Cyber Liability

Best Practices to Recognize & Avoid Cyber Threats

We regularly see the effects of cyber attacks on individuals and businesses, but we also see the value that preventive measures can have in blocking those attacks. That’s why we wanted to share some best practices to help you avoid falling victim to cyber fraud and to call your attention to a rising threat: the business email compromise. Business Email… Read More »Best Practices to Recognize & Avoid Cyber Threats

Hacking of Pacemakers and Other Implanted Devices

On October 1, the Federal Drug Administration (FDA) issued a warning about the so-called URGENT/11 cybersecurity flaws that leave certain Wi-Fi-enabled medical devices vulnerable to being remote-controlled by hackers, such as cardiac pacemakers, implantable cardioverter defibrillators (ICDs) or insulin pumps.

The FDA indicated that devices potentially at risk are those utilizing IPnet, a decades-old software application that enables wireless networking. According to the statement, a successful cyberattack could allow a hacker to remotely change a device’s function, cause a denial of service, information leak or logic flaw that could lead the device to malfunction.

Although there have been no reports of such cyberattacks, the FDA pointed to a health risk for patients using one of the affected devices and advised healthcare providers to notify patients of potential risks and address the issue in conjunction with patients and device manufacturers.

Because device manufacturers have incorporated an array of configurations to IPnet and its components, the Department of Homeland Security (DHS) is unable to compile a list of affected devices. Therefore, the DHS has advised manufacturers to evaluate and report to the FDA what, if any, cybersecurity risks are posed by their devices.

“This illustrates a scale of digital risk that could not have been foreseen at the time these devices were manufactured,” said Neil Gurnhill, CEO, Node International, London, England. “Companies need to develop these products with security at the forefront of their minds. This is a potentially life or death situation that companies cannot afford to get wrong.”Read More »Hacking of Pacemakers and Other Implanted Devices

Cyber Liability and D&O

One click is all it takes to order goods, exchange payment, and have the items shipped and delivered to a doorstep within hours.

But what happens when that one click is not used to facilitate commerce but rather used to intentionally or even accidentally disrupt a network? When one click releases a malicious code causing an assembly line to come to a screeching halt? When one click transfers millions of dollars to a fraudulent account? When one click by a rogue employee disseminates the contents of personal files to the public? In these instances, who is ultimately responsible?

In recent cases, fingers have pointed directly at the board of directors. Since 2013, several shareholder derivative suits have been filed following network security breaches. Defendants have included Home Depot, Horizon Blue Cross Blue Shield, Target, Wyndham, and Wendy’s. Technology is changing at a rapid pace, and it is clear that consumers and shareholders have high expectations for businesses and those who run them.

Allegations in these network security cases have included breach of fiduciary duty, negligence, breach of implied contract, and violation of various state and federal statutes. Interestingly, most of the aforementioned cases have been dismissed (or settled) – apart from Wendy’s, which is still in its early stages. These dismissals are showing that the plaintiffs are having difficulty: (1) proving corporate mismanagement as a direct cause of harm from a data breach, and (2) showing actual compensatory injuries as a direct result of the breach. Courts have been dismissing cases in which actual damages have not been proven.Read More »Cyber Liability and D&O

Cyber Deception Coverage

night-owl-man-working-on-computer-at-night-picjumbo-comThe Cyber Deception coverage extension provides coverage for the intentional misleading of the Applicant by means of a dishonest misrepresentation of a material fact contained or conveyed within an electronic or telephonic communication(s) and which is relied upon by the Applicant believing it to be genuine. This is commonly known as “spear-phishing”, CEO Fraud or “social engineering”, which is defined by Wikipedia as “psychological manipulation of people into performing actions or divulging confidential information.”  In recent years, hackers and cyber-thieves have been developing new techniques to infiltrate insureds’ bank accounts. Early phishing scams were fairly easy to spot: a request from a Nigerian prince or a link purported to take you to your bank’s customer service center were tell-tale signs of suspicious email traffic. It was recommended to never click on the link and delete the email immediately. In response to the masses becoming more aware of these red flags, thieves have countered with more sophisticated attacks.

[button size=”medium” align=”left” link=”” linkTarget=”_self” bgColor=”rgba(193,12,12,1)” textColor=”rgba(255,255,255,1)” hoverBgColor=”rgba(255,255,255,1)” hoverTextColor=”rgba(193,12,12,1)” icon=”calculator” icon_color=”#000000″]Get Cyber Liability Insurance Quote[/button][clearboth]

Read More »Cyber Deception Coverage

Cyber Coverage for Bank Assessments: What Merchants Need to Know

Cyber Coverage for Bank Assessments What Merchants Need to KnowCoverage under a cyber liability insurance policy with respect to assessments levied on behalf of a financial institution or payment processing entity varies quite significantly throughout the marketplace. The nuances of the coverage differences will continue to grow as more and more companies begin to recognize the exposure inherent in electronic payment processing.

