Risk Management Archives

Cyber Captive Survey 2019 — AON

June 26th, 2019|Categories: HB Risk Notes, Insurance, Technology Law|Tags: Cybersecurity, Data Breach, Data Privacy, Insurance Companies, Risk Management|

Aon’s Cyber Captive Survey 2019 says that the rapid growth in the captive market of cyber-specific policies underscores that cyber is one of the primary risks for organizations across the world driven by an increasingly complex operational, technological and regulatory environment. Key findings include: Healthcare and energy industries are leading the way, with 19% and 15% of organizations in these industries utilizing captives for cyber coverage respectively. 41% of captives surveyed are incubating cyber risk. The range in limits of cover taken out is up to USD$100 million. An estimated 34% of all captives will be writing cyber in five years’ time. Read the complete report here!

CannaLawBlog — Legalizing Cannabis Cash

June 5th, 2019|Categories: Complex Business Litigation, HB Risk Notes, Law Firm Operations|Tags: Banking & Finance, Cannabis, Compliance, Regulations, Risk Management|

On May 20, 2019 banking associations from all 50 states and 1 territory sent a letter to Senate Banking, Housing, and Urban Affairs Committee urging them to conduct hearings on the merits of providing cannabis-related business access to banking services. CannaLawBlog highlighted the primary concerns of the letter in a recent post: "Again, the primary concern expressed was that current law forces state-legal businesses to operate on a cash basis, which poses a safety risk, complicates enforcement efforts, and could damage local economies." The banking associations wanted to emphasize their neutrality on the legality of cannabis, rather they wanted to show strength as a national community and validate, support, and respect those communities that have voted for legalized recreational marijuana. Read the complete post by HarrisBricken attorney Jihee Ahn on The CannaLawBlog.

Top Five Things to Know if You’re Building Your Cannabis Empire Through M&A — CannaLawBlog

May 7th, 2019|Categories: Complex Business Litigation, Corporate Compliance, HB Risk Notes|Tags: Cannabis, Compliance, Corporate & Securities, Mergers & Acquisitions, Risk Management|

Cannabis is associated with calm. Joining the industry is anything but. Hilary Bricken already has nearly a decade of experience in the field of cannabis law. She founded the Canna Law Blog in 2010, which now has several contributors from the Harris Bricken firm and is easily one of the best out there. Her latest post offers insights on companies who wish to build their cannabis business through mergers and acquisitions. In her May 6 post, titled "Top Five Things to Know if You're Building Your Cannabis Empire Through M&A," she writes: "It’s no secret that multiple state-by-state operators are building their cannabis empires through aggressive mergers and acquisitions. Last year, our cannabis business attorneys closed more than $100 million in cannabis company acquisitions, and that shows no signs of stopping in 2019. Cannabis M&A is not your run-of-the-mill business dealing though, and working from boilerplate, rote M&A documents is hugely dangerous. In addition, diligence is oftentimes like a regulatory spiderweb laden with liabilities that other businesses do not face. In addition, the barriers to entry in the cannabis industry are increasingly high, tedious, and protectionist, which can really torture business deals." Bricken writes that "if you find yourself turning into a larger multi-state operator though acquiring cannabis businesses," there are at least five things you should know. Read on for what she has to [...]

Moving Your Corporate Data to the Cloud: Top 13 Things to Think About as you Review Your Hosting Agreement — Judy Selby Consulting

May 6th, 2019|Categories: HB Risk Notes, Insurance, Technology Law|Tags: Data Breach, Data Privacy, Duty to Indemnify, Insurance Companies, Risk Management|

Some data migration risks can be mitigated at the cloud contract stage, Allison Bird, Judy Selby’s partner at Clearview Privacy Consulting LLC, explains. Regarding indemnification, Bird says, "If data is lost or exposed by the hosting company, your company as well as any affiliates who use the services will be subject to suits from clients and individuals whose data was impacted. You may also be subject to regulatory scrutiny which could result in legal costs and regulatory penalties. To the extent possible, negotiate a full indemnification of third party claims arising out of the hosting services." She says the limitation of liability section of your hosting agreement "may be the single most important" part. "Your hosting company may make a lot of promises in the agreement. However, if their liability under the agreement is significantly capped, you won’t receive the monetary compensation necessary to make up for hosting company’s acts and omissions that damage the company. Negotiations for a higher cap will translate into real dollars in the event of a security incident." Of course, insurance is always a good solution if done right. "You can negotiate the perfect contract but unless your hosting company has a deep pocket, it may not have sufficient capital to make good on contractual obligations in the event of a breach or data loss situation, especially [...]

