October 2018

Cyber Risks Enter a New and Increasingly Vicious Phase

October 31st, 2018|Categories: Complex Business Litigation, HB Risk Notes, Technology Law|Tags: Business Interruption, Cybersecurity, Data Breach, Directors & Officers, Risk Management|

For anyone plotting the evolution of cyber risks, the last phase of cyber-attacks was dominated by breaches that resulted in lost or stolen personal or financial data that could then be monetized. The current phase is different. “We have observed a significant increase in the number of disruptive breaches that our clients are dealing with,” says Charles Carmakal, Vice President at Mandiant/FireEye. “These involve destruction, extortion, or public shaming.” How are organizations dealing with this shift? “It’s catching many organizations off guard. Most don’t have a playbook for dealing with extortion,” Carmakal says. “While they may have thought about a ransomware situation, that’s different from the more common type of extortion we are seeing these days, where a threat actor threatens C-level executives or corporate board members with the release of sensitive information.” “Many organizations assume the default is they wouldn’t give into the demands, but when in the middle of a crisis too often the decision is made to pay the threat actors,” he says. “So it’s important to consider what your organization will do in this situation. For example, who will be involved in the decision-making process? Organizations should play out an extortion scenario so they have a plan when faced with real demands.” How can organizations better test the efficacy of their security capabilities? Many organizations conduct penetration [...]

Foggan & Huggins on Opioid Litigation Defense Coverage

October 31st, 2018|Categories: HB Risk Notes, Insurance, Mass Torts|Tags: Comprehensive General Liability (CGL), Duty to Defend, Errors and Omissions (E&O), Insurance Companies|

Is a drug company that's sued in connection with the manufacture, promotion and distribution of opioids covered by its insurer for defense costs? According to Laura A. Foggan and Michael Lee Huggins of Crowell & Moring, LLP, that determination will come down to whether, in the relevant state, an accident takes place when either the act or the injury was unintentional, or whether an accident occurred if only the act was unintentional. This definition will vary by state, Foggan and Huggins wrote in California Litigation, published by the Litigation Section of the California Bar earlier this year. South Carolina may permit coverage if "either the act or the injury was unintentional," they explained. In Liberty Mutual v. J.M. Smith, the Fourth Circuit held that if a drug company failed to identify and alert regulatory agencies of suspicious drug orders, then there may be a duty to defend. But in California, the Crowell & Moring attorneys wrote, with that state's definition of "accident" a state appellate court in Travelers v. Actavis held that a "deliberate act is not an accident, even if the injury is unintentional, unless the injury was produced by an additional, unexpected, independent, and unforeseen happening." In that case drug company Actavis allegedly engaged in deceptive marketing in order to sell more opioids and reap more profits. According to Foggan and Huggins, [...]

PFOA: Science & Litigation | 11/15/2018

October 21st, 2018|Categories: CLE OnDemand, Complex Business Litigation, Environmental Torts, HB Tort Notes|Tags: Risk Management, Scientific & Medical Studies|

[one-third-first] DATE: Nov. 15, 2018 TIME: 2 p.m. EDT; 1 p.m. CDT; 12 p.m. MDT; 11 a.m. PDT PLACE: Your computer or mobile device PRICE: $197* per dial-in site *Price is good through Oct. 31. After that it's $247. GROUPS ARE GOOD: Registering qualifies you to multiple attendees at your location. CLE: 1 credit Please send CLE questions to CLE@LitigationConferences.com speakers Michael Dourson, Ph.D., DABT, FATS, FSRA Director of Science Toxicology Excellence for Risk Assessment (TERA) Register now and get: Access for multiple colleagues at your location. Practical insights from a board-certified toxicologist. A through and informative PowerPoint presentation for later reference. Answers to your questions via live chat. CLE credit. And more! [/one-third-first] [two-thirds] PFOA Toxicology: What's a Safe Level for the Environment? What toxic tort and environmental attorneys need to know about this ubiquitous compound. Perfluorooctanoic acid (PFOA) has been described as more toxic than methyl mercury. Yet not all organizations tasked with developing safe-dose levels agree on the best approach for PFOA, resulting in recommended levels that are more than 100-times apart. Differences in these recommended safe-dose levels result in cleanup costs that vary by billions of dollars. Background Environmental contamination with PFOA has been known for some time. In the early 2000s safe doses in drinking water were considered to be in the range of 30-to-50 parts per billion. Recent safe-dose assessments by EPA, [...]

