Tag Archives: cyber-risk

Northwest Data Breach Laws Are Changing—Is Your Cyber Insurance Keeping Up?

Legal requirements for managing consumer data and handling data breaches are changing, so now is a good time to check your cyber insurance to make sure that it is keeping up. New Oregon Law + Proposed Washington Law + California CCPA = Increasing Business Risk. Oregon’s amended data breach notification law, effective January 1, 2020, creates breach … Continue Reading

Insurer Invokes “Act of War” Exclusion in Cyber Policy, Risking Growth for Coverage

The cyber-insurance world is discussing the ins-and-outs of litigation going on between food manufacturing giant Mondelez International and Zurich over coverage for the ten billion dollar NotPetya cyber attack that crippled several multi-national companies. Zurich has apparently invoked what is colloquially known as the “act of war” exclusion to deny coverage to Mondelez under a … Continue Reading

Considering Cyber-Insurance After “WannaCry”? Here Are Things to Consider

Many businesses that previously resisted the urging of their insurance broker or (ahem) legal counsel to buy cyber-insurance are now re-thinking that strategy in the wake of the “WannaCry” ransom-ware attack that has been in the news.  The damage in the U.S. was apparently minimized by quick-thinking security specialists in the UK, but the attack … Continue Reading

Guest Feature: Apartment Owners’ Liability for Loss of Renters’ Personal Data [VIDEO]

In case you missed this last week, our friends at HFO Investment Real Estate have published an excellent video (posted here with permission) featuring an extensive interview with Vice Presidents Heidi Tapasa and Ted Stark of USI Insurance Services on the subject of cyber liability for apartment owners and managers. You can view the full interview below. Click here … Continue Reading

The Other Shoe Just Dropped: Cyber Insurer Sues in Oregon to Avoid First Party Benefits for Malware Event

Those who follow the fast-moving growth of cyber-insurance as a product have been waiting for the other shoe to drop: coverage litigation, particularly about the many loopholes and limitations in first-party coverage for data breaches and similar events.  One such shoe has now dropped, in the form of a federal-court complaint filed in Oregon, by Travelers, … Continue Reading

Insurer Sues to Terminate Defense of Premera Cyber Breach

On December 8, 2015 an insurer for Premera Blue Cross sued to terminate its defense obligation (and any indemnity obligation) in a class-action lawsuit involving the theft of 11 million medical records.  We have previously reported on the massive Premera breach and the many class action lawsuits that followed the breach (now consolidated in Oregon), here.  The … Continue Reading

Confluence of “Cyber” Events Has Directors & Officers Concerned About Coverage

Three “cyber”-related events in the last month have made corporate directors and officers sit up and take notice when it comes to cyber breaches and cyber coverage. First, the Third Circuit’s decision in Federal Trade Commission v. Wyndham Worldwide Corp., holding that the FTC has authority to sue companies that have experienced a data breach, under federal consumer protection laws.  The … Continue Reading

Neiman Marcus Data Breach Decision Portends Greater Risk for NW Companies, Need for Cyber Coverage

Earlier this week the Seventh Circuit Court of Appeals, in Illinois, issued a momentous decision for those of us who keep tabs on data breach litigation nationwide.  The decision in Remijas v. Neiman Marcus reinstated class action claims by thousands of shoppers who had their credit card data stolen.  Reversing a trend in the case law driven by … Continue Reading

Lessons From CNA’s Suit to Avoid Covering a Hospital Cyber-Breach

A few weeks ago the insurance-coverage community experienced a watershed event: the first publicized lawsuit by an insurer for a declaration of “no coverage” under a cyber-insurance policy. The case is Columbia Casualty Company v. Cottage Health Systems, filed in the Central District of California, and the issue is the insured’s compliance with a pledge … Continue Reading

Premera Data-Breach Class Action Claims Illustrate Cyber Coverage Issues

The massive data breach at Washington health insurer Premera Blue Cross Blue Shield has spawned at last count fifteen class action lawsuits in Washington alone and at least one suit in Oregon federal court.  The suits allege that over 11 million records were exposed in the hack, including not just personally identifiable information but also health … Continue Reading

Cert Grant in FCRA Case Could Impact Cyber Coverage

News today that the Supreme Court has granted certiorari in Spokeo v. Robins, which tests whether Congress can confer “standing” by giving consumers a private right of action under a federal law, and entitlement to statutory damages, even if the consumer cannot prove any concrete damages.  The Court will review a decision by the Ninth … Continue Reading

Likely Changes to Oregon Data Breach Law Should Prompt Review of Cyber Coverage

This excellent post by my colleague Brian Sniffen in our firm’s IP Law Trends blog reports on the efforts by Oregon’s attorney to strengthen the state’s data breach notification laws.   The proposed amendments to the Oregon Consumer Identity Theft Protection Act (ORS 646A.602 et seq.) are part of Senate Bill 601, which is making … Continue Reading

Washington Policyholders, Check Your Cyber Policy as Data Breach Notification Law Moves Forward

Washington has moved a step closer to bringing its data-breach notification law in line with the laws of many states (including Oregon) that require notification in the majority of scenarios, closing what some viewed as loopholes in the law and mandating notification within 45 days, rather than the prior “as soon as possible” requirement.  (Oregon … Continue Reading

New York investigates insurance companies’ cyber security

I was very interested to read this morning that Governor Cuomo of New York will investigate insurance companies’ cyber security.  According to the article the focus of the investigation will be what safeguards insurers have in place to protect customers’ sensitive personal and financial information.  Hopefully this inquiry will take into account commercial-lines policyholders’ data as … Continue Reading