For insurance company Chief Risk Officers, evolving and increasing cybersecurity risks will be hard to ignore in 2017. In addition to fending off cyber-attacks like every enterprise must, insurance companies also will face new legal and regulatory cyber challenges by way of a groundbreaking regulation from New York’s Department of Financial Services and possibly a Model Law from the National Association of Insurance Commissioners. Meanwhile, insurers are writing more cyber coverage, triggering concerns about cyber events simultaneously affecting multiple insureds across the insurer’s portfolio, leading to massive aggregated losses. While addressing these “noisy” cyber risks will not be an easy task from a risk management perspective, a more subtle and potentially more dangerous cyber risk – a “silent” cyber risk — likely will prove to be even more challenging for today’s CROs. [Read more…]
This is an unprecedented time for insurers. As margins associated with conventional lines of coverage continue to tighten, pressure is increasing to offer new forms of coverage to respond to the emerging cyber threats facing insureds in today’s digital economy. At the same time, insurers are compelled to make certain that those risks are effectively excluded from coverage under many other “traditional” policy forms.
New York State’s Department of Financial Services (DFS) has just released its revised first-in-nation proposed cybersecurity regulation. In formulating the revised proposal, DFS took into account the more than 150 comments it received with regard to its original proposal, which was released in September 2016. Although the new proposal maintains many of the requirements of the initial proposal, such as the requirements for a Cybersecurity Program, a written Cybersecurity Policy, and the designation of an individual responsible for the program’s implementation and oversight, the new proposal differs in a number of very significant ways, highlighted below:
As both digital and more traditional companies become more and more dependent on data to compete in today’s information economy, data is starting to have an irrefutable impact on companies’ valuation and reputation. The decisions companies make about how to use data can have an enormous impact on the success of modern enterprises, as well as on their image, their public perception, their competitors, and regulators.
Ownership of a company’s cybersecurity is akin to an issue like climate change or eco-preservation: It’s a concern that touches everyone. For cybersecurity, however, universal ownership may not be the best approach to ensure accountability.
From Silicon Valley’s bench to a seat at the table at Facebook, U.S. Magistrate Judge Paul Grewal surprised many. Judge Grewal handled several high profile intellectual property cases between technology giants, including the Apple-Samsung patent battle and the copyright clash between Google and Oracle. But some attorneys say one of his most interesting opinions took place in a galaxy far, far away.