Skip to content

Cyber Liability

Cyber Liability Insurance and Tech Outage. Lessons from July 19 Outage

The recent July 9 global technology outage has prompted a reassessment of cyber policy wordings. This incident highlights the need for standardization in the cyber insurance industry and the importance of clear policy terms. Businesses and insurers must re-evaluate their cyber policies and understand their implications thoroughly. Ensure your company is adequately protected against similar tech outages by consulting with insurance experts and reviewing your current coverage.

How to Protect Your Business From Cyber Criminals

Cyber liability insurance is a type of insurance that protects businesses from financial losses that are caused by cyberattacks. Cyberattacks can take many forms, such as data breaches, ransomware attacks, and denial-of-service attacks. Data breaches can expose sensitive customer data, such as credit card numbers and Social Security numbers. Ransomware attacks can encrypt a business’s data and demand a ransom payment in order to decrypt it. Denial-of-service attacks can make it difficult or impossible for customers to access a business’s website or online services. Cyber liability insurance can help businesses to recover from the financial losses that are caused by… Read More »How to Protect Your Business From Cyber Criminals

Best Practices to Recognize & Avoid Cyber Threats

We regularly see the effects of cyber attacks on individuals and businesses, but we also see the value that preventive measures can have in blocking those attacks. That’s why we wanted to share some best practices to help you avoid falling victim to cyber fraud and to call your attention to a rising threat: the business email compromise. Business Email Compromise A business email compromise is when a cyber criminal impersonates a familiar business partner through email. The cyber criminal typically asks for a customer’s payment to be redirected to a new account, and, if the ploy works, the recipient… Read More »Best Practices to Recognize & Avoid Cyber Threats

Hacking of Pacemakers and Other Implanted Devices

On October 1, the Federal Drug Administration (FDA) issued a warning about the so-called URGENT/11 cybersecurity flaws that leave certain Wi-Fi-enabled medical devices vulnerable to being remote-controlled by hackers, such as cardiac pacemakers, implantable cardioverter defibrillators (ICDs) or insulin pumps.

The FDA indicated that devices potentially at risk are those utilizing IPnet, a decades-old software application that enables wireless networking. According to the statement, a successful cyberattack could allow a hacker to remotely change a device’s function, cause a denial of service, information leak or logic flaw that could lead the device to malfunction.

Although there have been no reports of such cyberattacks, the FDA pointed to a health risk for patients using one of the affected devices and advised healthcare providers to notify patients of potential risks and address the issue in conjunction with patients and device manufacturers.

Because device manufacturers have incorporated an array of configurations to IPnet and its components, the Department of Homeland Security (DHS) is unable to compile a list of affected devices. Therefore, the DHS has advised manufacturers to evaluate and report to the FDA what, if any, cybersecurity risks are posed by their devices.

“This illustrates a scale of digital risk that could not have been foreseen at the time these devices were manufactured,” said Neil Gurnhill, CEO, Node International, London, England. “Companies need to develop these products with security at the forefront of their minds. This is a potentially life or death situation that companies cannot afford to get wrong.”Read More »Hacking of Pacemakers and Other Implanted Devices

Is Your Website Compliant with ADA

In 1990, the Americans with Disabilities Act (ADA) was signed into law to give disabled people the same access to American life as those without disabilities.  The Act is intended to give equal access to all Americans to all public spaces.  The law was initially thought of as only applying to brick and mortar locations and couldn’t address access to the Internet since the Internet wasn’t fully commercialized until 1995.  However, in response to a landmark case in Florida (Gil v. Winn Dixie), the court declared that Title III requirements of the law apply if the website is ‘heavily integrated’… Read More »Is Your Website Compliant with ADA

Cyber Liability and D&O

One click is all it takes to order goods, exchange payment, and have the items shipped and delivered to a doorstep within hours.

