In its third quarter report, insurer Beazley reported a nine-fold increase in social engineering attacks (i.e., deception-based fraud/crime) as compared to the same time last year. So far, the majority of social engineering attacks in 2017 were focused on the professional services sector (18%), followed by financial institutions (9%), higher education (9%) and healthcare (3%). The report also notes continued high rates of unintended disclosure via employee negligence across all sectors (29%), second only to affirmative hacking or malware attacks (34%).
Last week Bloomberg Law launched an online “cyber insurance suite” authored by Hunton attorneys, Walter J. Andrews, Sergio F. Oehninger, and Patrick M. McDermott. The online suite, available here and to Bloomberg subscribers, covers all aspects of cyber insurance, including identifying the major cyber risks and liabilities, applying for and obtaining cyber insurance coverage, and submitting claims under cyber coverages. It also contains an overview of case law evaluating coverage for cyber liabilities under traditional insurance policies and under cyber specific insurance policies. Hunton will regularly update the suite as the risks, coverages, and law continues to develop.
A California state court recently rejected an excess insurer’s attempt at an early exit from litigation over whether it owes coverage for cyber liabilities. In that case (previously summarized here), the policyholder, Cottage Health, suffered a data breach resulting in the disclosure of patients’ private medical information. Subject to a reservation of rights, Cottage Health’s primary insurer, Columbia Casualty, paid millions of dollars to help respond to the data breach and to defend and settle a class action lawsuit filed against Cottage Health. Cottage Health’s excess insurer was Lloyd’s.