publications full of ideas
The WannaCry Affair
Three Cyberinsurance Related Tips for Clients

5.18.2017

As we have previously noted, a recent ransomware attack crippled over 75,000 computers in over 100 countries. The “WannaCry” appears to be the largest Ransomware attack to date. However, cyber-experts are already warning of a second, bigger, wave.

Organizations are scrambling to respond to the increasingly ominous threat. However, in our experience, one aspect is frequently overlooked in incident response plans: insurance. Any cyber contingency exercise should factor in the role of insurance. There are three reasons.

First, many policies carry a reporting requirement. Insureds must report the incident, even if coverage is not available. Failure to do so runs the risk of forfeiting future related coverage e.g. in a subsequent Directors & Officers Liability claim arising out of the same incident. For certain “claims made” policies, failure to report a previous incident can void coverage in later policies.

Second, insurers are increasingly offering free or steeply discounted cyber assistance: the digital counterpart to the “preventative medicine” model. Even if an organization has not experienced an incident, it should utilize these resources. A insurer’s practiced eye can identify easily rectified issues – an exercise that could avert a potential catastrophe down the road. Since the personnel detailed to this task specialize in constantly evolving threat, they are better positioned to identify and rectify vulnerabilities than even the most proficient IT department. Since their services have already been paid for through insurance premiums, organizations should call upon them.

Third, organizations should regularly reevaluate their coverage to ensure that it comports with their risk profile. Cyber policies vary widely in what they cover. Is ransomware covered? Business Interruption? One law firm’s coverage claim currently in litigation claims that it lost $700,000 in billables as it struggled to resolve a ransomware issue. What about regulatory investigations? Compliance or contractual costs? The provisions of the policy must align with the realities of the business.

Insurance is no silver bullet. In cybersecurity, there is no such thing. But it is a readily overlooked tool that can help prepare you for the next big one.

Saad Gul and Mike Slipsky, editors of NC Privacy Law Blog, are partners with Poyner Spruill LLP. They advise clients on a wide range of privacy, data security, and cyber liability issues, including risk management plans, regulatory compliance, cloud computing implications, and breach obligations. Saad (@NC_Cyberlaw) may be reached at 919.783.1170 or sgul@poynerspruill.com. Mike may be reached at 919.783.2851 or mslipsky@poynerspruill.com.

Physical Address: 301 Fayetteville Street, Suite 1900, Raleigh, NC 27601

related information

what's new at the firm

McIntyre Leadership Challenge Excites, Ignites, and Inspires Youth

7/12/2017

Mike McIntyre recently announced at the NC Bar Association Annual Meeting, his new Youth Leadership Challenge. The Youth Leadership program will provide opportunities for civic engagement to High School students and community leadership.

Webinar: ERISA Fiduciaries, Data Privacy and Cybersecurity Risks: HIPAA, HITECH, and ERISA Preemption of State Data Breach Laws

6/20/2017

This CLE webinar will provide guidance to employee benefits counsel on trends in data breaches for ERISA healthcare and retirement plans, lessons from recent BCBS/Anthem litigation, ERISA fiduciary obligations, ERISA preemption of state data breach laws, and contractual risk mitigation with third-party administrators (TPAs).

Poyner Spruill Attorneys Honored by Chambers USA in Seven Practice Areas

6/2/2017

RALEIGH - Chambers USA: America's Leading Lawyers for Business has ranked seven practice areas and sixteen Poyner Spruill LLP attorneys as leaders in their respective fields. Poyner Spruill received rankings, which identify the firm as a leader in North Carolina, for outstanding work in the following practice areas:

Charlie Davis Joins Poyner Spruill

6/1/2017

Charles E. “Charlie” Davis III has joined Poyner Spruill as an associate attorney practicing in the areas of estate and trust planning and administration, taxation, and business law.

Brett A. Carpenter joins Poyner Spruill

6/1/2017

Raleigh, NC – Brett A. Carpenter has joined Poyner Spruill’s Raleigh office as an associate, with a focus on helping clients with labor and employment law matters.

Stay up to date with the latest privacy and information security news!