for the District of Arizona held that P.F. Chang’s obligation to pay its credit card processor nearly $2M following a 2014 data breach was contractual, and...
View Article“After the After (First) Party”
Cyberinsurance policies typically provide first and third party coverage. First party coverage relates to an insured’s own expenses in investigating and remediating a data breach, and recovering the...
View Article“Don’t Let a Limitation of Liability Provision Jeopardize Cyber Coverage”
Here is how it is supposed to work. Something bad happens. You’re insurance company pays for it. Then, your carrier sues the bad guy who harmed you. That’s subrogation. In the data breach context,...
View Article“The Physical Damage Hot Potato”
First, I have to say that Paul Stockman at McGuireWoods has beaten me to the punch in his article, “Cyber Risk ‘IRL’.” So, read that. Stockman addresses a coverage issue I’ve noted in cyber policies...
View Article“What Pension Fund Fiduciaries Need to Know About Cyberinsurance”
This article was first published in the Fall 2016 issue of “The Bulletin,” a quarterly newsletter published by Kessler Topaz Meltzer & Check, a renowned law firm representing institutional...
View Article“Carriers and Brokers Filling the Coverage Gaps”
Stand-alone cyberinsurance is a critical component of enterprise risk management. But even companies with traditional and cyber coverage may, and usually do, have gaps in coverage created by what I’ve...
View Article“Unfortunately, This Will Get Physical”
There have been relatively few confirmed cyber attacks resulting in substantial physical harm to property (other than computer hardware) and people. The first known event involved the 2008-2010...
View Article“3 Tips for Public Pension Funds”
On Tuesday, I was privileged to be part of a panel discussing cyberinsurance for public pension funds at Kessler Topaz’s Evolving Fiduciary Obligations for Institutional Investors conference, joining...
View ArticleLiving Too Social in the Education Industry?
The 2018 Verizon Data Breach Investigations Report indicates that in the education industry (yes, it’s an industry), the most prevalent type of data breach is “social attacks.” What’s a social attack?...
View ArticleTo Be ExSPECted? Or not to be?
Like a brown-paper-bag-wrapped birthday present, the Fifth Circuit’s June 25th decision in Spec’s v. Hanover arrived in my in-box with a resounding ‘meh.’ You see, I get daily emails from Westlaw...
View Article
