This new publication, Cyber Claims Insight from Aon Benfield’s Cyber Practice Group, empowers readers with the resources and tools they need to understand the cyber landscape, including legal trends, claims and insurance coverage disputes.
A summarized version of the 60 page Rule broken down by Kirk J. Nahra, a partner with Wiley Rein & Fielding LLP in Washington, D.C. He specializes in privacy and information security litigation and counseling for companies facing compliance obligations in these areas. He is the Chair of the firm’s Privacy Practice. He serves on the Board of Directors of the International Association of Privacy Professionals, and edits IAPP’s monthly newsletter, Privacy Officers Advisor. He is a Certified Information Privacy Professional, and is the Chair of the ABA Health Law Section’s Interest Group on eHealth, Privacy & Security.
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Shawn Tuma
Presentation addresses issues in cybersecurity law of the evolving standards for data breach liability for companies as well as officers and directors. The event was sponsored by Above Security and the title of the event was Above Compliance – Navigating the Cybersecurity Landscape in Financial Services.
This presentation covers the FACTA Identity Theft Red Flags Rule and other legislation in the compliance for business in preventing and reducing Identity Theft in the workplace.
A summarized version of the 60 page Rule broken down by Kirk J. Nahra, a partner with Wiley Rein & Fielding LLP in Washington, D.C. He specializes in privacy and information security litigation and counseling for companies facing compliance obligations in these areas. He is the Chair of the firm’s Privacy Practice. He serves on the Board of Directors of the International Association of Privacy Professionals, and edits IAPP’s monthly newsletter, Privacy Officers Advisor. He is a Certified Information Privacy Professional, and is the Chair of the ABA Health Law Section’s Interest Group on eHealth, Privacy & Security.
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Shawn Tuma
Presentation addresses issues in cybersecurity law of the evolving standards for data breach liability for companies as well as officers and directors. The event was sponsored by Above Security and the title of the event was Above Compliance – Navigating the Cybersecurity Landscape in Financial Services.
This presentation covers the FACTA Identity Theft Red Flags Rule and other legislation in the compliance for business in preventing and reducing Identity Theft in the workplace.
Information Compromise and the Risk of Identity Theft Guidance for your Business- Mark - Fullbright
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
The purpose of this paper is to review the topic of data breach from two perspectives: first, an overview of the trends in data breach litigation, and second, a more granular perspective of practical data protection processes that may serve as a guidepost to help reduce the risk of likelihood of data breach. Taken together the reader will understand why a measured approach to data protection can reduce the risk of financial liability from a data breach lawsuit.
Obamacare markets debut as early hurdles may slow signups - hCentive newsAlisha North
The three-year effort to open the Obamacare health-insurance exchanges culminates today, beset by logistical delays and a U.S. government shutdown borne of Republican opposition to the Affordable Care Act.
Business Liability Policy Requires Insurer to Defend Defamation and Business ...NationalUnderwriter
Business Liability Policy Requires Insurer to Defend Defamation and Business Tort Claims Arising Out of Business' Website Publications by Michael S. Levine and Patrick M. McDermott
The U.S. District Court for the Eastern District of Virginia has held that an insurer has a duty to defend claims arising out of Web site publications.[1] In that case, the court rejected an insurer’s attempt to disclaim coverage based upon an exclusion barring coverage for insureds whose business is advertising, broadcasting, publishing or telecasting, finding that posting news stories on a Web site was incidental to the insured’s business and therefore not excluded.
The Federal Trade Commission (FTC or Commission) is an independent U.S. law enforcement agency charged with protecting consumers and enhancing competition across broad sectors of the economy. The FTC’s primary legal authority comes from Section 5 of the Federal Trade Commission Act, which prohibits unfair or deceptive practices in the marketplace. The FTC also has authority to enforce a variety of sector specific laws, including the Truth in Lending Act, the CAN-SPAM Act, the Children’s Online Privacy Protection Act, the Equal Credit Opportunity Act, the Fair Credit Reporting Act, the Fair Debt Collection Practices Act, and the Telemarketing and Consumer Fraud and Abuse Prevention Act. This broad authority allows the Commission
to address a wide array of practices affecting consumers, including those that emerge with the development of new technologies and business models.
