Insurance Coverage for Cyber Liabilities and Losses

Our lawyers have helped clients navigate cyber breaches and recover substantial sums from their insurers for cyber-related liabilities and losses. The firm’s lawyers have extensive experience pursuing insurance coverage for business e-mail compromise schemes, cyber crimes, data breaches, fraudulent e-mails, invoice manipulation schemes, phishing and whaling attacks, ransomware attacks, privacy and statutory liability, and technology E&O disputes.

As thought leaders on cyber insurance, our lawyers speak on cyber insurance issues to CFOs, CISOs, in-house counsel, insurance brokers, judges, law enforcement, and risk managers, and write numerous articles on diverse cyber and privacy issues such as the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), the Illinois Biometric Privacy Act (BIPA), and Iranian cyber threats and the “war” exclusion.

Representative Engagements:

• Representation of a furniture company in connection with coverage following invoice manipulations;
• Representation of a high-tech manufacturer in connection with coverage following a whaling attack;
• Representation of a health care provider in connection with coverage following a phishing scheme;
• Representation of a sports technology company in connection with coverage following class action lawsuits and regulatory investigations asserting, among other things, release of sensitive user data;
• Representation of a utility in connection with coverage for business interruption and data recovery issues following a ransomware attack;
• Advising a technology company in connection with coverage following a ransomware attack;
• Advising a health care provider in connection with coverage following a ransomware attack;
• Advising a financial institution in connection with coverage scenarios such as ransomware attacks, outages, and voluntary shutdowns; and
• Advising a financial services company in connection with coverage for business interruption and network security issues in relation to vulnerabilities arising from the coronavirus and employees working from home.

Representative Press, Publications, and Speaking Engagements:

