Trading on New Zealand’s stock exchange was disrupted last week, following four straight days of repeated cyberattacks that resulted in outages affecting debt, equities, and derivatives markets.  The DDoS attack, which is said to have originated offshore, is allegedly part of a global extortion scheme that has also targeted companies like PayPal and Venmo.  With this type of cyberattack becoming only more common and sophisticated, it is vital for policyholders to focus on the host of available insurance coverage options to protect against and maximize their insurance recovery following losses from a cyberattack.

Continue Reading Continuous 4-Day Cyberattack on the New Zealand Exchange Highlights Importance of Insurance Coverage for Cyberattacks and of Having a Sound Strategy to Maximize Recovery

While COVID-19 occupies most of the world’s attention, cyber-criminals continue to hone their trade. Consequently, with attention diverted and business-as-usual changing daily, the recent rise in cyber-related attacks comes as no surprise. Analysts have found that companies with an increased number of employees working remotely as a result of the coronavirus pandemic have witnessed a spike in malicious cyber-attacks. For example, the United States Health and Human Services Department experienced two separate cyber-attacks since the onset of COVID-19, with the attacks aimed at sowing panic and overloading the HHS servers.[1] These attacks, however, are not limited to the United States, as they have been reported across the globe. For instance, hackers launched a cyber-attack on a hospital in the Czech Republic, stalling dozens of coronavirus test results, only days after the government declared a national emergency.[2]

Continue Reading COVID-19 Impacting Cyber Security; Attacks on the Rise

Social engineering attacks, particularly fraudulent transfers, are becoming one of the most utilized cyber scams.  As a result, there has been a flurry of litigation, and a patchwork of decisions, concerning coverage disputes over social engineering losses.  Most recently, the United States District Court for the Eastern District of Virginia found in Midlothian Enterprises, Inc. v. Owners Insurance Company, that a so-called “voluntary parting” exclusion provision in a crime policy should exclude coverage for a fraudulent transfer social engineering scheme.  The decision illustrates why policyholders must vigilantly analyze their insurance policies to ensure that their coverages keep pace with what has proven to be a rapidly evolving risk landscape.

Continue Reading Voluntary Parting Exclusion Bars Coverage for Social Engineering Scheme

As reported on the January 31, 2020 posting to the Hunton Retail Law Resource Blog, the Florida legislature has introduced identical bills in the Florida House of Representatives (HB 963) and the Senate (SB 1670) (collectively the Act) that, if adopted, will require companies operating websites and other online services in the state to inform Florida consumers whether it is collecting personal information, and to provide an opportunity for the consumer to opt out of the sale of the personal information.

Continue Reading Florida Following in Other Jurisdiction’s Footsteps with Proposed Data Privacy Legislation

A Maryland federal court recently awarded summary judgment to National Ink and Stitch, finding coverage for a cyber-attack under a non-cyber insurance policy after the insured’s server and networked computer system were damaged as a result of a ransomware attack.  We discussed the significance of the decision in a January 27 blog post that can be found here.

Continue Reading Hunton Insurance Partners Andrews and Levine Comment to Law360 and Business Insurance on Recent Ransomware Coverage Win for National Ink

Ruling on cross motions for summary judgment, a federal court in New York held that AIG Specialty Insurance Company (AIG) must cover the settlement of an underlying action against its insured, SS&C Technologies Holdings, Inc. (SS&C), who was duped by e-mail scammers to issue millions in wire transfers.  The court rejected AIG’s assertion that the loss resulted from SS&C’s exercise of authority or discretionary control of client funds where SS&C only had limited administrative authority and further held that, even if SS&C had exercised the requisite authority, the exclusion was ambiguous.  A copy of the court’s decision can be found here.

Continue Reading New York Federal Court Says Social Engineering Scheme Covered Under Professional Liability Policy

As crypto-asset losses continue to rise, the industry is taking steps to protect clients and investors through insurance. Crypto-exchange and custody provider, Gemini Trust Company, LLC (“Gemini”), recently launched its own captive insurance provider, Nakamoto, Ltd. Captive insurance is an alternative to self-insurance whereby a company creates a licensed insurance company to provide coverage for itself. According to a statement from Gemini, Nakamoto is “the world’s first captive to insure crypto custody” and allows Gemini “to increase its insurance capacity beyond the coverage currently available in the commercial insurance market” for cryptocurrency wallets not connected to the internet, commonly referred to as “cold storage.” According to Gemini, this move makes Nakamoto the world’s most insured crypto-asset cold storage solution, which signals an expectation of increased demand in the crypto market.

Continue Reading Captive Insurance Offers Protection to Growing Crypto-Currency Industry

Innovation and developments in technology bring both opportunities and challenges for the retail industry, and Hunton Andrews Kurth has a sophisticated understanding of these issues and how they affect retailers. On January 23, 2020, our cross-disciplinary retail team, composed of over 200 lawyers, released our annual Retail Industry Year in Review. The 2019 edition,

A Maryland federal court awarded summary judgment last week to policyholder National Ink in National Ink and Stitch, LLC v. State Auto Property And Casualty Insurance Company, finding coverage for a cyber-attack under a non-cyber insurance policy after the insured’s server and networked computer system were damaged as a result of a ransomware attack.  This is significant because it demonstrates that insureds can obtain insurance coverage for cyber-attacks even if they do not have a specific cyber insurance policy.

Continue Reading Maryland Court Finds Coverage For Lost Data And Slow Computers After Ransomware Attack

Following a bench trial, the United States District Court for the Eastern District of Virginia found in The Cincinnati Insurance Co. v. The Norfolk Truck Center that a commercial truck dealer’s social engineering loss arose directly from a computer, thereby triggering the dealer’s computer fraud coverage, notwithstanding that the scheme involved numerous non-computer acts in the causal chain of events.  A copy of the decision may be found here.

Continue Reading EDVA Finds Computer Fraud Occurred “Directly” From a Computer Despite Numerous Non-Computer Acts in the Causal Chain of Events