Information Compromise and the Risk of Identity Theft Guidance for your Business- Mark - Fullbright
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
The purpose of this paper is to review the topic of data breach from two perspectives: first, an overview of the trends in data breach litigation, and second, a more granular perspective of practical data protection processes that may serve as a guidepost to help reduce the risk of likelihood of data breach. Taken together the reader will understand why a measured approach to data protection can reduce the risk of financial liability from a data breach lawsuit.
Obamacare markets debut as early hurdles may slow signups - hCentive newsAlisha North
The three-year effort to open the Obamacare health-insurance exchanges culminates today, beset by logistical delays and a U.S. government shutdown borne of Republican opposition to the Affordable Care Act.
Business Liability Policy Requires Insurer to Defend Defamation and Business ...NationalUnderwriter
Business Liability Policy Requires Insurer to Defend Defamation and Business Tort Claims Arising Out of Business' Website Publications by Michael S. Levine and Patrick M. McDermott
The U.S. District Court for the Eastern District of Virginia has held that an insurer has a duty to defend claims arising out of Web site publications.[1] In that case, the court rejected an insurer’s attempt to disclaim coverage based upon an exclusion barring coverage for insureds whose business is advertising, broadcasting, publishing or telecasting, finding that posting news stories on a Web site was incidental to the insured’s business and therefore not excluded.
The Federal Trade Commission (FTC or Commission) is an independent U.S. law enforcement agency charged with protecting consumers and enhancing competition across broad sectors of the economy. The FTC’s primary legal authority comes from Section 5 of the Federal Trade Commission Act, which prohibits unfair or deceptive practices in the marketplace. The FTC also has authority to enforce a variety of sector specific laws, including the Truth in Lending Act, the CAN-SPAM Act, the Children’s Online Privacy Protection Act, the Equal Credit Opportunity Act, the Fair Credit Reporting Act, the Fair Debt Collection Practices Act, and the Telemarketing and Consumer Fraud and Abuse Prevention Act. This broad authority allows the Commission
to address a wide array of practices affecting consumers, including those that emerge with the development of new technologies and business models.
Cyber security legal and regulatory environment - Executive DiscussionJoe Nathans
What will you do when a breach occurs, and critical, confidential information has been publicly disclosed?
• FBI, Law Enforcement or Reporter Calls
• You become the Top News Story
• Investors need answers
• Regulatory Agencies are asking questions
• Your Customers, Suppliers, and Employees are affected, concerned, and need information
• The Breach becomes your only priority and you don’t know:
o What happened and what was disclosed?
o Who is responsible for resolution and who is on our team?
o What are our legal responsibilities?
o How will we manage the surge volume of communications, discovery and analysis?
o Who will pay?
The following presentation begins to address some of the legal and regulatory issues that are involved. The presentation is for discussion purposes only and should not be considered legal advice.
ACI’s lauded Cyber & Data Risk Insurance conference is the highest-level event that provides maximum opportunities to learn from and network with underwriters, brokers, claims managers and industry leaders, and helps you keep pace with the ever-changing cyber insurance market. It’s also the only conference that brings you regulatory and enforcement priorities straight from the federal and state government themselves.
Takeaways from 2019's Biggest Information Security IncidentsCBIZ, Inc.
Looking to the recent past helps us understand the current risks to information security. Examining the information targeted and how unauthorized users tried (or did) access an organization’s information can illuminate the cyber risks that may exist within your organization. This article looks at three of the most prominent information security incidents of 2019 and what businesses can learn from them to protect themselves moving forward.
Legal Issues Impacting Data Center Owners, Operators & Usersjyates
MMM’s goal is to work with data center owners, operators and users to identify key legal issues and their related claims, and to provide ways to minimize liability.
This presentation focuses to the rising prominence of insurance considerations—and more particularly—to legal aspects of insurance as it relates to cybersecurity and privacy.
The presentation defines "Cyber and Privacy Insurance” and organizes such insurance into four main types of cyber insurance coverage: data breach and privacy management coverage, multimedia liability coverage, extortion liability coverage, and network security liability coverage. With these definitions, the presentation then gives snapshot of how the Cyber Insurance Market Is Maturing, its participants, costs, and related attributes.
Consideration is given to the importance of defined terms, before launching into difficulties that providers and users have relative to measuring, modeling, and pricing cyber insurance risk. Particular attention is given to the language of “claims” and how to navigate through associated risk/cost analyses and cost structures.
