Archive

Posts Tagged ‘cyber liability’

Federal Court ruling on CGL covering a data breach

gavel2

On Monday a Federal appeals court in Virginia upheld a lower federal court ruling that held a Commercial General Liability (CGL) may in fact cover a data breach.  The legal battle involves the Personal Injury insuring agreement and the coverage under the Personal Injury coverage part is often ambiguous. 

In the underlying case, The Travelers Indemnity Company of America was required to provide a defense for its insured, Portal Healthcare Solutions, LLC, for an underlying data breach class action filed against Portal by customers whose private medical information was posted on the intranet. 

Read more…

Marital affair website demonstrates new dimensions of personal data risk

man_computerCyber risk for most organizations has a focus on the personal data of customers.  Primarily this means social security numbers, date of birth, address, credit card numbers and the like.  All of that is bad enough when lost in connection with a data breach, but companies must now also be aware of growing threats of cyber extortion schemes.

The recent announcement that Ashley Madison, the marital-affair-promoting website, has been hacked and subject to extortion takes these problems to a new level.  Disapproving hackers have told Ashley Madison to shut down the site or the extortionists will release customer data.  Reports say that despite Ashley Madison’s policy that private data can be scrubbed from the site for $19, the data is still available to hackers.  The motives of the hackers are still unclear, but what is unusual is that it is not a demand for money. Read more…

The New York Stock Exchange network crash — a false sense of (cyber) security?

stocksMost people were relieved when investigators determined that the recent electronic disruptions at the New York Stock Exchange and United Airlines were caused by internal glitches and not by hackers. The NYSE system crash, caused by a faulty software upgrade, and the United Airlines outage, caused by a faulty router, received great attention as pictures of (and tweets by) idle traders and travelers appeared seemingly everywhere.

Because they involved computers and networks, these outages were discussed by the media with the vocabulary normally used to describe “cyber” events. That’s not surprising, given the initial fear that the NYSE crash in particular was caused by hacking. Read more…

Social engineering fraud – are you prepared?

Social Engineering Fraud is not a new phenomenon.  Who hasn’t received an e-mail asking to voluntarily send personal information to another so we can receive some sort of a large reward?  Most are aware of it, perhaps not by that name.

It comes in the form of an email or a trusted site. Hackers have learned how to trick their targets into falling for their scheme by taking advantage of human nature. There are stages to the attacks that mimic abuse: information gathering, relationship development, exploitation and execution. This grooming of the victim can result in claims of up to 100,000 or more for just one attack. Read more…

Report cites criminal attacks as primary cause of healthcare data breaches

healthbreachIn the fifth annual Ponemon Institute privacy and security report, cyber attacks were listed as the top cause of healthcare breaches. Officials studied privacy and security trends for healthcare covered entities and their business associates. Over the course of the five years Ponemon has been publishing its annual breach report, criminal activity has grown 125 percent. Officials at the institute discovered 69 percent of healthcare organizations uncovered the breach via an audit or assessment. Forty four percent were discovered by an employee, while another 30 percent were found after a patient complained.

Ponemon stated, “Historically, the main cause of the data breach was the negligence or incompetence or system glitches within the organization, not necessarily criminal activity. This year, criminal activity was the number one cause.” Forty-five percent of respondents in the report claimed criminal attacks were directly responsible for Read more…

Insurance industry leads the way for cyber best practices

April 27, 2015 Leave a comment

computers_techIt was reported earlier this month in the Wall Street Journal that many Corporate Information Security Officers (CISOs) are turning to the insurance sector for assistance and guidance when it comes to understanding cyber security.

Normally late to the party, insurance carriers tend to thoroughly examine years and years of loss experience in order for actuaries to set the rates for new areas of risk. But it is not the case when it comes to the rapidly developing area of cyber threats. Instead it is the insurance sector that many are turning to for guidance on how to deal with the uncertainty of cyber security. Read more…

Cyberliability governance – early guidance for corporate directors

wyndham_lockWhen confidential personal or medical information is compromised or a computer network is breached, the event is typically described as a “failure” of data or network security. That is not an attractive characterization in realms where blame is assigned. Facing predicted increases in cyber-related shareholder lawsuits, corporate boards and their legal advisers have sought to determine what corporate directors and officers must do to avoid the personal liability that can result from shareholder claims. In an earlier blog post and white paper, I discussed the changing D&O risks associated with cybersecurity exposures. WGA’s Cyber Risk Hub also has an extensive section on cybersecurity corporate governance. Read more…