Kenneth Jones of Tanenbaum Keale on Law Firm Tech Development Capabilities

October 16th, 2018|Categories: Corporate Compliance, HB Risk Notes, HB Tort Notes, Technology Law|Tags: Compliance, Cybersecurity, Law Practice Technology, Legal Tech|

Should Law Firms Should be Able to Develop Custom Technologies? Here is #10 of Jones' Top-10 List. #10. Security. The cloud is great, and generally speaking, companies in this space operate systems in a highly professional manner. However, occasionally one encounters special business needs which call for extensive “above and beyond” levels of security. This could be times a firm is storing financial information, medical records, or other data they wish to absolutely, positively protect. In these situations — under the theory that “no one does things better than I do” —it’s nice to have the option to build super-secure systems with features such as encrypted data within database tables, and to manage the systems with a very small number of highly trusted professionals specifically known by the law firm. Read more of the article posted by Thomson Reuters. Kenneth Jones oversees various aspects of technology at Tanenbaum Keale LLP in the role of Chief Technologist. He leads efforts to support TK’s computing environment and infrastructure, one that features a strategy of professionally protecting and processing client data in the cloud with highly skilled and respected leading-edge business partners in the technology space. Ken also helps lead and support various TK programs in the areas of security, compliance, business continuity and firm administration. Learn more.

Protecting Intangible Assets: Risk Transfer Market Yet to Catch Up

October 12th, 2018|Categories: HB Risk Notes, Insurance, Intellectual Property, Technology Law|Tags: Cybersecurity, Data Analytics, Data Breach, Data Privacy|

Intrinsically Intangible. by Giles Harlow, Senior Vice President, Aon (Bermuda) Ltd. In the early 1980's, tangible assets made up around 80% of the value of the S&P 500. Fast forward to today and nearly 85% of the value of the S&P 500 is attributable to intangible assets. However, the risk transfer market has not caught up. According to the Aon/Ponemon report of last year, whilst around 60% of tangible assets (property, plant and equipment) are currently being insured, only 12% of informational assets are. So what gives? If the vast majority of companies' values in 2018 are attributable to intangibles, why are they not transferring those risks? Is it a lack of education on the client side? A lack of innovation in the brokerage community? A lack of understanding or willingness to accept these new risks on the carrier end? Or is it that whilst the marine and property markets have had centuries to evolve, the newer intangible insurance markets are just gearing up to size as they collate the data they need to properly price and model these risks? Likely, it is some combination of all of these factors. We have seen great strides in the cyber market, with double-digit premium growth over the last four-to-five years. The market has evolved from being focused on large data holders, to providing [...]

Cyber Insurance Policy Language Review: A Deep Dive Into Key Policy Provisions and Important Differences Among Cyber Policies | Oct. 25, 2018 | Now On-Demand!

October 3rd, 2018|Categories: Uncategorized|Tags: Business Interruption, Cybersecurity, Insurance Companies|

[one-third-first] Now Available On Demand PLACE: Your computer or mobile device PRICE: $197 CLE: 1 credit Please send CLE questions to CLE@LitigationConferences.com SPEAKERS: Judy Selby Principal Judy Selby Consulting LLC Scott Godes Partner Barnes & Thornburg Please contact us with any registration questions: Brownie.Bokelman@LitigationConferences.com Kathleen.McFadden@LitigationConferences.com Your registration includes: • A site license to attend this webinar (invite as many people in one location as you can fit around your computer at no extra charge). • Downloadable PowerPoint presentations from our speakers. • The opportunity to connect directly with speakers via email to HBWebinars@LitigationConferences.com • At least one-hour of CLE credit. Produced in collaboration with Judy Selby Consulting LLC Also available as part of your subscription at the Thomson Reuters West LegalEdcenter. [/one-third-first] [two-thirds] What's in your cyber policy? Cyber insurance can provide a lifeline to companies dealing with today’s high stakes and constantly evolving cyber risk and regulatory compliance landscape. But not all cyber policies are created equal, and a single policy word can mean the difference between a covered and an uncovered claim. In this session, we analyze various cyber insurance coverage terms, conditions, and exclusions and describe how the words can impact coverage for real-life claims. What you will learn: • Important differences among generally available insurance coverages for cyber and privacy risks • Understanding basic cyber insurance policy conditions and [...]