Additionally, general considerations, pre-conditions, cost of compliance, business interruption, governing board oversight and related issues are brought together is a cohesive manner.
The class-action lawsuit filed against Heartland Payment Systems filed on behalf of credit card holders claiming their private, sensitive data was breached.
Rarely does a week go by without the announcement of another major data breach that has put thousands, or even millions of consumers at risk of fraud. From malicious use of compromised credit and debit cards, to increased identity theft risk to drained bank accounts, the threats are real and impact millions of consumers. . A key challenge for the incoming 114th Congress will be to implement long-needed reforms that will protect American consumers personal data from malicious use by criminal hackers.
Cyber risk related to information security is growing. A potentially huge exposure for transportation companies is the personal data of their current and prospective drivers.
A surety bond is a financial instrument through which an insurance company guarantees the successful performance of an Aon
client to a third party, known as a beneficiary or employer. It is a written agreement that provides compensation in the event
that specified obligations are not performed within a stated period.
With an ever-changing political scene and limited time left to conclude the negotiations for the United Kingdom’s (UK) exit from the European Union (EU), attention is now beginning to turn to the potential consequences of Brexit. This paper discusses the issues that insurers face and considers the interplay between insurers’ contractual obligation to continue to service policies (including paying claims) versus the practical impact that local regulation might have on their ability to do so.
IFRS Report - Important upcoming accounting changes Graeme Cross
The new IFRS 9 rules effective January 2018, and equivalent US GAAP standards (ASU 2016-13) effective in 2019, are aimed at
increasing the accuracy and transparency of how credit risk is represented on a company’s Balance Sheet and P&L. Both new
standards include requirements around the use of both historic as well as forward looking credit information in order to calculate
the provisions for credit losses (Expected Credit Losses).
Aon’s cyber capabilities can support organisations in embracing
a risk based approach. This facilitates the deployment of a
more effective cyber insurance strategy to help optimise the
total cost of risk associated with cyber exposures
Reducing an organisation’s property total cost of risk
(TCOR) is fundamental to its operational resiliency and
financial bottom line. Aon Property Laser is a unique
property and business interruption risk management
methodology that incorporates leading-edge diagnostic
and analytical tools to quantify risk exposure. By
identifying and analysing key property performance
indicators, Aon Property Laser helps organisations
to improve their risk profile, while also making the
insurance policy work more effectively should a loss
occur. Our property experts benchmark pre-loss and
post-loss risk management practices, activities and
results, to help assess and optimise an organisation’s
property risk profile.
Many businesses and governments have been reporting on environmental and climate data for over 15 years now, but the way they do is set to change. Following the UN’s Paris
Agreement to address climate risk by cutting greenhouse gas emissions, financial regulators are increasingly concerned about the systemic risks that climate change poses to the financial
system. After the 2008 financial crisis, regulators do not want any disorderly transitions in the market due to a misallocation of capital
Aon has developed a proprietary diagnostic tool to help risk leaders quickly assess their organization’s global supply chain exposures across a variety of key marketplace supply chain indicators.
In the complex and dynamic global risk environment, risk managers play an increasingly vital role in helping their organizations understand, prioritize and manage critical exposures affecting their operations and supply chains.
Today, along with catastrophic property risks, expanding cyber threats, terrorism, supplier insolvency, product integrity and reputational issues, businesses relying on global supply chains must navigate widening geopolitical challenges brought by rising nationalism.
As business leaders, planning, finance and operations executives strive to anticipate how these developments might affect their cross-border trade relationships, effective and forward-looking supply chain risk management is critical to sound decision-making. Aon’s Supply Chain Diagnostic helps clients flag supply chain vulnerabilities and improve resiliency.
Global supply chain management brochureGraeme Cross
Aon’s Approach to supply chain management recognizes the wide spectrum of risks that can negatively impact our clients’ business operations, some of which are common to all industries and others very specific to a particular segment. We bring efficiency to the process by triaging each client’s specific supply chain needs, and deploying a hand-picked team of specialists that can develop industry specific solutions ranging from risk identification and quantification to tailored risk financing programs and claim resolution strategies.
