Speaker - Society of Risk Management Consultants

Anderson Kill Cyber Insurance & Risk Management Issues SRMC Montreal, Quebec Insurance Conference Oct. 27 29, 2016 Cyber Insurance Coverage: Issues & Risk Management Approaches Speaker Joshua Gold, Esq. 212-278-1886 [email protected]

2 1070159v2 2016 Anderson Kill P.C. All Rights Reserved. Insurance Coverage In Context An Array of Cyber Risks

Ashley Madison, Sony Pictures, German Steel Mill, NY Dam, Internet of Things Office of Personnel Management hack: biometric data of 22.1 million people Target: 40 million credit cards compromised; $291mm loss (and counting?) Ransomware crime wave; Bitcoins demanded Class action settlements in eight figures Class action litigation reinstated twice by 7th Circuit Home Depot settlement of class litigation $81 to 101 million SWIFT theft at Bangladesh Bank through NY Fed Dropbox compromised Yahoo email accounts: 500mm reported 3 1070159v2 2016 Anderson Kill P.C. All Rights Reserved. Potential Exposures

Business Interruption Regulatory Investigations Business Reputation/ Crisis Mgt. Information (own and of others) Cyber Extortion

Third Party Liability Exposures Network Itself 4 1070159v2 2016 Anderson Kill P.C. All Rights Reserved. Policies Possibly Covering Cyber Losses Take Policy Inventory NOW (Not Just After Incidents) Coverage For Cyber-related Claims May Be Asserted Under: GL, D&O, E&O, Crime, All Risk Property, Cyber Policies For Social Engineering, Hacking, Fraudulent

Wire Transfers, Malware, Hardware Damage Claims. 1st Party, 3rd Party, Hybrid Coverage Issues 5 1070159v2 2016 Anderson Kill P.C. All Rights Reserved. Cyber Risk Management Issues Being engaged and proactive minimizes threat and makes insurance recovery more likely Examine vendor contracts, including cloud services Map all business data Limit access to sensitive data inside and outside of the office Make sure senior management is involved in plans and processes to secure data. Educate, educate, educate, test.

6 1070159v2 2016 Anderson Kill P.C. All Rights Reserved. A Sample Cyber Insurance Template 7 1070159v2 2016 Anderson Kill P.C. All Rights Reserved. Top Tips For Nailing Down Cyber Insurance Coverage 1. Insurance applications: known risks 2.

Retro dates 3. Create a clear policy structure: Modules and key coverage grants 4. Gain symmetry among insurance policies (e.g., CGL and property insurance) 5. Establish endorsements for particular coverage needs when it comes to cloud storage and service providers and other relevant third-party vendors 6.

Company as Merchant exposure: PCI Issues and Brand fines and penalties 7. Beware of sub-limit issues 8. Beware of breach of contract exclusions (PCI coverage implications) 9. Beware of conditions respecting "reasonable cyber security measures 10. Business Interruption and Reputation Damage insurancemore relevant

8 1070159v2 2016 Anderson Kill P.C. All Rights Reserved. Various ways to intrude / hack / steal / disclose: 1. Company computers (direct attack) 2. Hosting platforms (infiltration) 3. Vendor credentials / access (spoofing) Coverage options are available typically for Company computer and hosting platform exposures, but coverage for vendor credential attacks is rarer and often sub-limited when offered in policies we have seen. 9

1070159v2 2016 Anderson Kill P.C. All Rights Reserved. Coverage for Data/Systems Damages Focus on defined terms in policies Particularly relevant for terms such as Data, Records and Personal Information Definitions of Computer Systems and similar terms: Do the definitions encompass devices such as tablets, laptops, thumb drives and other forms of portable storage? Do the definitions encompass off-line as well as online components? 10 1070159v2 2016 Anderson Kill P.C. All Rights Reserved. Coverage for EU Rules /Foreign Agency

Regulations Exposures? Some of the (better) cyber insurance policy forms promise coverage for regulatory and civil law enforcement actions, potentially including; Coverage for violation of EU rules on storage and transmission of foreign customers data Coverage for proceedings, inquiries, or investigations by foreign equivalents of FTC, DHHS, and other regulators 11 1070159v2 2016 Anderson Kill P.C. All Rights Reserved. Problematic Clauses (Time Sensitive, Etc.)

Fear of Reporting Claims? Timely Notice Comprehensive Proofs of Loss Suit Limitation Restrictions Arbitration Requirements Choice of Law (Assume the Worst) 12 1070159v2 2016 Anderson Kill P.C. All Rights Reserved. Coverage for More Than Mere Hacks Coverage, understandably, is focused on hacks, denial

of service attacks, malware, etc. But risk often is more than thatespecially considering the role human error often will play Is there coverage for inadvertent disclosure? loss of thumb drive with unencrypted data? Failure to protect data from online search engines? Is there coverage for violation of Companys own privacy or data handling policies? 13 1070159v2 2016 Anderson Kill P.C. All Rights Reserved. Social Media Insurance Issues New Avenues for Classic Risks Traditional Policies May Already Cover

