The SAFETY Act is a highly effective risk management tool created to incentivize the development of anti-terrorism technologies—broadly defined—the SAFETY Act created a program to provide protections to providers of products and services meant to prevent or mitigate physical and cyber-attacks.  Among other benefits, companies receiving SAFETY Act coverage for their technologies have their potentially liability associated with an act of terrorism capped at the amount of insurance coverage required by the U.S. Department of Homeland Security (“DHS”).  Companies seeking to reduce their exposure to liability associated with cyber or physical attacks should consider applying for designation or certification under the SAFETY Act.  DHS has also approved a wide variety of other technologies and security programs for protection under the SAFETY Act. Continue Reading SAFETY Act Series, Part 1: The SAFETY Act Is Powerful Protection Against Emerging Liabilities

Hunton Andrews Kurth’s 300-lawyer cross-disciplinary Retail Industry Team has released its annual 2023 Retail Industry Year in Review. The Review discusses retail industry issues that implicate multiple legal practice areas and highlights new and emerging risks retailers may encounter in the year ahead.

Significant issues from 2023, with insurance implications that will continue to evolve in 2024 and beyond, include copyright infringement claims for retailers engaged in social media and polyfluoroalkyl substances (PFAS) related liability claims and related putative class action lawsuits.

We discuss these risks in the 2023 Retail Industry Year in Review and on our insurance recovery blog, along with other risks that will continue to affect the retail industry in 2024.

Continue Reading Mitigation of Increased Risks to Retailers Through Insurance

While America was tuned into the big game, one California insurance broker faced its own treacherous showdown in the form of a putative class action filed on February 8, 2024 stemming from a data breach. With cyber incidents still on the rise, this is a story we know all too well: an unauthorized third party gains access to personally identifiable information, the company eventually detects the threat actor and leadership must decide how to respond. Once notifications to the public go out, the individuals impacted often file suit to recover for their alleged harm.
Continue Reading Data Breach Putative Class Action Questions Whether Broker Was Swift Enough in Notice and Response

Artificial intelligence (AI) is rapidly changing the way businesses operate, from the way we research and write, to the way data is processed, to the way inventory is measured and distributed, to the way employees are monitored and beyond. Soon, artificial intelligence might be providing life advice, saving hospital patients or accelerating the development of cities. It is already reshaping corporate America. Very few, if any, industries—including the insurance industry—are immune. As the consultancy McKinsey wrote in 2021, artificial intelligence “will have a seismic impact on all aspects of the insurance industry.” McKinsey’s prediction has proved prescient.

As AI continues to influence the insurance industry and the broader economy, new opportunities and risks abound for policyholders. It is therefore essential for policyholders to keep up-to-date about insurance law’s latest frontier. To help policyholders navigate this new frontier, Hunton Andrews Kurth LLP’s insurance recovery team is introducing a new resource: The Hunton Policyholder’s Guide to Artificial Intelligence.
Continue Reading Introducing The Hunton Policyholder’s Guide to Artificial Intelligence

Last week, we published a client alert discussing the importance of cyber and directors and officers liability insurance for companies and their executives to guard against cyber-related exposures.  In today’s ever-changing threat landscape, all organizations are at risk of damaging cyber incidents, and resulting investigations and lawsuits, underscoring the importance of utilizing all tools in a company’s risk mitigation toolkit, including insurance, to address these exposures. Continue Reading Reducing Risks from Cyber Incidents with Cyber and D&O Insurance

Hardly a day passes without hearing about another major cyber incident. Recent studies show that cybersecurity incidents are becoming more common, but they are also costly, with some reports estimating an average cost of $9.44 million for breaches in the US. In recognition of this mounting problem, government agencies continue to ramp up enforcement and issue new rules, regulations and other guidance aimed at curbing cyber risks. Last week, the SEC adopted final rules requiring registered entities to periodically disclose material cybersecurity incidents and annually disclose their cybersecurity risk management, strategy and governance plans. In announcing the new rules, the SEC specifically noted that “an ever-increasing share of economic activity is dependent on electronic systems.” According to SEC Chair Gary Gensler, “Whether a company loses a factory in a fire—or millions of files in a cybersecurity incident—it may be material to investors.” Continue Reading SEC Adopts New Rules Requiring Disclosure of Cyber Incidents

The Supreme Court of New Jersey recently agreed to hear ACE American Insurance Company’s appeal of an Appellate Division decision finding that a war exclusion in a property insurance policy did not preclude coverage for Merck & Co., Inc.’s claim stemming from a 2017 cyberattack. We previously reported about this case here.   Continue Reading Supreme Court of New Jersey to Hear Merck Cyberattack Case

The Superior Court of New Jersey Appellate Division recently upheld a lower court’s finding that the war exclusion in a property insurance policy did not preclude coverage for Merck’s claim stemming from a 2017 cyberattack. The decision is appropriately being heralded as a huge win for policyholders and an affirmance of New Jersey’s longstanding history of protecting policyholders’ reasonable expectations. We previously blogged about developments relating to the war exclusion and the Merck case when it was initially heard by the Appellate Division.
Continue Reading Merck Wins Again in Cyber Coverage Battle

For many, the “metaverse” sounds like some obscure sci-fi fantasyland. You may be asking, where is it? How does one get there? Chances are, if you are reading this article on a screen then you are already interacting with what could be described as the metaverse. One thing is certain though, if the metaverse is

Last week, the Ohio Supreme Court ruled in EMOI Services, L.L.C. v. Owners Ins. Co., 2022 WL 17905839 (Ohio, Dec. 27, 2022), that a policyholder did not suffer direct physical loss of or damage to computer media that was encrypted and rendered unusable. The Court reached its ruling even though “media” was defined in the policy to include “computer software,” concluding that software does not have a “physical existence.” The Supreme Court’s decision reverses an Ohio appellate court’s earlier ruling that the cyberattack triggered coverage under a commercial property insurance policy and builds upon plainly distinguishable rulings in COVID-19 business interruption cases, such as Santo’s Italian Café, L.L.C. v. Acuity Ins. Co., 15 F.4th 398, 402 (6th Cir. 2021), where the Sixth Circuit found that government orders issued in response to the COVID-19 pandemic did not physically alter insured property.
Continue Reading Ohio Supreme Court Launches COVID-19 Holdings into Cyberspace; Denies Coverage for Physical Loss or Damage to Computer Software