The Aon Global Client Network is the backbone of Aon Risk Solutions’ international network, connecting clients and colleagues with expertise, counsel and resources available in over 120 countries in which Aon Risk Solutions is represented. Aon’s network is the largest majority owned network, unsurpassed in geographic breadth and depth of talent.
On June 27, 2017, a widespread WannaCry ransomware variant referred to by a number of names, including GoldenEye, Petya, NotPetya, and ExPetr, began impacting computer systems around the world. Similar to the recent WannaCry ransomware attack, victims are being asked to pay a ransom of $300 in bitcoin.
Are you a risk or finance leader of an organization with exposures across multiple territories?
Take our Global Optimization Index survey. The 75 questions are
directly related to international risk management and will help you to measure your company’s risk management practices as compared to Aon’s best practice standards and find areas of focus to enhance the performance of your multinational risk management approach.
Aon’s continually growing directory of intellectual capital provides the latest insights into innovative ways of identifying, quantifying, and managing a wide range of current and emerging risks.
Aon’s guide to Political Risk, Terrorism & Political Violence
The Political Risk Map primarily focuses on economic and fiscal risks, specifically in emerging economies, while the Terrorism and Political Violence Map consider issues such as civil commotion and war and has a global focus.
While comparisons are possible across the two maps and certain countries will be affected by both sets of perils, these are two specific risks with accompanying sub-sets of perils that help to establish ratings for each country.
Together these maps are helping our clients to better understand the challenges facing them when operating in diverse, international geographies. We would welcome the opportunity to discuss these challenges in more detail with you and explain how Aon’s Crisis Management teams can help identify, manage and mitigate risks to help insulate your people, assets and operations wherever they are located in the world.
Environmental insurance market status Q1 2017Graeme Cross
This paper provides an update on the status of the marketplace for environmental insurance as of early 2017. It starts with a look at the environmental risks associated with a number of common industrial, commercial and institutional activities, and then considers various aspects of the marketplace, with a look at the insurance companies that sell environmental coverage, a review of who buys it and what is new in the market for this year.
Global Cyber Market Overview June 2017Graeme Cross
Highly publicized attacks on blue chip companies, announcements of alliances formed between insurers, reports of partnerships established with cyber security firms and hiring of renowned experts have all contributed to making cyber one of the hottest topics in the insurance industry. However, behind the hype of the media and the marketing battles fought by insurers and brokers to position themselves as leaders in the market, there is the reality of a genuine opportunity. In this paper, we explore how the cyber insurance market has evolved in recent year
Aon GDPR prepare and protect solution placematGraeme Cross
The EU’s General Data Protection
Regulation (GDPR) comes into effect on
the 25th of May 2018, enforcing strict
new measures for any organisation
globally handling the personal data
of EU individuals.
Organisations have steps to take to
comply with GDPR and meet the
ongoing data privacy rights of their
clients and employees.
Failure to comply may result in enforcement
action, including fines of up to €20 million
or 4% of your organisation’s annual
worldwide revenue, whichever is greater.
“The European Union data privacy landscape is about to undergo dramatic change, with lasting enterprise wide implications for the way that organisations handle, protect and use the personal data of EU individuals.
Organisations of all sizes, across all industries, and geographies that process personal data of EU residents need to take steps now to comply with the new EU General Data Protection Regulation by 2018, to satisfy management fiduciary duties
and avoid potentially costly penalties.”
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Monitoring Java Application Security with JDK Tools and JFR Events
Cyber Claims Insight
1. Aon Benfield
Cyber Practice Group
Cyber Claims Insight
This new publication, Cyber Claims Insight from Aon Benfield’s Cyber Practice Group,
empowers readers with the resources and tools they need to understand the cyber landscape,
including legal trends, claims and insurance coverage disputes.
Trends in 2016
The Panama Papers
In April 2016, news broke about the Panama
Papers, the largest leak of insider information in
history, involving 11.5 million documents leaked by a
Panamanian law firm to journalists. The documents
implicate politicians, criminals, and celebrities in
sheltering of fortunes in offshore tax havens through
the use of shell companies. More than 100 media
organizations spent a year reviewing leaked files of
data connecting offshore shell companies with
people in multiple countries exposing billions in
assets.
The scandal, and its insurance implications, is still
unfolding, including whether this was a leak or a
hack of the law firm’s email servers.
