Hunton Insurance Recovery Blog

The Federal Financial Institutions Examination Council (“FFIEC”), a U.S. governmental body comprised of banking regulators, recently issued guidance to financial institutions directing them to consider implementing dedicated cyber insurance programs to offset financial losses resulting from cyber incidents. Financial institutions face a number of potentially crippling risks arising from cyber incidents, including financial, operational, legal, compliance, strategic, and reputational risks resulting from fraud, data loss, or disruption of service. While cyber insurance can mitigate these risks, it is not required by financial regulators, and thus many financial institutions may not have obtained such insurance specifically designed to cover their cyber risks.  Nonetheless, the FFIEC now is urging financial institutions to include dedicated cyber insurance as part of a multi-faceted cyber risk management strategy and not to rely solely on traditional insurance.  In addition, the FFIEC is recommending that financial institutions have their outside advisors review their potential cyber insurance coverage to ensure that it will cover the relevant risks.

May 25, 2018 should be a day circled on many company calendars. On that day, the European Union’s long-awaited Global Data Protection Regulation (“GDPR”) will go into effect.  It is crucial for U.S. companies to prepare for the GDPR, as they, too, will be required to comply with a new set of data privacy rules if they are handling data from EU-based customers, suppliers, or affiliates. As long as you collect personal or behavioral data from someone in the EU, you must comply with the GDPR.

In today’s interconnected society, a cyber breach is inevitable. For energy companies in particular, the threat is even more acute as cyber security improvements lag behind the rapid digitalization in oil and gas operations. One recent cyber security report stated that 68% of respondents reported that their organization experienced at least one cyber compromise. And, just last week, it was disclosed that hackers used sophisticated malware, called “Triton,” to take control of a key safety device at a power plant in Saudi Arabia. Find our analysis of this latest attack on the blog here .

Last week Bloomberg Law launched an online “cyber insurance suite” authored by Hunton attorneys, Walter J. Andrews, Sergio F. Oehninger, and Patrick M. McDermott. The online suite, available here and to Bloomberg subscribers, covers all aspects of cyber insurance, including identifying the major cyber risks and liabilities, applying for and obtaining cyber insurance coverage, and submitting claims under cyber coverages. It also contains an overview of case law evaluating coverage for cyber liabilities under traditional insurance policies and under cyber specific ...

In their new article for FC&S Legal, Hunton & Williams attorneys Lorie Masters, Syed Ahmad, and Jennifer White discuss critical questions that must be answered when assessing and protecting against cyber risk in the financial sector.  The article is available here.

Cyber and crime insurance policies have been heavily recommended to address the growing prevalence and types of cyber risks.  Walter Andrews and Jennifer White recently authored an article appearing in Risk Management discussing how the purchase of cyber and crime insurance policies alone is not enough to successfully manage these risks. These policies must be carefully evaluated and tailored to the particulars of each organization. The full article is available here. In the article, Andrews and White identify four key questions that every organization must ask when purchasing ...