Cyber Liability

Subscribe to Cyber Liability
Paul A. Ferrillo

As I noted in a prior post, the recent state-sponsored cyber incident carried out through an attack on SolarWinds has a number of important implications. As noted in the following guest post from Paul Ferrillo, the incident could also have important implications for the cyber insurance marketplace. Paul is a partner in the McDermott, Will & Emery law firm. I would like to thank Paul for allowing me to publish this article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Paul’s article.
Continue Reading Guest Post: SolarWinds – Einstein Failed Us, and the Cyber Insurance Markets will Feel the Squeeze

Paul Ferrillo

In the following guest, Paul Ferrillo takes a look at the current deteriorating cyber insurance claims environment and offers his views on the likely impact of the claims developments on the market for cyber insurance in 2021. Paul is a partner in the McDermott, Will & Emery law firm. My thanks to Paul for allowing me to publish his article as a guest post on this site. I welcome guest posts from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Paul’s article.
Continue Reading Guest Post: Be Prepared: Costly Cyber Claims Could Lead to Higher Premiums in 2021

Bill Boeck

Ransomware attacks are on the increase, putting the target organizations in the uncomfortable position of having to decide whether or not to pay the demanded ransom. As if that were not tough enough, an October 1, 2020 advisory statement by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) warns that companies paying ransoms under these circumstances may risk violating OFAC regulations and could be subject to penalties. In the following guest post, Bill Boeck takes a look at the OFAC advisory and its implications.  Bill is Lockton’s Global Cyber Product and Claims leader and U.S. Financial Lines Claims Practice Leader. A version of this article previously was published as a Lockton client alert. I would like to thank Bill for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Bill’s article.
Continue Reading Guest Post: OFAC Warns Against Paying Cyber Ransoms to Sanctioned Entities

John Reed Stark

Along with all of the other anxieties about the upcoming Presidential election, there is the concern that someone, somewhere will use some type of cyberattack to interfere with the electoral process. If that were to happen, the immediate question will “Who did it?” In the following guest post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, underscores the difficulties associated with identifying the actors behind any cyberattack and cautions against jumping to conclusions about who might have been involved. A version of this article previously was published on Cybersecurity Docket. I would like to thank John for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
Continue Reading Guest Post: Attribution on Election Cyber-Attacks: Don’t Rush to Judgment

John Reed Stark

In the following guest post, John Reed Stark President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, takes a look at questions of confidentiality surrounding a discovery dispute between class action plaintiffs and a data breach victim company relating to forensic work conducted by Crowdstrike, Inc. in connection with a 2018 data security incident at Marriott International, Inc. As Stark notes, the issue of protecting the confidentiality of post-data breach forensic findings (when the forensic firm is typically engaged by counsel) has become of critical importance and has significant consequences. A version of this article previously was published on Cybersecurity Docket. I would like to thank John for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
Continue Reading Guest Post: More Battles Over Digital Forensic Findings

Stephen Reilly
Andrew Jones

Data breach class action lawsuits are already well-established in the United States, but are only developing elsewhere. In the following guest post, Stephen Reilly and Andrew Jones of Beale & Company Solicitors take a look at the possibilities and prospects for data breach class actions in the U.K. A version of this article previously was published as a Beale & Company client alert. I would like to thank Stephen and Andrew for allowing me to publish their article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Stephen and Andrew’s guest post.
Continue Reading Guest Post: Data Breach Class Actions in the UK — What Next?

Paul Ferrillo

In the following guest post, Paul Ferrillo provides a primer for the purchase of cybersecurity insurance. Paul is a partner in the McDermott, Will & Emery law firm. My thanks to Paul for allowing me to publish his article as a guest post on this site. I welcome guest posts from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Paul’s article.
Continue Reading Guest Post: The Basics and Essentials of Purchasing Cybersecurity Insurance

John Reed Stark

Is a company’s post-breach forensic report subject to discovery in subsequent breach related litigation? That is the question that John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, examines in the following guest post. A version of this article originally appeared on Securities Docket. I would like to thank John for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
Continue Reading Guest Post: Data Breach Forensic Reports: Keeping a Grail Document Confidential

Paul A. Ferrillo

In the following guest post, Paul A. Ferrillo takes a look at the recent findings that the SEC Office of Compliance, Inspections and Examinations issue with respect to its cybersecurity examinations of registered investment advisers and broker dealers. The findings, Paul suggests, provides good guidance from a number of perspectives with regard to cybersecurity governance issues. Paul is a partner with McDermott, Will & Emery. I would like to thank Paul for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Paul’s article.
Continue Reading Guest Post: Avoiding Event Driven Litigation through Good Cybersecurity Governance

One of the areas of significant concern in the global insurance underwriting community is the potential exposures insurers face from “silent cyber” – that is, the coverage of cybersecurity-related losses under traditional insurance policies that are not expressly designed to cover cyber losses. In a recent ruling in an insurance coverage dispute in which a small business sought insurance coverage for its losses following a ransomware attack, a Maryland federal court judge, applying Maryland law, held that the company’s business owner’s policy (BOP) covered the damages the company incurred.   The ruling highlights the potential coverage available for companies experiencing cyber-security losses under their traditional insurance policies. As discussed below, there are a number of interesting features to this ruling.
Continue Reading Court Holds Business Owner’s Policy Covers Ransomware Caused Losses