Data Breach Class Actions
The issue of standing has been a roadblock for data
breach class action lawsuits. On April 14, 2016, in
John Lewert, et al. v. P.F. Chang’s China Bistro,
Inc., the Court of Appeals for the 7
th
Circuit reversed
the District Court’s dismissal of the data breach
class action (based on the lack of standing to sue).
Standing under Article III of the US Constitution is
the ability of a party to bring a lawsuit in court based
upon their stake in the outcome. Citing their own
ruling in 2015 in Remijas v. Neiman Marcus
Group, LLC, the 7
th
Circuit concluded that plaintiffs
who had their credit and debit card data stolen met
the three elements required for standing: 1) Injury:
plaintiff(s) suffered or imminently will suffer injury, 2)
Causation: the injury must be reasonably connected
to the defendant’s conduct, and 3) Redressability: a
favorable court decision must be likely to redress the
injury.
The question remains whether this trend will afford
plaintiffs redress and reimbursement for actual or
potential data breach costs.
Ransomware Attacks
There has been a surge of ransomware attacks on
hospitals in the US with five incidents reported in
recent weeks. Thus far, only one of the five
hospitals, Hollywood Presbyterian (HPMC) in
California has admitted to paying a ransom to unlock
data, while the others resolved the matter by relying
on backup systems. HPMC paid the Bitcoin
equivalent of USD17,000 in February 2016 to regain
control of its mission-critical communications
systems from cyber hostage-takers. The 10-day
intrusion locked employees out of critical electronic
medical record systems in the 434-bed hospital.
HPMC's executives went public about the
ransomware attack to assure the public (and
regulators) that personal healthcare information
(PHI) had not been breached. If patient records had
been exposed, HPMC would have faced fines from
the Department of Health and Human Services for
violations of privacy regulations under HIPAA, as
well as possible patient lawsuits.
Most current breach notification rules would apply
only if PHI had been compromised. Otherwise
extortion payments may not be disclosed. Carriers
will likely be reviewing their insurance wordings in
light of this trend.
First Issue, April 25, 2016
Cyber Practice Group – Cyber Claims Insight – First Issue
2. Aon Benfield
Cyber Practice Group
Email Fraud
One of the hottest trends in cybercrime is spoofed
emails (aka whaling or business email compromise)
– ostensibly from an authorized corporate official –
instructing an employee to transfer funds out of the
company. According to the FBI, an estimated
USD750 million was stolen from more than 7,000
companies in the US between October 2013 and
August 2015. Typically, these schemes motivate
victims to do the dirty work of the fraudsters by
agreeing to wire funds via manipulated emails.
To counter these schemes, the FBI has urged
companies to use two-step or two-factor
authentication for email, where available, and/or
establish other communication channels to verify
significant transactions, particularly international
wires. Some legal experts take the view that lawsuits
seeking cyber insurance coverage for email fraud
losses will fail due to the voluntary approval of wire
transfers by employees as opposed to cases
involving hackers taking over accounts. Does the
fact that the scam occurs by means of email turn the
scam into a “cyber” loss?
One case pending in federal court in Texas
addresses that question. In Ameriforge Group Inc. v.
Federal Ins. Co., filed in January 2016 in Harris
County, Texas, the plaintiff alleges that its insurer
wrongfully denied coverage under a crime policy for
a spoofed email resulting in the unauthorized
transfer of USD480,000 to a bank in China. The
plaintiff seeks coverage under the “computer fraud
coverage” provision arguing that the email directing
the funds transfer was an “unauthorized introduction
of instructions, programmatic or otherwise, which
propagate themselves” through a computer system.
Federal (a division of Chubb) has denied coverage
arguing that this action did not constitute computer
fraud as defined in the policy, i.e., forgery of a
financial instrument.
Beyond ransomware attacks and email fraud, we are
seeing a trend in coverage disputes both under
traditional comprehensive general liability wording
as well as under cyber policies.
Cyber Coverage Disputes
In Travelers Property Casualty Co. of America v
Federal Recovery Services, Inc., a Utah federal
court found the insurer had no duty to defend its
policyholders in the underlying lawsuit due to the
lack of allegations of negligence (as required by the
policy wording). This was the first coverage decision
regarding a standalone cyber insurance policy, in
particular the “Network and Information Security
Liability and Technology Errors and Omissions
Liability” coverage parts of the cyber policy.
Click here to learn more on this case.