Cyber Risks Enter a New and Increasingly Vicious Phase

October 31st, 2018|Categories: Complex Business Litigation, HB Risk Notes, Technology Law|Tags: Business Interruption, Cybersecurity, Data Breach, Directors & Officers, Risk Management|

For anyone plotting the evolution of cyber risks, the last phase of cyber-attacks was dominated by breaches that resulted in lost or stolen personal or financial data that could then be monetized. The current phase is different. “We have observed a significant increase in the number of disruptive breaches that our clients are dealing with,” says Charles Carmakal, Vice President at Mandiant/FireEye. “These involve destruction, extortion, or public shaming.” How are organizations dealing with this shift? “It’s catching many organizations off guard. Most don’t have a playbook for dealing with extortion,” Carmakal says. “While they may have thought about a ransomware situation, that’s different from the more common type of extortion we are seeing these days, where a threat actor threatens C-level executives or corporate board members with the release of sensitive information.” “Many organizations assume the default is they wouldn’t give into the demands, but when in the middle of a crisis too often the decision is made to pay the threat actors,” he says. “So it’s important to consider what your organization will do in this situation. For example, who will be involved in the decision-making process? Organizations should play out an extortion scenario so they have a plan when faced with real demands.” How can organizations better test the efficacy of their security capabilities? Many organizations conduct penetration [...]

PFOA: Science & Litigation | 11/15/2018

October 21st, 2018|Categories: CLE OnDemand, Complex Business Litigation, Environmental Torts, HB Tort Notes|Tags: Risk Management, Scientific & Medical Studies|

[one-third-first] DATE: Nov. 15, 2018 TIME: 2 p.m. EDT; 1 p.m. CDT; 12 p.m. MDT; 11 a.m. PDT PLACE: Your computer or mobile device PRICE: $197* per dial-in site *Price is good through Oct. 31. After that it's $247. GROUPS ARE GOOD: Registering qualifies you to multiple attendees at your location. CLE: 1 credit Please send CLE questions to CLE@LitigationConferences.com speakers Michael Dourson, Ph.D., DABT, FATS, FSRA Director of Science Toxicology Excellence for Risk Assessment (TERA) Register now and get: Access for multiple colleagues at your location. Practical insights from a board-certified toxicologist. A through and informative PowerPoint presentation for later reference. Answers to your questions via live chat. CLE credit. And more! [/one-third-first] [two-thirds] PFOA Toxicology: What's a Safe Level for the Environment? What toxic tort and environmental attorneys need to know about this ubiquitous compound. Perfluorooctanoic acid (PFOA) has been described as more toxic than methyl mercury. Yet not all organizations tasked with developing safe-dose levels agree on the best approach for PFOA, resulting in recommended levels that are more than 100-times apart. Differences in these recommended safe-dose levels result in cleanup costs that vary by billions of dollars. Background Environmental contamination with PFOA has been known for some time. In the early 2000s safe doses in drinking water were considered to be in the range of 30-to-50 parts per billion. Recent safe-dose assessments by EPA, [...]

Financial Services Cyber Risk Information Sharing

September 26th, 2018|Categories: HB Risk Notes, Insurance, Technology Law|Tags: Cybersecurity, Data Breach, Data Privacy, Insurance Claims Recovery, Risk Management|

Why We Need to be More Like Apes, Less Like Seagulls By Tom Hagy Featuring Craigg Ballance, Director of Canadian Member Services, FS-ISAC Even before we can walk we are encouraged to share. We’re told to share our things even when we barely have any. Even some wild animals share food and resources – even when those resources are scarce. Some creatures are better at it than others, of course. Apes and lions? Absolutely. Seagulls? All you have to do next time you’re on the beach is toss what’s left of your ham sandwich into the air and see how generous gulls are. People fall into sharing -- and not-fond-of-sharing -- groups, too. Sharing is particularly critical in the financial sector where, while privacy and security regulations command a tight lid on data, global financial institutions are successfully sharing data about cyber risk, says Craigg Ballance, Director of Canadian Member Services for FS-ISAC in Toronto. But, he says, sharing has to take place across a broad landscape. “Information analysis sharing has to cut across the various subsets of the financial sector,” says Ballance. “While banks share local data, they are trying more and more to share globally, but,” he says, “banks need to share with other institutions, like insurers, investment funds, pension funds, and other types of financial institutions, for this [...]

Cognitive Shortcuts: Assessing Case Value & Litigation Risk with Homer Simpson and Spock

September 11th, 2018|Categories: Complex Business Litigation, Environmental Torts, HB Tort Notes|Tags: Alternative Dispute Resolution (ADR), Arbitration, Emerging Litigation & Risk, Mediation, Risk Management, Toxic Torts|

By Jeff Trueman, Esq. Mediator The central question on the minds of counsel, their clients, and insurance professionals in civil litigation is, of course, “What’s the case worth?” Although lead paint litigation may be going through some changes, it remains a mature tort where enough historical settlement and verdict data exist for counsel to argue why a particular case should or should not fit within a certain settlement range. In the midst of these discussions, the human brain plays tricks on us. For example, litigators sometimes assume that their trial experience can determine how jurors will negotiate with one another and resolve factual discrepancies after closing arguments. This assumption is a “heuristic” – a cognitive shortcut called attributional error or illusion of control. Underneath the games of litigation “chicken” that are the hallmark of settlement negotiation, heuristics lead to erroneous valuations and assessments of risk. Although more than one hundred heuristics exist, approximately 15-20 occur commonly in the context of settlement negotiations. It is easy for potential clients to employ a heuristic similar to the illusion of control by imagining a connection between something they desire, such as a favorable case outcome, and the past successes of their prospective lawyer. Representative and confirmation biases influence how we connect “model” to “outcome.” When differences over case value intensify, litigators return to threats [...]

