The New York Department of Financial Services, which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. 2 (2021) regarding “Cyber Insurance Risk Framework”, calling on insurers to take more stringent measures in underwriting cyber risks. In the Guidelines, NYDFS cites the 2020 SolarWinds attack as an example of how managing growing cyber risk is “an urgent challenge for insurers.”
Continue Reading New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

On January 27, 2020, CISCO released its 2020 Data Privacy Benchmark Study entitled “From Privacy to Profit: Achieving Positive Returns on Privacy Investments.” More than 2,500 respondents took part in the study from across 13 countries.
Continue Reading CISCO 2020 Privacy Benchmark Study Measures Return on Investing in Privacy Accountability

As previously posted on our Hunton Insurance Recovery blog, a Maryland federal court awarded summary judgment to policyholder National Ink in National Ink and Stitch, LLC v. State Auto Property and Casualty Insurance Company, finding coverage for a cyber attack under a non-cyber insurance policy after the insured’s server and networked computer system were damaged as a result of a ransomware attack.
Continue Reading Maryland Court Finds Coverage for Lost Data and Slow Computers After Ransomware Attack

As reported on the Insurance Recovery Blog, Hunton Andrews Kurth insurance practice head, Walter Andrews, recently commented to the Global Data Review regarding the infirmities underlying an Orlando, Florida federal district court’s ruling that an insurer does not have to defend its insured for damage caused by a third-party data breach.
Continue Reading Hunton Insurance Head Comments on Hotel Data Breach Coverage Dispute

Recently, the Sixth Circuit rejected Travelers Casualty & Surety Company’s request for reconsideration of the court’s July 13, 2018, decision confirming that the insured’s transfer of more than $800,000 to a fraudster after receipt of spoofed emails was a “direct” loss that was “directly caused by” the use of a computer under the terms of

On January 23, 2018, the New York Attorney General announced that Aetna Inc. agreed to pay 1.15 million dollars and enhance its privacy practices following an investigation alleging it risked revealing the HIV status of 2,460 New York residents by mailing them information in transparent window envelopes.
Continue Reading Aetna Agrees to $1.15 Million Settlement with New York Attorney General

On August 9, 2017, Nationwide Mutual Insurance Co. agreed to a 5.5 million dollar settlement with attorneys general from 32 states in connection with a 2012 data breach that exposed the personal information of over 1.2 million individuals.
Continue Reading Nationwide Agrees to Pay $5.5 Million to Settle Multistate Data Breach Investigation

On August 1, 2017, a unanimous three-judge panel for the D.C. Circuit reversed the dismissal of a putative data breach class action against health insurer CareFirst, finding the risk of future injury was not too speculative to establish injury in fact under Article III.
Continue Reading D.C. Circuit’s Article III Standing Decision Deepens Appellate Disagreement

Recently, Syed Ahmad, a partner with Hunton & Williams LLP’s insurance practice, and Eileen Garczynski, partner at insurance brokerage Ames & Gough, co-authored an article, Protecting Company Assets with Cyber Liability Insurance, in Mealey’s Data Privacy Law Report. This blog post contains a link to the full article.
Continue Reading Hunton Discusses Critical Cyber Coverage Selection Issues