But what happens when that one click is not used to facilitate commerce but rather used to intentionally or even accidentally disrupt a network? When one click releases a malicious code causing an assembly line to come to a screeching halt? When one click transfers millions of dollars to a fraudulent account? When one click by a rogue employee disseminates the contents of personal files to the public? In these instances, who is ultimately responsible?

In recent cases, fingers have pointed directly at the board of directors. Since 2013, several shareholder derivative suits have been filed following network security breaches. Defendants have included Home Depot, Horizon Blue Cross Blue Shield, Target, Wyndham, and Wendy’s. Technology is changing at a rapid pace, and it is clear that consumers and shareholders have high expectations for businesses and those who run them.

Allegations in these network security cases have included breach of fiduciary duty, negligence, breach of implied contract, and violation of various state and federal statutes. Interestingly, most of the aforementioned cases have been dismissed (or settled) – apart from Wendy’s, which is still in its early stages. These dismissals are showing that the plaintiffs are having difficulty: (1) proving corporate mismanagement as a direct cause of harm from a data breach, and (2) showing actual compensatory injuries as a direct result of the breach. Courts have been dismissing cases in which actual damages have not been proven.Read More »Cyber Liability and D&O

Cyber Deception Coverage

night-owl-man-working-on-computer-at-night-picjumbo-comThe Cyber Deception coverage extension provides coverage for the intentional misleading of the Applicant by means of a dishonest misrepresentation of a material fact contained or conveyed within an electronic or telephonic communication(s) and which is relied upon by the Applicant believing it to be genuine. This is commonly known as “spear-phishing”, CEO Fraud or “social engineering”, which is defined by Wikipedia as “psychological manipulation of people into performing actions or divulging confidential information.”  In recent years, hackers and cyber-thieves have been developing new techniques to infiltrate insureds’ bank accounts. Early phishing scams were fairly easy to spot: a request from a Nigerian prince or a link purported to take you to your bank’s customer service center were tell-tale signs of suspicious email traffic. It was recommended to never click on the link and delete the email immediately. In response to the masses becoming more aware of these red flags, thieves have countered with more sophisticated attacks.

[button size=”medium” align=”left” link=”https://www.paperless-insurance.com/line-of-business/cyber-liability-insurance-premium-indication/” linkTarget=”_self” bgColor=”rgba(193,12,12,1)” textColor=”rgba(255,255,255,1)” hoverBgColor=”rgba(255,255,255,1)” hoverTextColor=”rgba(193,12,12,1)” icon=”calculator” icon_color=”#000000″]Get Cyber Liability Insurance Quote[/button][clearboth]

Read More »Cyber Deception Coverage

Cyber Coverage for Bank Assessments: What Merchants Need to Know

Cyber Coverage for Bank Assessments What Merchants Need to KnowCoverage under a cyber liability insurance policy with respect to assessments levied on behalf of a financial institution or payment processing entity varies quite significantly throughout the marketplace. The nuances of the coverage differences will continue to grow as more and more companies begin to recognize the exposure inherent in electronic payment processing.

Monetary fines are levied by the card brands against merchants as a result of non-compliance with the payment card industry data security standards (PCI-DSS) which are set by the payment card industry security standards council (PCI SSC). A very important distinction lies within the definition of fines, costs or expenses as respects common cyber policy language. “Fines” are often merely reserved for costs levied directly against an insured for the breach of PCI standards set by the PCI SSC. The fines, which are punitive in nature, result from failing to comply with the standards. On the other hand, “assessments” are costs specifically associated with liabilities arising out of a Merchant Service Agreement (MSA). The card brands are looking to recoup expenses that resulted from a security breach by the merchant. Assessments can be costs resulting from a breach of the card brand rules, costs passed along to the merchant through the withholding of funds by a merchant bank, card reissuance expenses, fraud losses and a number of other liabilities arising out of obligations under an MSA.
Read More »Cyber Coverage for Bank Assessments: What Merchants Need to Know