The Ins and Outs of Cyber Extortion Insurance Coverage

James S. Carter

Carter, James S.According to FBI data, cyber-criminals are on pace this year to collect approximately $1 billion through cyber extortion. This is a practice in which extortionists threaten to cripple a computer system or obtain and/or release confidential information unless their demands (usually for money) are satisfied. Although much of this money is coerced from individuals in increments of several hundred dollars, more and more organizations are finding themselves in cyber extortionists’ crosshairs, including documented incidents against local governments, schools, hospitals and businesses in a range of industries. As cyber extortionists increasingly target organizations rather than individuals, security professionals fear the costs of cyber extortion incidents could dramatically increase. Continue reading “The Ins and Outs of Cyber Extortion Insurance Coverage”

Insurance Liability, Risks, and Options in Augmented Reality: Catch ‘Em All

Kevin Doherty, Kevin Bruno and James S. Carter

Kevin R. Doherty Kevin J. Bruno Carter, James S.The rising Pokémon Go sensation has dramatically increased the popularity of augmented reality games, but it has also brought with it increased risks and liabilities for both game users and developers alike. For those who don’t know, Pokémon Go is a mobile app that, although released just last month, has already been downloaded over 75 million times, generated more than $75 million in revenue, and boasts daily usage statistics that have exceeded Snapchat, Twitter, Instagram, and Facebook. It’s a location-based augmented reality game that allows users to partake in virtual scavenger hunts. Using the user’s GPS and mobile camera, players are encouraged to explore their surroundings, seek out animated characters in real world places, and “catch ‘em all.” The characters are overlaid on the player’s screen and displayed as if they exist in reality. Unfortunately, distracted players on the hunt can end up wandering (or driving) into places they shouldn’t be, and becoming injured or injuring others as a result.

The number of Pokémon Go calamities increases daily, with incidents ranging from the mundane to the absurd and dangerous. In the few short weeks since its debut, users have experienced or caused numerous personal injuries, property damage, and car accidents. Some users have become stuck in trees and locked in cemeteries, while more serious incidents involve users straying onto train tracks, falling off cliffs, or entering restricted nuclear power facilities—all while on the hunt for Pokémon characters. Still others in pursuit of Pokémon have trespassed on private property, and some users have even been robbed after being targeted and led to specific locations using the app. Continue reading “Insurance Liability, Risks, and Options in Augmented Reality: Catch ‘Em All”

Does Your Company’s Cyber Risk Insurance Cover Cyber-Related Bodily Injury and Property Damage?

James S. Carter

Carter, James S.A recent article in the Wall Street Journal highlights a widespread cybersecurity threat that it reports has generally gone unrecognized: the vulnerability to cyberattacks of the underlying control systems that power and cool data-center networks.[1] These same types of systems, which include generators, thermostats, and air conditioners, are also found in commercial buildings and factories.[2]

The article reports that a cyberattack involving controloverheated_shutterstock_162410045 systems has the potential to take down an entire operation.[3] It could also endanger human life.[4] While these risks are not new, the article notes that security personnel at many companies do not realize that such systems may be connected to the computer system or the internet, and thus exposed to a cyberattack.[5] In fact, the article reports, such systems often lack basic security protocols, such as user names or passwords.[6] Continue reading “Does Your Company’s Cyber Risk Insurance Cover Cyber-Related Bodily Injury and Property Damage?”

PAX Dev: Insurance 101 for Video Game Developers and Publishers

Erin L. Webb

On August 28, 2014, I presented with insurance broker Sara Owens of GNW Evergreen, a division of HUB International, at PAX Dev in Seattle, Washington. PAX Dev is a conference devoted to the video game developer community and the topic of game making. Conference tracks focused on programming, design, business, art, music and more.

During our session, which was part of the business track, we talked about basic insurance concepts relevant to developers and publishers in the video game industry, including how to buy insurance and what to do in the event of a loss. Continue reading “PAX Dev: Insurance 101 for Video Game Developers and Publishers”

Target Data Breach Part 2: The Additional Insured

Erin L. Webb

More information has come to light about the data breach affecting Target, and it highlights the importance of “additional insured” coverage, as well as the need for companies to recognize that sophisticated cyberattacks can affect any company, not just those in the computer or technology industries.  Blogger Brian Krebs reports that the theft of credentials from a heating and cooling (HVAC) company may be linked to the Target breach.

How could it happen?  No details have yet been publicly confirmed, but it is possible that the HVAC company had access to Target’s network so that it could remotely monitor heating and cooling efficiency at multiple Target locations.  If Target’s electronic systems were linked – if one was accessible via another – a path for a hacker from HVAC information to credit card processing may have been possible. Continue reading “Target Data Breach Part 2: The Additional Insured”

Target Data Breach Highlights Importance of Insuring Cyber Risks

Erin L. Webb

While cyber risks are sometimes thought of as “online” or Internet risks, a massive information theft recently occurred at Target’s brick-and-mortar stores when customers swiped cards and entered PINs while making in-store purchases. On December 19, 2013, Target disclosed that it was the victim of a serious data breach from at least November 27 to December 15 of 2013. More than 40 million debit and credit card numbers were stolen. Hackers stole customer names, card numbers, card expiration dates, the embedded codes on the magnetic strips on the backs of cards, and in some cases PINs for debit cards used at Target.

The card information has reportedly already begun to flood the black market, selling for between $20 and $100 per card. Target has stated that it will offer free credit monitoring services to affected customers. Continue reading “Target Data Breach Highlights Importance of Insuring Cyber Risks”

Seeking Insurance Coverage for a Product Disparagement Claim

James S. Carter

Carter, James S.The “advertising injury” coverage in commercial liability insurance policies typically extends to lawsuits alleging product disparagement. But is there coverage if your company’s advertisement does not specifically mention a competitor’s product by name? A recent judicial decision suggests that the answer is yes.

JAR Laboratories LLC v. Great American E&S Insurance Co., 2013 U.S. Dist. LEXIS 67516 (N.D. Ill. May 10, 2013), addressed whether an insurance company had a duty to defend its policyholder, the manufacpublished by Shutterstock licenseturer of an over-the-counter pain relief patch, against a lawsuit brought by a distributor of a prescription pain relief patch. The issue turned on whether the allegations in the distributor’s complaint fell within the scope of the policy’s coverage for “personal and advertising injuries” resulting from the publication of material that “disparages a person’s or organization’s goods, products, or services.” Id. at *12 (quotation marks omitted). Continue reading “Seeking Insurance Coverage for a Product Disparagement Claim”