In April 2022, Kentucky and Maryland enacted insurance data security legislation based on the National Association of Insurance Commissioners Insurance Data Security Model Law MDL-668.
Continue Reading Two States Enact Insurance Data Security Laws
Cyber Insurance
Federal Banking Regulators Request Comment on Proposed Guidance for Third-Party Risk Management
On July 13, 2021, federal bank regulators (the Board of Governors of the Federal Reserve System, the FDIC and the Office of the Comptroller of the Currency) requested public comment on proposed joint guidance regarding banking organizations’ management of risks related to relationships with third-party support and service providers. This blog entry provides highlights on the guidance.
Continue Reading Federal Banking Regulators Request Comment on Proposed Guidance for Third-Party Risk Management
New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process
The New York Department of Financial Services, which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. 2 (2021) regarding “Cyber Insurance Risk Framework”, calling on insurers to take more stringent measures in underwriting cyber risks. In the Guidelines, NYDFS cites the 2020 SolarWinds attack as an example of how managing growing cyber risk is “an urgent challenge for insurers.”…
Continue Reading New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process
Maryland Court Finds Coverage for Lost Data and Slow Computers After Ransomware Attack
As previously posted on our Hunton Insurance Recovery blog, a Maryland federal court awarded summary judgment to policyholder National Ink in National Ink and Stitch, LLC v. State Auto Property and Casualty Insurance Company, finding coverage for a cyber attack under a non-cyber insurance policy after the insured’s server and networked computer system were damaged as a result of a ransomware attack. …
Continue Reading Maryland Court Finds Coverage for Lost Data and Slow Computers After Ransomware Attack
New Hampshire Governor Signs Insurance Data Security Law
On August 2, 2019, New Hampshire Governor Chris Sununu signed into law SB 194, which requires insurers licensed in the state to put in place data security programs and report cybersecurity events. This blog entry provides highlights.
Continue Reading New Hampshire Governor Signs Insurance Data Security Law
Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina
New cybersecurity rules for insurance companies licensed in South Carolina are set to take effect in part on January 1, 2019. This blog entry provides details on the new law. …
Continue Reading Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina
Hunton Insurance Head Comments on Hotel Data Breach Coverage Dispute
As reported on the Insurance Recovery Blog, Hunton Andrews Kurth insurance practice head, Walter Andrews, recently commented to the Global Data Review regarding the infirmities underlying an Orlando, Florida federal district court’s ruling that an insurer does not have to defend its insured for damage caused by a third-party data breach.
Continue Reading Hunton Insurance Head Comments on Hotel Data Breach Coverage Dispute
Sixth Circuit Declines Reconsideration of American Tooling Center’s “Spoofing” Win
Recently, the Sixth Circuit rejected Travelers Casualty & Surety Company’s request for reconsideration of the court’s July 13, 2018, decision confirming that the insured’s transfer of more than $800,000 to a fraudster after receipt of spoofed emails was a “direct” loss that was “directly caused by” the use of a computer under the terms of…
Second Circuit Stands By Medidata “Spoofing” Decision
The Second Circuit has rejected Chubb subsidiary Federal Ins. Co.’s request for reconsideration of the court’s July 6, 2018, decision, confirming that the insurer must cover Medidata’s $4.8 million loss under its computer fraud insurance policy.
Continue Reading Second Circuit Stands By Medidata “Spoofing” Decision
U.S. Blames Russia for Cyber Attacks on Energy Infrastructure
On March 15, 2018, the Trump Administration took the unprecedented step of publicly blaming the Russian government for carrying out cyber attacks on American energy infrastructure.
Continue Reading U.S. Blames Russia for Cyber Attacks on Energy Infrastructure