When facing a crisis, such as product recall or a cyber attack, companies routinely engage third-party consultants. When doing so, there are potential privilege issues involved. Hunton Andrews Kurth insurance attorneys Syed Ahmad and Adriana A. Perez discuss these privilege issues in an article published by Westlaw. The full article is available here. In

Recent headlines underscore the security challenges faced by public-facing businesses. From physical threats to cyber attacks targeting a wide range of critical infrastructure, companies in diverse sectors, such as the financial, retail, entertainment, energy, transportation, real estate, communications and other areas, face a challenging landscape of risks and potential liabilities. Join us on October 28, 2019, at 12:00 p.m. EST, for a webinar to discuss these issues, including why companies should consider SAFETY Act protection and how to obtain it.

Continue Reading

In a recent Global Data Review article, Hunton Andrews Kurth insurance practice head Walter Andrews commented on the FBI’s guidelines on ransomware payments and the insurance industry’s aggressive marketing of ransomware policies, noting that policyholders now have a resource that can help cover the cost of such an attack. The full Global Data Review article

Energy industry: is your insurance sufficient to handle a major cyber event? Larry Bracken, Mike Levine, and I address this question and more in our recent article for Electric Light & Power, found here.  In the article, we identify three major gaps in cyber insurance that we routinely see when analyzing coverage for energy industry clients. The first major gap is coverage for bodily injury or property damage caused by a cyber event. Most cyber insurance policies exclude coverage for both bodily injury and property damage, even if caused by a cyber event. Meanwhile, many commercial general liability insurance policies now exclude cyber-related risks, thus creating a gap in coverage for these losses. The second gap we identify is coverage for fines and penalties, including those issued under the European Union’s General Data Protection Regulation (GDPR). Even where cyber insurance policies expressly purport to cover fines and penalties, it is unclear if these may be deemed uninsurable as a matter of public policy in certain jurisdictions. Finally, we identify a gap in coverage for business income losses when the insured’s network, or that of a vendor on which they rely, goes down. That coverage is a key component of a robust cyber program, but one that is typically only offered for an additional premium.

Continue Reading

In the August 2019 publication of Contract Management, Hunton insurance recovery lawyers Walter Andrews, Lorelie Masters, Michael Levine, and Latosha Ellis discuss how a robust insurance program can help government prime contractors mitigate potential financial risks associated with downstream data breaches or releases. In the article, the authors explain government prime

Equifax Inc. recently announced that it has agreed to pay up to $700 million to settle numerous government investigations and consumer claims arising out of a 2017 breach that exposed Social Security numbers, addresses and other personal data belonging to over 148 million individuals. Following the breach, Equifax faced investigations from the Federal Trade Commission, the Consumer Financial Protection Bureau, all 50 state attorneys general and consumers prosecuting nationwide multidistrict litigation. As part of the deal, Equifax will contribute approximately $300 million to compensate consumers, with the potential to increase to $425 million depending on the number of claims filed. Equifax also agreed to pay $175 million to state governments, plus another $100 million in civil penalties to the CFPB.
Continue Reading

Phishing has been around for decades.  But now, the long-lost ancestor claiming to be a foreign prince is stealing more than your grandmother’s savings.  Phishers are targeting corporations—small and big, private and public—stealing sensitive data and money.  When Policyholders take the bait, they had better have a tailored insurance policy to keep their insurers on the hook as well.

Continue Reading

The City of Baltimore is the latest victim of increasingly common ransomware attacks. On May 7, 2019, unidentified hackers infiltrated Baltimore’s computer system using a cyber-tool named EternalBlue, developed originally by the United States National Security Agency to identify vulnerabilities in computer systems. However, the NSA lost control of EternalBlue, and since 2017, cybercriminals have used it to infiltrate computer systems and demand payment in exchange for relinquishing control. For instance, in Baltimore, the hackers have frozen the City’s e-mail system and disrupted real estate transactions and utility billing systems, among many other things. The hackers reportedly demanded roughly $100,000 in Bitcoin to restore Baltimore’s system. The city has refused to pay.

Continue Reading

The Hunton Andrews Kurth insurance recovery team secured a victory for firm client, The Children’s Place (“TCP”), obtaining a ruling from a New Jersey federal court in The Children’s Place, Inc. v. Great Am. Ins. Co., 2019 WL 1857118 (D.N.J. Apr. 25, 2019), in which the court allowed TCP to seek insurance coverage for a “social engineering scheme” that defrauded the company of $967,714.29.

Continue Reading