In Continental Casualty Co. v. Cottage Health
Systems, Columbia Casualty filed a declaratory
judgment action in federal court in California seeking
a declaration that it was not obligated to cover
Cottage Health, full reimbursement from Cottage
Health of data breach defense costs, and settlement
payments it paid on their behalf under the cyber
policy containing “Privacy Injury Claims” and
“Privacy Regulation Proceedings” coverage parts.
The challenge arose from the “Failure to Follow
Minimum Required Practices Exclusion” wherein
Columbia Casualty alleged that Cottage Health did
not adhere to certain basic security practices. The
case was dismissed based on the ADR clause in the
contract, so no case precedent has been set.
New Hotel Monteleon, LLC v. Certain Underwriters
at Lloyd’s, filed in December 2015 in Orleans Parish,
Louisiana, involves a coverage dispute as well as a
dispute with the placing broker. The insurer argues
that the USD200,000 sublimit provided by a
payment card industry (PCI) fines and penalties
endorsement applies to all claims arising from a
2014 cyberattack in which payment card numbers
were compromised. The insured argues that the full
policy limits of USD3 million should be available to
cover its losses, including fraud recovery,
operational reimbursement, and case management
fees. A trial is pending, and we will report the
decision.
Cyber Practice Group – Cyber Claims Insight – First Issue 2
3. Aon Benfield
Cyber Practice Group
In Certain Underwriters of Lloyd’s v. Wunderland
Group, LLC, filed in December 2015 in Circuit Court
in Cook County, Illinois, the plaintiff underwriters
seek a declaration of no coverage under a cyber,
privacy and media policy for a lawsuit alleging that
two employees misappropriated trade secrets when
they left a competitor to work for the insured. The
competitor’s suit alleged that the two former
employees violated their non-disclosure agreements
by using proprietary information relating to the IT
staffing market. The insured argues the suit should
be covered under a provision covering
“Misappropriation of Trade Secrets” and other
information arising from “Media Content” or “User-
Generated Content.” The DJ action is pending, and
we will report the decision.
A new case filed in April 2016 involves a traditional
CGL policy, specifically “publication” coverage. In
Travelers Indemnity Co. of America v. Portal
Healthcare Solutions LLC, the US Court of Appeals
for the Fourth Circuit, in an unpublished opinion,
affirmed the Virginia district court’s ruling on
publication under the GCL policy. The Fourth Circuit
ruled that “publication” occurs when information is
placed before the public, not when a member of the
public reads the information placed before it, thus
finding that Travelers has a duty to defend the
medical records company Portal against a data
breach class action (alleging that its failure to secure
a server caused records to be accessible to
unauthorized users). The appellate court found the
district court judge had correctly applied the eight
corners rule, comparing the complaint to the CGL
policy language, stating that insurers “must use
language clear enough to avoid…ambiguity” if there
are particular types of coverage that it does not want
to provide.” Carriers will be reviewing their CGL
policies, including exclusions recommended by the
Insurance Services Office (ISO).
Contacts
Bill Henriques
Senior Managing Director, Aon Benfield &
Aon Benfield’s Cyber Practice Group Leader
+1 973 966 3565
William.henriques@aonbenfield.com
Dawn Kristy, JD
Claims Specialist, Aon Benfield, Client Operations &
Aon Benfield’s Cyber Practice Group – Legal Trends
Expert
+1.312.381.5483
dawn.kristy@aonbenfield.com
About Aon Benfield
Aon Benfield, a division of Aon plc (NYSE: AON), is
the world’s leading reinsurance intermediary and
full-service capital advisor. We empower our clients
to better understand, manage and transfer risk
through innovative solutions and personalized
access to all forms of global reinsurance capital
across treaty, facultative and capital markets. As a
trusted advocate, we deliver local reach to the
world’s markets, an unparalleled investment in
innovative analytics, including catastrophe
management, actuarial and rating agency advisory.
Through our professionals’ expertise and
experience, we advise clients in making optimal
capital choices that will empower results and
improve operational effectiveness for their business.
With more than 80 offices in 50 countries, our
worldwide client base has access to the broadest
portfolio of integrated capital solutions and services.
To learn how Aon Benfield helps empower results,
please visit aonbenfield.com.
Cyber Practice Group – Cyber Claims Insight – First Issue 3