CGL Professional Liability/E&O EPLI Cyber Policies May Provide Tailored Coverage Comprehensive Pursuit Bridges Potential Gaps 14 1070159v2 2016 Anderson Kill P.C. All Rights Reserved. Cyber Litigation Issues

Some cases emerging: PF Changs (Ariz. Federal court decision) CNA declaratory judgment lawsuit (Cal. Federal court) Hotel Monteleone (La. Court & arbitration: sublimits) Beware of Disclosure During Discovery: E.g., Sensitive Data, Customer Information, Network Security Blueprints 15 1070159v2 2016 Anderson Kill P.C. All Rights Reserved. Cyber Litigation Issues Continued

Not Much Precedent, But Stay Tuned Current Precedent Not Uniform: compare Sony I case vs. Portal Health 4th Circuit decision and Recall Total Provide Notice To All Potentially applicable policies We have secured coverage for policyholders under E&O, D&O, Crime, GL, business package policies, and property policies for cyber related losses and claims. 16 1070159v2 2016 Anderson Kill P.C. All Rights Reserved. Questions? Have a question that that did not get addressed during Presentation on Cyber Insurance Coverage? Give us a shout. Joshua Gold, Esq.

212-278-1886 [email protected] 17 1070159v2 2016 Anderson Kill P.C. All Rights Reserved. Disclaimer The views expressed by the participants in this program are not those of the participants employers, their clients, or any other organization. The opinions expressed do not constitute legal advice, or risk management advice. The views discussed are for educational purposes only, and provided only for use during this session. 18 1070159v2 2016 Anderson Kill P.C. All Rights Reserved.

Thank You Joshua Gold, Esq. 212-278-1886 [email protected] 19 1070159v2 2016 Anderson Kill P.C. All Rights Reserved. Attorney Bio Joshua Gold, Esq. As Chair of Anderson Kill's Cyber Insurance Recovery Group, Joshua Gold has represented numerous corporate and non-profit policyholders in a broad range of industries in insurance coverage disputes, obtaining recoveries for his clients well in excess of $1.5 billion. His practice involves matters ranging from data breaches to

international arbitration, D&O, business income/property and commercial crime claims, and marine insurance. He has been lead trial counsel in multi-party bench and jury trials, and has negotiated and crafted scores of settlement agreements including coverage-in-place agreements. In a cyber claim dispute of particular importance to businesses purchasing fidelity, crime and financial institution bond coverage, Josh won a multi-million dollar recovery in a landmark U.S. Court of Appeals, Sixth Circuit decision on behalf of a retailer that suffered a data breach as a result of a computer hacking scheme. 20 1070159v2 2016 Anderson Kill P.C. All Rights Reserved.

Recently Viewed Presentations

  • Astro 101 Test #4 Review When: Now available

    Astro 101 Test #4 Review When: Now available

    Astro 101 Test #4 Review When: Now available in two files Where: On the A101 homepage
  • PowerPoint Presentation

    PowerPoint Presentation

    Large seller base enables the buyers in procuring the material with competitive prices. www.NCDFIeMarket.com. Large seller base across the country. Buyers cross geographical barriers for procuring . products. Administrative cost reduction . No administrative and transaction fees for buyers.
  • Columbia High School

    Columbia High School

    SchoolNet Benchmark 1 Algebra I at Columbia is an area of focus. Proficiencies in Algebra I is significantly lower than the district average and lower than other high school proficiencies.
  • Peer Interaction Effectively, yet Infrequently, Enables ...

    Peer Interaction Effectively, yet Infrequently, Enables ...

    Peer Interaction Effectively, yet Infrequently, Enables Programmers to Discover New Tools. Emerson Murphy-Hill. North Carolina State University. Gail Murphy. University of British Columbia
  • Lecture 21b - Dialogue Notations and Design (contd.)

    Lecture 21b - Dialogue Notations and Design (contd.)

    Lecture 16 - Design Models 4 Forms Oriented Analysis Prof Jim Warren (NOT in textbook - see paper by Draheim and Weber) Form-Oriented Analysis Systems specification methodology tailored to submit/response-style interfaces Descriptive approach, artifact orientation Message-based user interaction System interface...
  • Mass Media and Public Opinion - University of Kentucky

    Mass Media and Public Opinion - University of Kentucky

    Problems with the Media Agenda setting - Blurs perceptions The media tells up what to think about by covering some issues, and ignoring others Bias Ideological bias Corporate bias Media not accessible to everyone Priming Framing Media Agenda Setting Agenda...
  • AP Psychology

    AP Psychology

    FRQ 2 Rubric. Piaget proposed cognitive stages . His stage of concrete operations takes place from ages seven to eleven. Children have developed the capacity to understand logical principles that apply to concrete external objects.
  • II Corinthians 4 and 5 King James Version and Working ...

    II Corinthians 4 and 5 King James Version and Working ...

    Our Treasure is the Christ in us, the hope of glory. Colossians 3:10. And have put on the new man, which is renewed in knowledge after the image of him that created him: II Corinthians 4:17 . For our light...