Courtney Klein on Social Media & Security

August 1st, 2018|Categories: Corporate Compliance, HB Risk Notes, Law Firm Operations|Tags: Compliance, Cybersecurity, Law Practice Management, Risk Management, Social Media|

A Restructured Paradigm for Corporate Teamwork By Courtney Klein of Soteria Risk Consultants Social media has become an integral part of everyday life. It’s how some of us get our news, research our opinions, learn about local events, and connect with friends. For the modern western business, it is also immensely important for staying in touch with customers, advertising, and overall visibility. For this reason, many companies employ veritable armies of “Social Media Specialists” that do everything from designing graphics to writing tweets to replying to customer questions and complaints. Some companies interact with each other (such as the hilarious and long-standing Twitter Battle between Wendy’s and McDonald's), and some use it as their primary form of communication. Customers, too, know that social media is a way to get in touch with a company - for good reasons and for bad - and while many companies are aware that they will and do receive threats on social media, very few of them have any kind of protocol in place for how to deal with them – and even fewer still encourage their social media teams to pass this information on to or (better yet) work together with their security team. This sort of blasé attitude to threats – either because “it’s not my job” or “they can’t be serious” – leads to [...]

A.I. Best Practices: Rules and Policies for Using Artificial Intelligence in Your Business

July 30th, 2018|Categories: HB Risk Notes, Insurance, Technology Law|Tags: Cybersecurity, Data Breach, Data Privacy, Insurance Companies, Risk Management|

Explore how cybersecurity breaches impact insurance, risk management, and data privacy with evolving legal and compliance challenges. [one-third-first] DATE: Sept. 27, 2018 TIME: 2 p.m. EDT; 1 p.m. CDT; 12 p.m. MDT; 11 a.m. PDT PLACE: Your computer or mobile device PRICE: $197* per dial-in site *Price is good through Aug. 16. After that it's $247. GROUPS ARE GOOD: Registering qualifies you to multiple attendees at your location. CLE: 1 credit Please send CLE questions to CLE@LitigationConferences.com SPEAKER: John Frank Weaver Attorney McLane Middleton Your registration includes: • A site license to attend this webinar (invite as many people in one location as you can fit around your computer at no extra charge). • Downloadable PowerPoint presentations from our speakers. • The opportunity to connect directly with speakers during the audience Q&A session. • At least one-hour of CLE credit. Produced in collaboration with and their new Journal of Robotics, Artificial Intelligence & Law [/one-third-first] [two-thirds] Nearly every industry is adopting or preparing to adopt artificial intelligence applications into their business practices. That's exciting. However, there are almost no government regulations for their use and few resources providing best practices that anticipate ethical considerations and forthcoming legal requirements. This lack of direction poses a serious problem as A.I. applications become more widespread. Businesses are creating their own ad hoc practices without considering the [...]

McLoughlin on Artificial Intelligence in Banking

July 25th, 2018|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: Artificial Intelligence (AI), Banking & Finance, Compliance, Fraud, Risk Management|

"Capital adequacy requirements are not the only kind of regulation that AI is helping banks to meet. An even bigger area is monitoring of trading activities for misconduct and abuse. The Bank of England estimates that misconduct by traders has cost banks a global cumulative of $320 billion to date. For this very large reason, banks are aggressively deploying machine learning to monitor the behavior of their traders and detect unusual behavior." Read Michael McLoughlin's post on LinkedIn. Michael McLoughlin is Global Digital Transformation Partner & Advocate with Microsoft.

Judy Selby on Improving Cyber and Privacy Board Reporting

July 19th, 2018|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: Compliance, Cybersecurity, Directors & Officers, Information Technology Law, Risk Management|

"While general awareness of cyber risks among corporate boards is increasing, even the most motivated and knowledgeable directors cannot effectively fulfill their duties without receiving appropriate data about the organization’s risk profile. Unfortunately, however, there appears to be a disconnect between management and boards when it comes to cyber risk reporting . . . In order for directors to effectively discharge their duty of active, informed, and engaged oversight, the information they receive must be relevant, understandable, reliable, and objective." Judy Selby, JD Judy Selby Consulting Read the full article and Judy's tips for improving board reporting. Judy Selby of Judy Selby Consulting