Ping Service
Feedback Forms

Insurance Recovery for Loss or Liability Arising from Cyberattacks: Obtain and Preserve Insurance for Your Company’s Protection

The following article was written by my good friend, Scott Godes, a policyholder attorney with Dickstein Shapiro in Washington, D.C., and his colleague, Ken Trotter, and appeared on Scott’s personal site, Corporate Insurance Blog, after being published by Hospitality Upgrade magazine. Cyberinquirer neither ratifies nor necessarily agrees with the opinions stated below, which are Scott’s exclusively and not those of Cyberinquirer or Dickstein Shapiro.

Rick Bortnick

It is no secret that the hospitality industry continues to be vulnerable to data breaches and other cyberattacks. A report by Willis Group Holdings, a British insurance firm, states that the largest share of cyberattacks (38 percent) were aimed at hotels, resorts and tour companies. According to the report, insurance claims for data theft worldwide jumped 56 percent last year, with a bigger number of those attacks targeting the hospitality industry. Because businesses in the hospitality industry obtain and maintain confidential data from consumers–countless credit card records in particular–they will continue to be attractive targets for hackers and data thieves. Cybersecurity risks can cause a company to incur significant loss or liability. A data breach could result in the loss of important and sensitive customer information and, in some cyberevents, stolen company funds. Companies also may face liabilities to third parties under statutory and regulatory schemes, incurring costs to mitigate, remediate and comply with the liability under these statutes. Worse still, class action lawsuits have been filed around the country after data breaches, with plaintiffs alleging, among others, the loss of the value of their personal information, identity theft, invasion of privacy, negligence or contractual liability. Even when companies have had success in defeating class actions, they nonetheless incurred significant legal expenses when defending those lawsuits.

Read the rest of this entry »

Would Your Company’s Insurance Cover a Cyberattack?

The following article was written by my good friend, Scott Godes, a policyholder attorney with Dickstein Shapiro in Washington, D.C., and first appeared on his personal site, Corporate Insurance Blog. Cyberinquirer neither ratifies nor necessarily agrees with the opinions stated below, which are Scott’s exclusively and not those of Cyberinquirer or Dickstein Shapiro. Responsible comment will gladly be published (promptly…). Please feel free to forward them to me at your convenience.

Rick Bortnick

On October 27, 2011, CNN.com posted:

A massive cyberattack that led to a vulnerability in RSA’s SecurID tags earlier this year also victimized Google, Facebook, Microsoft and many other big-named companies, according to a new analysis released this week.

The Krebs On Security blog posted:

Security experts have said that RSA wasn’t the only corporation victimized in the attack, and that dozens of other multinational companies were infiltrated using many of the same tools and Internet infrastructure.

This is in line with comments from others, including this quote from Digital Forensic Investigator News, that “2011 has quickly become the year of the cyber attack.” Would your insurance policies cover those events? Beyond the denial of service attacks that made news headlines, a shocking “80 percent of respondents” in a survey of “200 IT security execs” “have faced large scale denial of service attacks,” according to a ZDNet story. These attacks and threats do not appear to be on a downward trend. They continue to be in the news after cyberattacks allegedly took place against “U.S. government Web sites – including those of the White House and the State Department –” over the July 4, 2009 holiday weekend. The alleged attacks were not only against government sites; they allegedly included, “according to a cyber-security specialist who has been tracking the incidents, . . . those run by the New York Stock Exchange, Nasdaq, The Washington Post, Amazon.com and MarketWatch.” Themore recent ZDNet survey shows that a quarter of respondents faced denial of service attacks on a weekly or even daily basis, with cyberextortion threats being made as well.

Read the rest of this entry »