On Thursday, November 3rd, Holborn, together with Seiger Gfeller Laurie LLP, hosted a discussion on Cyber Liability. Moderated by Holborn’s Mark Reynolds (General Counsel), the talk focused on exposures to insurance companies as well as recent judgements. Vince Vitkowsky (Partner, Seiger Gfeller Laurie LLP) and Bob Laurie (Partner, Seiger Gfeller Laurie LLP) led the discussion.
Highlights of the topics discussed:
Exposure of Insured Small to Medium Companies
Despite large scale news coverage on data breaches at Home Depot and Target, small to medium-sized enterprises are ideal targets due to a lower level of sophistication. A 2015 survey by Nationwide Insurance revealed that 63% of small business respondents were victims of at least one cyberattack. Going further, FireEye, a cyber security company, estimates that 77% of cyber crimes in 2016 targeted this small to medium business segment.
- Ransomware – An attack that results in a victim’s data being encrypted and only released once a ransom is paid – typically in Bitcoin. Criminals found that frequency of attacks and small payments have resulted in the best return ($300 – $500); though some reach as high as the tens of thousands of dollars. The FBI believes 4,000 cases of ransomware occur each day in 2016, four times the rate of 2015.
- Fraudulent Funds Transfer and Social Engineering – Losses from these schemes have not been covered by cyber insurance policies. The loss occurs when the perpetrator enters a system and fraudulently transfers funds. In reaction, some cyber-specific insurers are now offering coverage.
- CGL – Courts have split on the coverage decision, with both the Property & Liability sections being tested in litigation. More recent CGL policies eliminate coverage for property; and via a liability exclusion introduced by ISO in May 2014; but there could be a lag in integration of such wording. As such, coverage decisions continue to evolve.
- Cyber or Data Breach Endorsements – Typically offer limited coverage and low sub-limits.
- ISO Cyber Endorsements for BOP – Three tiers of coverage:
- First party coverage for security breach expense, PR expense, and replacement or restoration of electronic data;
- Security breach liability;
- Coverage for extortion threats, business income and extra expense, and web publishing liability
- NAIC’s Property and Casualty Insurance Committee introduced an Annual Statement Supplement “Cybersecurity and Identify Theft Coverage Statement” in 2015. It requires companies to provide cyber insurance either on a standalone basis or as an endorsement. As of June 30, 2016, 500 insurers provided businesses and individuals with cyber insurance, largely as an endorsement.
- Standalone Cyber Insurance Policies – It is estimated there are 50 – 70 insurers offering coverage but very little standardization among them.
Holborn would like to thank Seiger Gfeller Laurie for their expertise and time. Should you like more detailed information on a wide range of cyber related topics, please reach out to your Holborn contact or email: HolbornEvents@holborn.com.
White Papers from Seiger Gfeller Laurie LLP Available:
Insurance Coverage for Cyber Deception and Social Engineering
Cybersecurity and the Board of Directors
Cyber and Privacy Coverage Litigation January through June 2016
Cyber and Privacy Coverage Litigation 2015
War, Terrorism and Hacktivism Under Cyber Insurance Policies
Media Liability Insurance
The Internet of Things: A New Era of Cyber Liability and Insurance (2015)
Remarks on the Internet of Things 2016: A New Era of Cyber Liability and Insurance
The Cyber Threat Matrix To Energy and Utility Companies
Industrial Cyber Attacks Generate Wide Range of Coverage Concerns
About the Speakers
Mark Reynolds serves as Senior Vice President and General Counsel of Holborn, and heads its Contracts Department. He joined the firm in 2013 with 30 years of experience in claims, contracts and legal and regulatory issues as they relate to the insurance and reinsurance industries. Prior to joining Holborn, Mark worked for Axis Reinsurance as its Vice President and Counsel.
Vince Vitkowsky is a partner at Seiger Gfeller Laurie LLP, resident in New York. He represents insurers and reinsurers in litigation, counselling and product development in many lines of business, including cyber, E&O, D&O and CGL insurance. Vince represents cyber insurers on coverage issues, and reviews and drafts cyber policy language, and monitors the rapidly evolving cyber threat matrix. He created a Cybersecurity Podcast and Symposium Series featuring leading cyber experts, consultants, present and former government officials, and journalists. He is a former Adjunct Fellow at the Center for Law and Counterterrorism.
Bob Laurie is one of the founding partners in Seiger Gfeller Laurie LLP. He is a litigator with a broad-based practice, which includes representing insurers in disputes concerning coverage determinations, bad faith and extra-contractual claims, and reinsurance. Bob is the regional bad faith counsel for a major national insurer. He successfully argued to the Connecticut Supreme Court one of the leading cases involving a claim for coverage for a data-loss event under a CGL policy, Total Recall v. Federal. Bob has tried many cases to verdict in various state and federal courts. He also advises cyber and other insurers on the construction and wording of insurance and reinsurance agreements.
Seiger Gfeller Laurie LLP is an insurance and litigation boutique with offices in West Hartford, Connecticut, New York City, and Princeton, New Jersey. Its attorneys are admitted and regularly appear in courts throughout New England and the mid-Atlantic states. More information is available at www.sgllawgroup.com.