Photo of Jennifer Bentley

Jennifer Bentley is a member of Farella Braun + Martel's insurance recovery group.

She is chair of the Bar Association of San Francisco's Barristers Insurance Practice Section.

Prior to her legal career, Jennifer worked in the field of commercial insurance on the broker side, where she managed a large book of business focused on the wine, construction, manufacturing, and agribusiness industries.

Contact: jbentley@fbm.com

Multi-factor authentication (MFA) is more than an annoying popup or text message when logging onto a company’s website or platform. Not only is using MFA a sound security practice and good business,[1] it is frequently becoming a prerequisite to procuring (and keeping) cyber liability coverage. Following the May 2021 Colonial Pipeline ransomware attack which shut down the country’s largest oil pipeline for several days, more cyber insurers are now requiring policyholders to implement MFA. Last month, one tech manufacturer learned this lesson the hard way when its insurer filed suit for rescission of its insurance policy and a declaration that the insurer owed no coverage for the company’s losses stemming from a ransomware attack. Travelers Property Casualty Co. of America v. International Control Services Inc., No. 22-cv-2145, complaint filed, 2022 WL 2532994 (C.D. Ill. July 6, 2022).
Continue Reading Using Multi-Factor Authentication as a Prerequisite to Cyber Liability Coverage

Corporate policyholders often assume their computer fraud crime insurance will cover so-called social engineering thefts. Reasonably so.  Fraudsters commit these crimes by using computers to trick innocent employees into transferring corporate funds to what they believe are legitimate bank accounts, only to discover later that the accounts are controlled by criminals who have stolen the money. Although most people would consider this to be computer fraud, crime insurers have resisted covering such thefts. And some courts have sided with the insurers. Until recently, insurers could point to the Ninth Circuit Court of Appeals as being one of those courts. On January 26, the Ninth Circuit finally set the record straight in Ernst and Haas Management Company, Inc. v. Hiscox, Inc., 23 F.4th 1195 (9th Cir. 2022), by repudiating a prior unpublished ruling and finding coverage for a social engineering theft under California law. This ruling gives policyholders a boost in their crime coverage claims for social engineering theft losses and removes a cudgel from the insurers’ hands.
Continue Reading Crime Insurance for Social Engineering Thefts: The Ninth Circuit Finally Joins the Party