Hunton insurance attorneys, Walter Andrews, Andrea DeField, and Sima Kazmir, recently published an article in the Daily Business Review, discussing the scrutiny that companies face as a result of increased cyberattacks as well as tips for your next cyber insurance renewal.
Continue Reading Hunton Andrews Kurth Attorneys Weigh In On How To Minimize Cyberattack Risks With Insurance

A commentator recently summed up the risk of ransomware attack in 2022: “we’re all screwed.” True enough. But that’s all the more reason to prepare right now. After all, the only thing worse than a ransomware attack is not having adequate insurance coverage when it occurs. The time to prepare is now.
Continue Reading As Ransomware Proliferates, Insurance Can Help

An Ohio appellate court held last month that a cyberattack triggered coverage under a commercial property insurance policy in the case EMOI Services, LLC v. Owners Insurance Company, No. 29128, 2021 WL 5144828 (Ohio Ct. App. Nov. 5, 2021).  This is good news for policyholders in light of widespread cyberattacks over the last two years, and rising premiums in today’s cyber insurance markets. The decision also has wider implications, including in suits seeking coverage for losses caused by COVID-19 under property insurance policies.
Continue Reading Ohio Appellate Court Upholds Coverage for Cyberattacks Under Commercial Property Policies

On September 21, 2021 and October 15, 2021, the US Treasury Department’s Office of Foreign Assets Control (OFAC) issued reminders of the sanctions risks for facilitating ransom payments to designated malicious cyber actors.  As discussed in our prior blogpost on OFAC’s October 1, 2020 advisory, OFAC has made clear that it is increasingly willing to bring enforcement actions against entities, including cyber insurers, that facilitate payments to sanctioned threat actors on behalf of corporate victims.
Continue Reading Key Takeaways From OFAC’s Recent Guidance: Carefully Scrutinize Insurance Coverage And Respond To Cyber Incidents With The Assistance of Experienced Advisors

The Indiana Supreme Court recently reversed a trial court’s finding and an affirming intermediate appellate court opinion regarding the interpretation of a policy providing coverage for cyber-crime. In G&G Oil Co. of Indiana, Inc. v. Continental Western Insurance Co., the state high court rejected the lower courts’ narrow interpretation of coverage and impractical view on causation. A copy of the decision can be found here.

Continue Reading Indiana Supreme Court Decrypts Computer Crime Coverage

The adage goes, “the best defense is a good offense.” This appears to be the approach that New York insurance regulators are advocating in response to what they deem “systemic risk[s] that occur when a widespread cyber incident damages many insureds at the same time, potentially swamping insurers with massive losses.” On February 4, 2021, the New York Department of Financial Services (“DFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. 2 (2021) regarding “Cyber Insurance Risk Framework” (the “Guidelines”), calling on insurers to take more stringent measures in underwriting cyber risks. In the Guidelines, DFS cites the 2020 SolarWinds attack as an example of how managing growing cyber risk is “an urgent challenge for insurers.”

Continue Reading New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

It’s a cautionary tale of cyber fraud.  A title agent in a real estate transaction receives an email ostensibly from the mortgage lender providing instructions for transferring the loan proceeds into a settlement bank account.  After transferring the funds ($520,000), it becomes apparent that the transfer instructions came from an email address that was one letter off from the mortgage lender’s actual email address – it was a scam.  But it’s too late, the scammer has already withdrawn the funds from the settlement account and cannot be traced.

Continue Reading Engineering Coverage for Social Engineering Schemes in Light of New Jersey Federal Court Opinion Finding No Errors and Omissions Coverage for Email Scam

Is it illegal for an insurer to pay the ransom demanded in a cyber extortion or ransomware attack on its insured? According to the US Department of the Treasury’s Office of Foreign Assets Control’s (“OFAC”) October 1, 2020 advisory (“OFAC Advisory”), in certain situations, it may be.

Continue Reading While OFAC Cautions Cyber Insurers About Facilitating Ransomware Payments, Policyholders Should Ensure They’re Covered

Trading on New Zealand’s stock exchange was disrupted last week, following four straight days of repeated cyberattacks that resulted in outages affecting debt, equities, and derivatives markets.  The DDoS attack, which is said to have originated offshore, is allegedly part of a global extortion scheme that has also targeted companies like PayPal and Venmo.  With this type of cyberattack becoming only more common and sophisticated, it is vital for policyholders to focus on the host of available insurance coverage options to protect against and maximize their insurance recovery following losses from a cyberattack.

Continue Reading Continuous 4-Day Cyberattack on the New Zealand Exchange Highlights Importance of Insurance Coverage for Cyberattacks and of Having a Sound Strategy to Maximize Recovery

While COVID-19 occupies most of the world’s attention, cyber-criminals continue to hone their trade. Consequently, with attention diverted and business-as-usual changing daily, the recent rise in cyber-related attacks comes as no surprise. Analysts have found that companies with an increased number of employees working remotely as a result of the coronavirus pandemic have witnessed a spike in malicious cyber-attacks. For example, the United States Health and Human Services Department experienced two separate cyber-attacks since the onset of COVID-19, with the attacks aimed at sowing panic and overloading the HHS servers.[1] These attacks, however, are not limited to the United States, as they have been reported across the globe. For instance, hackers launched a cyber-attack on a hospital in the Czech Republic, stalling dozens of coronavirus test results, only days after the government declared a national emergency.[2]

Continue Reading COVID-19 Impacting Cyber Security; Attacks on the Rise