It’s the stuff that dreams are made of. Humphrey Bogart delivers this memorable line at the end of The Maltese Falcon, summing up the allure of the shady characters’ search for the eponymous, elusive relic. Pro-policyholder case law can be equally elusive, especially when unsettled areas of insurance law, like coverage for cyber losses, are at issue.
Continue Reading

Various courts across the country have reached mixed decisions for insurance coverage disputes involving insureds who fell victims of social engineering crimes. The court’s ruling in Medidata Solutions Inc. v. Federal Insurance Company,1 finding coverage for the insured who was spoofed by e-mail fraudsters was previously discussed by my colleague, Verne Pedro. As Verne pointed out in his blog, the debate over whether and when victims of cyber-crimes are covered under computer fraud and similar policy provisions remains contentious and unsettled.
Continue Reading

Cyber-risks are not just about corporate data breaches anymore. I recently spoke to a public adjuster who said he was a victim of a ransomware attack. Ransomware is malicious software (malware) installed on a computer, smart phone, or other mobile device, without the owner’s consent. Once malware is installed, cybercriminals can monitor and control online activity, steal confidential information, interrupt service, commit fraud, or disable access to files and critical data until a ransom is paid to unlock the system.
Continue Reading

This is the first post in a three-part series about first-party coverage for losses of computer data.

Labor Day 2016 was a bad day for my client. That was the day her web host company hit the delete button, knocking her offline and completely wiping out her business website. Instead of celebrating a holiday weekend, she was dealing with a crisis.
Continue Reading

Part two of this series continues exploring cybersecurity regulations and breach notification requirements. [Read Part One here].

The first installment of this post mentioned some of the cyber security regulations in New York, which has been noted as leading the pack in this area.1 Part two follows up with a few additional regulations and calls to action that address cyber issues.
Continue Reading

In a win for third-party victims of a cyber security attack, the United States Court of Appeals, District of Columbia reversed a lower court’s decision dismissing a class-action suit against their health insurer for breach of contract, negligence, and violation of various state consumer-protection statutes, after their personal information was stolen during a data breach.1
Continue Reading

Restaurants are prime targets for hackers. Restaurants gather customer credit card information on a daily basis and are responsible for storing and protecting that information. All restaurant owners should have insurance policies that not only cover their physical property damage and business interruption in case of property damage, but data breaches as well. Data breaches, as explained in my earlier blog, are usually not considered “tangible property” and are therefore not covered under most basic property insurance policies.
Continue Reading

In the wake of the Equifax, Target, Yahoo, and even the SEC being hacked, many small businesses are wondering how can they protect themselves when major companies with much larger budgets and cybersecurity techs on staff can’t protect themselves. I recently went to a course where one of the speakers said: “There are two types of people, those who have been hacked and those that just don’t know it yet.”
Continue Reading