In January we wrote about Rosen Millennium Inc.’s (“Millennium”) appeal to the Eleventh Circuit, whereby Millennium took the position that a Florida federal court ignored well established Florida insurance law when it ruled that St. Paul Fire & Marine Insurance Co. had no duty to defend it against a multimillion dollar claim arising out of a 2016 cybersecurity breach.

Continue Reading

Rosen Millennium Inc. (“Millennium”), the cyber security and IT support subsidiary of Rosen Hotels & Resorts, Inc., has appealed to the Eleventh Circuit contending that a Florida federal court ignored Florida insurance law when it ruled that Travelers Insurance Company has no duty to defend it against a multimillion dollar claim arising out of a cybersecurity breach.

Continue Reading

Hunton Andrews Kurth insurance practice head, Walter Andrews, recently commented to the Global Data Review regarding the infirmities underlying an Orlando, Florida federal district court’s ruling that an insurer does not have to defend its insured for damage caused by a third-party data breach.

Continue Reading


The Federal Financial Institutions Examination Council (“FFIEC”), a U.S. governmental body comprised of banking regulators, recently issued guidance to financial institutions directing them to consider implementing dedicated cyber insurance programs to offset financial losses resulting from cyber incidents. Financial institutions face a number of potentially crippling risks arising from cyber incidents, including financial, operational, legal, compliance, strategic, and reputational risks resulting from fraud, data loss, or disruption of service. While cyber insurance can mitigate these risks, it is not required by financial regulators, and thus many financial institutions may not have obtained such insurance specifically designed to cover their cyber risks.  Nonetheless, the FFIEC now is urging financial institutions to include dedicated cyber insurance as part of a multi-faceted cyber risk management strategy and not to rely solely on traditional insurance.  In addition, the FFIEC is recommending that financial institutions have their outside advisors review their potential cyber insurance coverage to ensure that it will cover the relevant risks.


Continue Reading

May 25, 2018 should be a day circled on many company calendars. On that day, the European Union’s long-awaited Global Data Protection Regulation (“GDPR”) will go into effect.  It is crucial for U.S. companies to prepare for the GDPR, as they, too, will be required to comply with a new set of data privacy rules if they are handling data from EU-based customers, suppliers, or affiliates. As long as you collect personal or behavioral data from someone in the EU, you must comply with the GDPR.

Continue Reading

Hunton & Williams insurance partner, Syed Ahmad, tells Law360 about trends in D&O liability insurance that are likely to grab headlines in 2017, including the impact of privacy and cyber breaches on corporate executives and the continued fallout from 2015’s “Yates Memo,” emphasizing an increase in government prosecution of individual corporate wrongdoers and incentivizing companies

Syed Ahmad, a partner in the Hunton & Williams LLP insurance recovery practice, was quoted in an article by Law360 concerning the Fourth Circuit’s April 11, 2016 decision in Travelers Indemnity Company v. Portal Healthcare Solutions, No. 14-1944. In the decision, a panel of the Fourth Circuit affirmed the decision of a Virginia district

On January 12, 2016, a federal court in Utah refused to dismiss a bad faith claim brought by Federal Recovery Services against Travelers Property Casualty Company of America, despite finding that there was no duty to defend FRS under Travelers’ “CyberFirst Policy.” Travelers Property Casualty Company of America et al. v. Federal Recovery Services et al., Case No. 2:14-cv-00170. FRS sought a defense and indemnity for a lawsuit filed against it by Global Fitness Holdings, LLC, a fitness center operator. Global Fitness had alleged that FRS intentionally misused the credit card and bank account information of Global Fitness’ customers, which consequently interfered with FRS’s business dealings.

Continue Reading