Is it illegal for an insurer to pay the ransom demanded in a cyber extortion or ransomware attack on its insured? According to the US Department of the Treasury’s Office of Foreign Assets Control’s (“OFAC”) October 1, 2020 advisory (“OFAC Advisory”), in certain situations, it may be.
Continue Reading While OFAC Cautions Cyber Insurers About Facilitating Ransomware Payments, Policyholders Should Ensure They’re Covered
Cyber Insurance
Hunton Insurance Partners Andrews and Levine Comment to Law360 and Business Insurance on Recent Ransomware Coverage Win for National Ink
By Hunton Andrews Kurth LLP on
A Maryland federal court recently awarded summary judgment to National Ink and Stitch, finding coverage for a cyber-attack under a non-cyber insurance policy after the insured’s server and networked computer system were damaged as a result of a ransomware attack. We discussed the significance of the decision in a January 27 blog post that can be found here.
Continue Reading Hunton Insurance Partners Andrews and Levine Comment to Law360 and Business Insurance on Recent Ransomware Coverage Win for National Ink
Maryland Court Finds Coverage For Lost Data And Slow Computers After Ransomware Attack
A Maryland federal court awarded summary judgment last week to policyholder National Ink in National Ink and Stitch, LLC v. State Auto Property And Casualty Insurance Company, finding coverage for a cyber-attack under a non-cyber insurance policy after the insured’s server and networked computer system were damaged as a result of a ransomware attack. This is significant because it demonstrates that insureds can obtain insurance coverage for cyber-attacks even if they do not have a specific cyber insurance policy.
Continue Reading Maryland Court Finds Coverage For Lost Data And Slow Computers After Ransomware Attack
In the Public Eye: Hunton Insurance Recovery Group Presentations in January 2020
By Hunton Andrews Kurth LLP on
Posted in Events
The members of Hunton’s Insurance Recovery group present regularly on today’s hot topic insurance coverage issues. Upcoming insurance presentations for January 2020 include:
- Latosha M. Ellis will be a panelist on an ABA Section of Litigation webinar on “The Vaping Injury Crisis: Products Liability & Insurance Coverage Issues for Nicotine and Cannabis Industries”
…
Hunton Insurance Lawyers Discuss Cyber Risks to the Energy Grid in Electric Light & Power
Posted in Cyber
Energy industry: is your insurance sufficient to handle a major cyber event? Larry Bracken, Mike Levine, and I address this question and more in our recent article for Electric Light & Power, found here. In the article, we identify three major gaps in cyber insurance that we routinely see when analyzing coverage for energy industry clients. The first major gap is coverage for bodily injury or property damage caused by a cyber event. Most cyber insurance policies exclude coverage for both bodily injury and property damage, even if caused by a cyber event. Meanwhile, many commercial general liability insurance policies now exclude cyber-related risks, thus creating a gap in coverage for these losses. The second gap we identify is coverage for fines and penalties, including those issued under the European Union’s General Data Protection Regulation (GDPR). Even where cyber insurance policies expressly purport to cover fines and penalties, it is unclear if these may be deemed uninsurable as a matter of public policy in certain jurisdictions. Finally, we identify a gap in coverage for business income losses when the insured’s network, or that of a vendor on which they rely, goes down. That coverage is a key component of a robust cyber program, but one that is typically only offered for an additional premium.
Continue Reading Hunton Insurance Lawyers Discuss Cyber Risks to the Energy Grid in Electric Light & Power
Equifax’s Hefty $700M Bill is a Powerful Reminder to Close Cyber & D&O Coverage Gaps
By Hunton Andrews Kurth LLP on
Equifax Inc. recently announced that it has agreed to pay up to $700 million to settle numerous government investigations and consumer claims arising out of a 2017 breach that exposed Social Security numbers, addresses and other personal data belonging to over 148 million individuals. Following the breach, Equifax faced investigations from the Federal Trade Commission, the Consumer Financial Protection Bureau, all 50 state attorneys general and consumers prosecuting nationwide multidistrict litigation. As part of the deal, Equifax will contribute approximately $300 million to compensate consumers, with the potential to increase to $425 million depending on the number of claims filed. Equifax also agreed to pay $175 million to state governments, plus another $100 million in civil penalties to the CFPB.
Continue Reading Equifax’s Hefty $700M Bill is a Powerful Reminder to Close Cyber & D&O Coverage Gaps
Will Insurers Declare “War”? The War Exclusion, the Ransomware Attack on Baltimore, and the NSA Cyber-Tool?
The City of Baltimore is the latest victim of increasingly common ransomware attacks. On May 7, 2019, unidentified hackers infiltrated Baltimore’s computer system using a cyber-tool named EternalBlue, developed originally by the United States National Security Agency to identify vulnerabilities in computer systems. However, the NSA lost control of EternalBlue, and since 2017, cybercriminals have used it to infiltrate computer systems and demand payment in exchange for relinquishing control. For instance, in Baltimore, the hackers have frozen the City’s e-mail system and disrupted real estate transactions and utility billing systems, among many other things. The hackers reportedly demanded roughly $100,000 in Bitcoin to restore Baltimore’s system. The city has refused to pay.
Continue Reading Will Insurers Declare “War”? The War Exclusion, the Ransomware Attack on Baltimore, and the NSA Cyber-Tool?
Hunton Insurance Partner Michael Levine Comments on Ohio’s Adoption of NAIC’s Insurance Data Security Model Law
By Latosha M. Ellis on
Posted in Cyber
Hunton Andrews Kurth insurance partner Michael Levine was recently interviewed by LegalTech News concerning Ohio’s recent adoption of the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. The law, modeled after the New York State Department of Financial Services Cybersecurity Requirements for Financial Service Companies Act, seeks to provide a framework for…
Insurance Carriers Tell Circuit Courts To Reconsider Holdings For Coverage In Cybercrime Suits
By Michael S. Levine on
In a recent post, we discussed the Sixth Circuit’s holding in American Tooling Center, Inc. v. Travelers Casualty and Surety Co. of America, No. 17-2014, 2018 WL 3404708 (6th Cir. July 13, 2018), where the Sixth Circuit reversed the district court’s summary judgment for the insurer, finding coverage under its policy for a fraudulent scheme that resulted in a $834,000.00 loss. The insurer, Travelers, has now asked the Court to reconsider its decision.
Continue Reading Insurance Carriers Tell Circuit Courts To Reconsider Holdings For Coverage In Cybercrime Suits
Second Major Policyholder Win For Social Engineering Schemes
By Michael S. Levine on
Posted in Crime Insurance, Cyber
The Sixth Circuit, in American Tooling Center, Inc. v. Travelers Casualty and Surety Co. of America, No. 17-2014, 2018 WL 3404708 (6th Cir. July 13, 2018), reversed the District Court’s grant of summary judgment in favor of the insurer in a dispute over coverage for a social engineering scheme. The policyholder, American Tooling, lost $800,000 after a fraudster’s email tricked an American Tooling employee into wiring that amount to the fraudster.
Continue Reading Second Major Policyholder Win For Social Engineering Schemes