• Author, “Privacy protections create liability for companies collecting personal data,” ALM (July 17, 2023)
• Speaker, “Cyber Business Income Loss Disputes,” Claimsxchange (July 13, 2023)
• Quoted, “How to Maximize Cyber Insurance Payouts,” InformationWeek (July 11, 2023)
• Author, “New State Biometric Privacy Laws Highlight the Role of Insurance,” Biometric Update (July 10, 2023)
• Author, “Amazon Suit Highlights Biometric Data Risks,” Risk Management (June 1, 2023)
• Author, “Merck’s Insurance Win After Malware Attack Sets Guideposts,” Bloomberg Law (May 31, 2023)
• Quoted, “CommonSpirit Ups Cost Estimate on Its 2022 Ransomware Breach,” HealthcareInfoSecurity (May 24, 2023)
• Quoted, “N.J. Appeals Court Rules War Exclusion Doesn’t Apply to NotPetya Attack,” Insurance Journal (May 22, 2023)
• Quoted, “Merck’s Win in NotPetya Insurance Dispute: What It Means,” HealthcareInfoSecurity (May 4, 2023)
• Author, “Illinois Supreme Court BIPA Decision Highlights Need to Pair Strong Privacy Measures with Robust Insurance Coverage,” ACC (April 25, 2023)
• “Amazon Suit Stresses Importance of Insurance Coverage for Biometric-Privacy Claims,” NYLJ (April 20, 2023)
• Speaker, “Does Having Cybersecurity Expertise Matter when Mediating a Cybersecurity Claim,” 2023 ICLC CLE Seminar (March 2, 2023)
• Speaker, “Cyber Liability and Reflections on the Sony Hack,” SERMA Podcast (January 23, 2023)
• Quoted, “Online Tracking Suits May Be Next Cyberinsurance Headache,” Law360 (January 23, 2023)
• Speaker, “Guide to Mediating Data Breach Disputes,” West LegalEdcenter (December 2, 2022)
• Speaker, “Could Recent NotPetya Case Outcomes Pressure Insurers to Reword War Exclusions,” Insuring Cyber Podcast (November 23, 2022)
• Speaker, “Cyber Liability and Reflections on the Sony Hack,” SERMAPod (November 3, 2022)
• Quoted, “Killnet Attacks Looming Cyberwar Insurance Issues,” Law360 (October 27, 2022)
• Speaker, “Philly I-Day Cyber Panel: It’s Less About the Information and More About Defenses,” AM Best TV (October 3, 2022)
• Speaker, “Cyber Insurance & Reinsurance Update,” Philly iDay 2022 (September 19, 2022)
• Speaker, “Crisis of Conscience: The Future of Cybersecurity Leadership, The Board, Regulation and Ethics,” CyberEdBoard Roundtable (September 9, 2022)
• Author, “Are Biometric Privacy Liability Claims Covered by Insurance,” Today’s General Counsel (September 8, 2022)
• Quoted, “Lloyd’s Cyberwar Stance Puts Focus on State Attribution,” Law360 (August 24, 2022)
• Speaker, “Cybersecurity and Cyber Insurance: Claims, Costs, and Chaos,” Association for Data and Cyber Governance U.S. National Privacy and Cybersecurity Podcast (August 10, 2022)
• Author, “Insurance for Cyber and Privacy Risks in the Light of the Marriott Data Breach,” HotelExecutive (August 7, 2022)
• Quoted, “Cyber Incident Cost $100 Million, Tenet Healthcare Reports,” HealthcareInfoSecurity (July 26, 2022)
• Author, “Marriott Data Breach is a Good Reminder to Review Your Cyber Insurance Coverage,” Hospitality Technology (July 19, 2022)
• Speaker, “Cyber Insurance: The Latest Hurdles to Jump Through,” Information Security Media Group Healthcare Summit 2022 (July 12, 2022)
• Quoted, “Catastrophic Cyber Risks Pose Challenge to Insurance Sector,” Business Insurance (June 28, 2022)
• Author, “Insurance Coverage for Illinois BIPA Ruling,” Biometric Update (June 27, 2022)
• Quoted, “From Pandemic to Cyber War, Clear Policy Wording Is Key for Insurers,” Insurance Journal (June 15, 2022)
• Quoted, “From Pandemic to Cyber War, Clear Policy Wording Is Key for Insurers,” Carrier Management (June 7, 2022)
• Speaker, “Fines & Penalties,” NetDiligence Cyber Risk Summit Philadelphia 2022 (June 2, 2022)
• Quoted, “Contingency Plan: Fortifying hotel businesses against inevitable cyber attacks,” Lodging Magazine (June 2022)
• Quoted, “Insurers Hopeful in BIPA Rows Despite III. Justices’ Ruling” Law360 (May 9, 2022)
• Quoted, “Internet of Things’ Expansion Heightens Cyber Concerns,” Law360 (May 6, 2022)
• Speaker, “Understanding What Is Cyber Insurance, How to Buy Cyber Insurance, And Things To Remember,” Chicago-Kent College of Law (April 13, 2022)
• Author, “3 Insurance Lessons From Target Data Breach Ruling” Law 360 (April 8, 2022)
• Quoted, “Physicians, are you ready for a ransomware attack?” Medical Economics (April 2022)
• Author, “A Practice Guide to Cyber Insurance for Businesses,” ABA Book Publishing (March 2022)
• Speaker, “Cyber Security and Insurance In the Wake of the Russian Invasion of Ukraine,” In House Warrior Podcast (March 10, 2022)
• Speaker, “Cybersecurity Insurance and Litigation” The Private Equity Funcast (March 10, 2022)
• Quoted, “Silent cyber ruling has insurers looking closer at war clause,” Business Insurance (March 4, 2022)
• Author, “‘Merck’ Provides Guidance About Insurance Coverage for Cyberattacks” New York Law Journal (March 4, 2022)
• Quoted, “Elevated cyber risk from Russia-Ukraine tensions could test U.S. insurers’ war exclusions,” Thomson Reuters (February 24, 2022)
• Speaker, “Cybersecurity is No Longer Just an IT Issue,” In House Warrior Podcast (February 7, 2022)
• Quoted, “Look for cyber coverage in other types of policies: Expert,” Business Insurance (January 27, 2022)
• Speaker, “How to Strengthen Your Cyber Insurance Recovery Strategy,” RIMS TechRisk/Risk Tech (January 26, 2022)