Monetary fines are levied by the card brands against merchants as a result of non-compliance with the payment card industry data security standards (PCI-DSS) which are set by the payment card industry security standards council (PCI SSC). A very important distinction lies within the definition of fines, costs or expenses as respects common cyber policy language. “Fines” are often merely reserved for costs levied directly against an insured for the breach of PCI standards set by the PCI SSC. The fines, which are punitive in nature, result from failing to comply with the standards. On the other hand, “assessments” are costs specifically associated with liabilities arising out of a Merchant Service Agreement (MSA). The card brands are looking to recoup expenses that resulted from a security breach by the merchant. Assessments can be costs resulting from a breach of the card brand rules, costs passed along to the merchant through the withholding of funds by a merchant bank, card reissuance expenses, fraud losses and a number of other liabilities arising out of obligations under an MSA.
Read More »Cyber Coverage for Bank Assessments: What Merchants Need to Know

Travelers’ Cyber Risk Pressure Test

Risk_ControlPut your data and network security to the test.

What if your business was the victim of one of the 41,000 known computer security incidents per day in the U.S.?* In addition to knowledge about cyber insurance coverage options, you’re likely to be looking d for helpful, cost-effective cyber risk management resources.

When it comes to cyber risk, there is a lot at stake: data, reputation and a company’s bottom line. And every business, no matter the size or industry, is at risk of becoming a victim of an accidental or malicious compromise. This brief interactive quiz, which is mobile enabled, is designed to assist you, the business owner, to quickly evaluate and identity pressure points in your cyber risk management strategy.

Managing cyber risk is not a one-and-done process. Over time, your business may grow and change. Your data may represent new categories of information. Your technology hardware and software may be updated or replaced. Your workforce — both the people who use your data and the team responsible for protecting it — may change. And as technology itself evolves, so do the risks associated with it. Complacency can leave your data, your customers, your bottom line and your reputation vulnerable. Failure to address the risk often results in lost revenue, potential liability and high recovery costs. Implementing, maintaining and enforcing procedural and technological controls to protect your critical data and systems are key to the success of your cyber security strategy.

Read More »Travelers’ Cyber Risk Pressure Test

Cyber Liability Insurance Coverage for Financial Institutions

A significant number of financial institutions have been victimized in recent months and years. Among those publicly acknowledging breaches were J.P. Morgan Chase, Bank of America, Citigroup, Sovereign Bank and Royal Bank of Scotland (RBS).  Numerous smaller institutions have also been targeted by hackers and phishers.

Recent Breaches at Financial Institutions

Total Bank (Miami, FL)
In July 2014, the bank notified 72,500 customers that their account information was potentially exposed after an unauthorized third party gained access to the bank’s computer network. Information obtained by this unauthorized third party included names, addresses, account numbers, account balances, Social Security numbers and driver’s license numbers.  The bank is offering 12 months free of credit monitoring services for those that were affected.Read More »Cyber Liability Insurance Coverage for Financial Institutions

Museums and Cultural Institutions: Unique exposures

Goudi Building Museum

Your priceless collections and exhibits are what pull visitors through your doors. But keeping those visitors safe – as well as your employees, volunteers, building and reputation – is what keeps those doors open. Travelers has years of experience working with museums and cultural institutions. We understand your industry. We can help you with your insurance needs – from protecting your fine art collections, to covering your property risks to providing general liability coverage to workers compensation.

Fine art expertise

We offer Museums and Cultural Institutions customized product and service offerings. Our Inland Marine division is a Fine Art market leader that provides flexible solutions for your unique needs:

  • Local underwriting presence with fine art expertise
  • Broad, worldwide coverage at current market value
  • Coverage for exhibitions, loans and items while in transit
  • High capacity for high-value collections
  • On-site risk control consultations to help enhance facility and collection management
  • Dedicated fine art claim team committed to proper claim handling for unique valuable objects
  • Access to our Special Investigations Group who focuses on theft prevention and recovery of stolen property
One company for property exposures

Read More »Museums and Cultural Institutions: Unique exposures

Is Your Child Increasing Your ID Theft Risk?

child safety, id protection, identity theft protection, online safetyWe’ve talked a lot about protecting your kids from identity theft. Have you ever considered the impact your kids might have on YOUR credit score? Children and teens use the internet a lot and if they aren’t careful they could potentially expose people in your house to identity theft. Teach your kids how to stay safe online. This important lesson won’t just protect them, but will protect your identity as well.

To keep your identity safe and teach your kids good online behavior, make sure they understand these essential internet safety rules:Read More »Is Your Child Increasing Your ID Theft Risk?