It is an all-too-common dilemma. As phishing schemes have become more prevalent and more sophisticated, businesses of all sizes have fallen victim to these attacks where a fraudster will use a spoofed email or other deceptive communication to trick an employee into transferring money into the fraudster’s control. While this is a difficult scenario for anyone to face, two decisions from federal circuit courts have offered policyholders some relief by finding coverage for these losses under policies insuring against Computer Fraud. In doing so, these opinions rejected insurers’ arguments that the theft accomplished through these fraudulent emails did not qualify as Computer Fraud or were not losses that were directly caused by Computer Fraud.
Continue Reading Are Losses Resulting from Phishing Incidents Covered by Crime Policies Insuring Against Computer Fraud?

In November, Tyler wrote about insurance issues raised by both the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act, which goes into effect on January 1, 2020. California’s governor Jerry Brown signed two other cyber-related laws in September, which will also go into effect on January 1, 2020 – Assembly Bill 1906 and Senate Bill 327, which address security concerns relating to devices that are capable of connecting to the internet – the so-called Internet of Things or “IoT”. See California Civil Code 1798.91.04(a) et seq.

The bills largely mirror each other and, put very simply, require manufacturers of devices that are capable of being connected to the internet to equip them with “reasonable” security features that are both appropriate to the device and require a user to generate a new means of authentication before access is granted to the device for the first time. Technologists are debating whether the laws are good or bad, and if good, whether they go far enough. Regardless, the law will become effective and manufacturers of IoT devices will have to comply with them. The law does not provide for a private right of action; it permits the state’s Attorney General to enforce its provisions.

The new California law applies to all connected devices sold or offered for sale in California. Because California is such a large market, this likely means that all such devices sold in North America and Europe will comply with California’s regulations, and older, less secure devices will be diverted to countries with fewer regulations.Continue Reading Are You Covered for California’s New IoT Laws?

Farella’s Insurance Recovery Group lawyers regularly collaborate with and learn from different players and functions within the insurance industry. To provide more value to our readers, we have reached out to a series of insurance brokers to create the Insurance Broker Series Q&A.

Our latest installment is with Daniel Law, Office President with The Liberty Company Insurance Brokers, Inc.  
Continue Reading Insurance Broker Series: Daniel Law, The Liberty Company Insurance Brokers, Inc.

Farella’s Insurance Recovery Group lawyers regularly collaborate with and learn from different players and functions within the insurance industry. To provide more value to our readers, we have reached out to a series of insurance brokers to create the Insurance Broker Series Q&A.

Our latest installment is with Michael Ferraro, Partner & Senior Vice President with Woodruff-Sawyer & Co. 
Continue Reading Insurance Broker Series: Michael Ferraro, Woodruff-Sawyer & Co.

Farella’s Insurance Recovery Group lawyers regularly collaborate with and learn from different players and functions within the insurance industry. To provide more value to our readers, we have reached out to a series of insurance brokers to create the Insurance Broker Series Q&A.

Our latest installment is with Clark Morton, Partner & Senior Vice President with Woodruff-Sawyer & Co. 
Continue Reading Insurance Broker Series: Clark Morton, Woodruff-Sawyer & Co.

Farella’s Insurance Recovery Group lawyers regularly collaborate with and learn from different players and functions within the insurance industry. To provide more value to our readers, we have reached out to a series of insurance brokers to create the Insurance Broker Series Q&A.

Our latest installment is with Manpreet Gill, Managing Director, Communications, Media & Technology Practice Leader, Western Region with Marsh
Continue Reading Insurance Broker Series: Manpreet Gill, Marsh

shutterstock_109214660-Cyber-Attack-BlogThe Internet of Things gives rise to many risks and exposures that companies and their insurers were not thinking about as recently as a couple years ago, and probably aren’t fully cognizant of today.

The DDoS attack late last week on internet infrastructure company Dyn should act as a wake-up call.  It shows how large

Blog-Image---DataSecurity

Policyholders should always consider the potential for coverage under their CGL policies if they suffer a data security breach. However, as the cases described in my article for Corporate Counsel, coverage is highly fact-dependent and subject to interpretation by the courts even in the absence of a data-related exclusion. The addition of such an

Law firms are important gatekeepers between cybercriminals and clients’ sensitive data. The release of the Panama Papers and several other recent high-profile breaches have brought to light vulnerabilities in law firm cyber security.

I recently participated in a podcast with journalist Ben Hammersley and eSentire’s VP and industry security strategist Mark Sangster. Our discussion focused