• Speaker, “Biometric Information Privacy and Cybersecurity with Peter Halprin,” Chattinn Cyber (January 25, 2022)
• Quoted, “War Exclusion Doesn’t Bar Merck’s $1.4B Cyber Loss,” Law360 (January 14, 2022)
• Panelist, “Cyber Insurance for Ransomware,” Lexeprint (Oct. 19, 2021)
• Quoted, “Insurers See Hope in BIPA Coverage Battle With NC Ruling,” Law360 (Oct. 4, 2021)
• Quoted, “What Are You Doing About Ransomware?,” Risk Management (Oct. 1, 2021)
• Speaker, “FBI Briefing and Cyber Panel,” Fortress SRM (Sept. 14, 2021)
• Interviewed, “Chattinn Cyber Podcast,” Marsh McLennan Agency (Sept. 14, 2021)
• Author, “How Recent State High Court Coverage Rulings Show Mediation’s Value in the Cyber/Regulatory Landscape,” Alternatives to the High Cost of Litigation (September 2021)
• Speaker, “Computer Fraud Insurance: Coverage for Ransomware and Cybercrime After G&G Oil v. Continental Western,” Strafford (August 17, 2021)
• Quoted, “Scripps Health Reports Financial Toll of Ransomware Attack,” HealthcareInfoSecurity (August 13, 2021)
• Quoted, “Ransomware Scourge Isn’t Scaring Away Cyber Insurers,” Law360 (August 13, 2021)
• Speaker, “Cyberinsurance Panel,” NCOIL Summer Meeting (July 17, 2021)
• Quoted, “EP. 18: What Insurers Should Know as Ransomware Takes Center Stage,” Insurance Journal: Insuring Cyber Podcast (July 14, 2021)
• Speaker, “Cyber Claims Continue, What Can We Learn From Past Experiences?” RCM&D/Oswald Companies Webinar (June 22, 2021)
• Speaker, “Pay Attention to the Fine Print on ‘War Exclusions’ in Cyber Policies,” Healthcare Info Security (June 18, 2021)
• Quoted, “Insuring Cyber: Lacewell on How New York Became a Leader in Cyber Regulation,” Insurance Journal (June 3, 2021)
• Quoted, “Illinois Justices Ring Alarm Bell for Insurers On BIPA Coverage,” Law360 (May 24, 2021)
• Speaker, “The Realities of Ransomware in the Middle Market,” Association for Corporate Growth/Growth TV (May 20, 2021)
• Speaker, “Video: The BI Interview with Peter Halprin of Pasich LLP,” Business Insurance  (May 18, 2021)
• Quoted, “Pipeline Ransomware Attack Could Raise Cyber Insurance Bar,” Law360 (May 14, 2021)
• Author, “Ransomware, cybersecurity, and insurance,” Westlaw Today (May 11, 2021)
• Author, “Deepfakes and Insurance Coverage,” NYLJ (May 7, 2021)
• Speaker, “A Guide for Companies Seeking Insurance for Ransomware – What the ‘G&G Oil’ Will Mean for Businesses Seeking Insurance for Ransomware Attacks,” Lexeprint (Mar. 25, 2021)
• Speaker, “Avoid U.S. Department of Treasury’s OFAC Sanctions When Facing a Ransomware Attack,” Lexeprint (Feb. 26, 2021)
• Author, “What Will ‘G&G Oil’ Mean for New York Businesses Seeking Insurance for Ransomware Attacks,” New York Law Journal (Feb. 26, 2021)
• Author, “What CPAs Need to Know About Cyber Insurance Today,” New Jersey CPA Magazine (Jan. /Feb. 2021)
• Author, “Cybersecurity Event-Driven Securities Litigation Has Arrived,” Law360 Expert Analysis (Jan. 12, 2021)
• Author, “Placing Ransomware in Context and Avoiding Liability for Paying Ransomware Claims,” Journal of Internet Law (January 2021)
• Quoted, “EP. 6: Making Waves: How New York Became a Leader in State Cyber Regulation,” Insurance Journal: Insuring Cyber Podcast (Jan. 27, 2021) (article and podcast interview)
• Speaker, “Cyber Insurance for Corporations: Why Your Clients Need It, What to Look For, and How to Evaluate It,” West LegalEdCenter (October 8, 2020)
• Speaker, “Cyber Security Insurance Litigation: The Complete 2020 Toolkit,” West LegalEdCenter (September 29, 2020)
• Author, “DFS Case Shows Insurance Ramifications Of Cyber Breaches,” Law360 Expert Analysis (August 25, 2020)
• Author, “What CFOs Need to Know About Cyber Insurance Now,” StrategicCFO360 (August 18, 2020)
• “Defining Cyber Threats,” Business Law Today (July 7, 2020)
• “Demystifying Cyber Threats,” Insurance Research Letter (June 2020)
• Speaker, “The Impact of COVID-19 on Cyber Insurance,” Global Cyber Institute/West LegalEd Center (April 28, 2020)
• “COVID-19 Cybersecurity and Insurance Coverage,” New York Law Journal (April 20, 2020)
• The Cyber Wire CaveatCW Podcast, Episode No. 17 (Feb. 26, 2020) (cyberinsurance, privacy statutes, and ransomware)
• “Insurance Trends to Watch in 2020,” Insurance Research Letter (February 2020)
• Speaker, “The Ins and Outs of Cybersecurity Insurance,” Global Cyber Institute (Jan. 16, 2020);
• “Iran’s Cyber Threats Are a Reminder to Review Your Cyber Insurance Coverage,” Lexology (Jan. 13, 2020);
• Quoted in “Attorney: Scrutinize terms of insurance policies as California Privacy Law comes into force,” Inside Cybersecurity (Jan. 2, 2020);
• “Three Insurance Coverage Cases to Monitor on the Eve of the California Consumer Privacy Act,” Lexology (Dec. 22, 2019);
• Speaker, “Arbitrating Cyberinsurance Disputes,” New York City Bar Association, Arbitration Committee (Dec. 18, 2019);
• Quoted in “The Case for Cyber Insurance,” Security Week (Dec. 10, 2019);
• “Cyber Insurance for Critical Infrastructure and Debate About War,” IIoT World (Nov. 5, 2019);
• “Cybersecurity Insurance for Law Firms,” Transnational Dispute Management (TDM) (May 1, 2019) (Re-printed in Lexology, Oct. 11, 2019); and
• “Arbitrating Cyber Coverage Disputes,” American Bar Association (Mar. 13, 2019).