As cyber and privacy threats continue to evolve and relentlessly plague today’s organizations, the 2017 State of Cybersecurity Report by cybersecurity firm Forcepoint focuses much needed attention on factors that create people-based risks that can compromise even the most advanced and comprehensive cyber defense systems and privacy protocols. These insider risks are exacerbated by today’s mobile and remote workforce, which demands constant access to critical corporate data from a vast array of business and personal devices, and by an increased reliance of third party service providers and business associates.
Terrific post by my friend Verne Pedro about the emerging importance of cyber security regulatory enforcement and compliance.
Security fatigue is a real and growing problem. The new Identity Theft Resource Center (ITRC) survey provides some insights into the reasons why too many people have become complacent about cyber security.
Check out this new infographic from NetDiligence, summarizing the results of their 2017 cyber claims study:
Thanks to Amy Spencer at Blank Rome LLP for allowing me to republish her informative 2-part series here.
In Part I of this two-part series, I identified first-party and third-party insurance claims that could result from a cyber event or attack on the Smart Grid. In this part, I examine how insurance policy language governs resolution of these claims and how to minimize gaps in coverage.
Examine Your Insurance Policies
Traditionally, third-party losses are covered by a company’s commercial general liability (“CGL”) policy. To qualify for coverage under a CGL policy, the policyholder typically must be confronted with a claim for “bodily injury” to another person or “physical injury to tangible property” (collectively known as “Coverage A”), or with a claim for “personal and advertising injury” (injury arising out of certain enumerated offenses such as malicious prosecution or invasion of privacy) (“Coverage B”). Various disputes have arisen as to whether cyber-related losses fit within these coverages. For example, some courts have found cyber-related losses to constitute loss of use of tangible property under Coverage A. See, e.g., Eyeblaster, Inc. v. Federal Ins. Co., 613 F.3d 797 (8th Cir. 2010) (general liability insurance policy provided coverage to insured internet advertising business for lawsuit brought by third-party computer user, who alleged that his computer became inoperable after he visited insured’s website).