cyber liability covereage | hb emerging complex claims
TRANSCRIPT
1
Cyber Liability Coverage You Say Yes, I Say No
2
Emerging & Complex Insurance Claims ForumFebrua ry 25 -26 , 2016 | Los Ange les
3
Richard BortnickSenior Counsel
Traub Lieberman Straus & Shrewsberry LLP
Linda KornfeldPartner
Kasowitz Benson Torres & Friedman LLP
Jacqueline Waters UrbanManaging Director & Practice Leader
Aon Risk [email protected]
Scott GodesPartner
Barnes & Thornburg [email protected]
Laurie A. KamaikoPartner
Sedgwick [email protected]
Speakers
4
Where?
Who?
What?
Online Offline
AccidentalMalicious Internal External
Data“PII” or “PHI”
Network Systems
CorporateConfidential
Info
Content Liability
What Is “Cyber” Liabi l i ty?
5
Expe
nse/
Serv
ice
Sect
ions
Firs
t Par
ty S
ectio
ns
Liab
ility
Sec
tions
• Failure of Network
Security
• Failure to Protect/ Wrongful Disclosure of Information, including employee information
• Privacy or Security related regulator investigation
• All of the above when committed by an outsourcer
• Wrongful Collection of Information (some policies)
• Media content infringement/ defamatory content
•Network-related Business Interruption
•Extra Expense
•System Failure Business Interruption (some policies)
•Dependent Business Interruption (some policies)
•Intangible Asset damage
•Reputation Damage (some policies)
•Crisis Management
•Breach-related Legal Advice
•Call Center
•Credit Monitoring, Identity Monitoring,ID Theft Insurance
•Cyber Extortion Payments
Scope of Cyber Insurance Coverage
Insured’s Loss
Expenses Paid to Vendors
Defense Costs + Damages + Regulator Fines
6
1. Basic network breach that exposes personally identifiable information (“PII”) and payment card information.
2. A service provider that was responsible for some of the information above may have been negligent in its work related to the handling of that information. It has service agreements with the affected company.
Scenar i os
7
3. The breach is supposedly the result of a state-sponsored “hack.”
4. The affected company’s site goes down and business cannot be conducted.
5. The breach causes internal equipment to cease functioning and there may even be property damage.
Scenar i os
8
A Word about Social Engineering Sophisticated manipulation of people One of the greatest “cyber” threats
FBI warning – Business E-Mail Compromise (BEC) (Aug. 28, 2015)
“[A] growing financial fraud that is more sophisticated than any
similar scam the FBI has seen before and one – in its various
forms – that has resulted in actual and attempted losses of
more than a billion dollars worldwide.”
270% increase in identified BEC victims in 2015
9
A Word about Social Engineering Coverage under Crime Insurance/Financial Bonds
Apache Corp. v. Great American Insurance Co., 2015 WL 7709584 (S.D. Tex. Aug. 7, 2015)Company duped into transferring $2.4 million into a fraudulent account
Court holds that loss covered under “Computer Fraud” grant in crime policy
Universal American Corp. v. Nat’l Union Fire Ins., 25 N.Y.3d 675 (2015)“Computer System Fraud” coverage in financial institution bond only applies to “hacking,” not losses resulting from fraudulent content submitted to the computer system by authorized users
10
PredictionsWhat do you see as the next big advancement in coverage in this space?