Understanding the 3 Tiers Of Cybersecurity Regulation With John T. Wolak

In this episode of CHATTINN CYBER, Marc Schein interviews John T. Wolak, chairman of the Privacy & Data Security Team at Gibbons P.C. He has extensive experience handling privacy and security issues, cyber insurance coverage, policies, endorsements, risk mitigation and exposure, and due diligence for regulatory compliance. He has been named an “Insurance Lawyer of the Year” (Newark, NJ) by Best Lawyers® and selected for the New Jersey Super Lawyers list for Insurance Law. During the conversation, John recollects his journey into cybersecurity, his experience working with the Y2K problem, biometric technology, and the regulatory tiers that apply to biometric data handling.

After graduating law school, John clerked for a federal district court judge in New Jersey. He then joined Gibbons, and as a young associate, he was staffed on one of the most massive environmental insurance coverage matters of the late 80s and early 90s, an experience that proved not only challenging but very interesting. It set his trajectory in legal practice. He later got involved in the Y2K bubble, which ironically wrapped up in early January 2000. Over the years, John has counselled, covered and handled various cyber issues, most recently, diving into biometrics.

Drawing parallels between the Y2K problem (or the Year 2000 problem) that “caused” data formatting and storage issues after the year 2000, and the issues surrounding cybersecurity today, John explains how uncertainty is the common ground. We’re now faced with the uncertainty of compliance obligations, risk mitigation, and cyberattacks, especially since biometric data usage has increased.

Biometrics are the physical or behavioral characteristics that are used to measure or identify an individual, including facial recognition and fingerprints. With biometric verifications and data usage on the rise, privacy advocates are increasingly concerned about its risks and possible violations.

Biometric data has three tiers of regulation. The first is the biometrics-specific regulation that addresses only biometric information and its collection, use, processing and storage. The second tier is biometrics within the definition of personal information, and the state-specific regulatory regimes, like the CCPA, the Colorado statute, and the Virginia statute that say any individual’s personal information must be appropriately used, stored and protected to ensure privacy and security. Most states have included biometric information within their Breach Notification statute and require notification of a breach involving an actual fingerprint or algorithmic formulae of a fingerprint – that’s the third tier.

Towards the close of the episode, John shares why individuals need to be aware of the private right of action, and how it can be a pain or a joy for different people. The private right of action is a statutory provision that provides private citizens the ability to enforce compliance with a statute by commencing a lawsuit against an entity violating the statute. It can generate a lot of litigation, and often proves a joy to plaintiff’s lawyers as any failure may allow the plaintiff or plaintiffs in a class action to recover statutory damages. The pain caused is to the business that does not comply with the statute and is the target of the lawsuit and damages.

Listen in to learn more about the cybersecurity regulations in effect today.

Highlights:

“The y2k risk was kind of the fear of the unknown. What was going to happen if my computer system completely goes down? That’s a simple statement, or simplistic statement about the issue, but it was the fear of the unknown.”

“If you’re a cyber person, that’s where you look. But you may have competitive situations where your due diligence opportunities are going to be somewhat limited and targeted, and you’re to get through to next rounds, you may have some more confirmatory due diligence at the end.”

“So you have to do a risk assessment, and you have to allocate resources based on your assessment of the risks.  And obviously, the more sophisticated the risk assessor is, the better off that process can be. So, it is something that needs to be done at the outset. Because unless you do it at the outset, you’re not going to be able to engage in a really fully informed risk assessment process to allocate those resources.”

 

2947828.4 099999-00169

Time-Stamps:

[01:00] – John’s cybersecurity journey

[02:15] – Cybersecurity and M&A transactions

[09:44] – Front end, Back end, and Due diligence evaluation

[11:58] – Is there an increase in deals engaging reps and warranties coverage?

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The Importance Of Building Good Client Relationships In Cyber Insurance With Joseph Lazzarotti

In this episode of CHATTINN CYBER, Marc Schein interviews Joseph J. Lazzarotti, Principal in the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. He founded and currently co-leads the firm’s Privacy, Data and Cybersecurity practice group, edits their Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the International Association of Privacy Professionals. Trained as an employee benefits lawyer focused on compliance, Joseph also is a member of the firm’s Employee Benefits practice group. During the conversation, Marc and Joseph explore the latter’s insightful cybersecurity journey, Jackson Lewis’s growth and service offerings, and the importance of better client-service provider rapport in cyber insurance.

Joseph started at Jackson Lewis in the early 2000s as an ERISA and tax attorney doing employee benefits work. At the same time, the HIPAA Privacy and Security Rules and the first data breach notification law in California were passed, which piqued Joseph’s interest. It led him to investigate cyber security issues for clients, and he gradually built a growing team around it.

Jackson Lewis stands as a forerunner in insurance panels with a fair advantage of deep experience dealing with carriers. They understand the rate pressures, the need for responsiveness, the process of doing insured work, and encourage meaningful customer relationships.

Over the years, clients have started to become more engaged in buying cyber insurance. Though one could attribute it to a contractual obligation, they’re mainly concerned about dependent business interruption from a cyber incident. To help with that, Joseph advises firms to examine the coverages, risks, retention, coinsurance, and related aspects to better understand the client business and help them achieve their sayings wisely.

Interestingly, people tend to have a good relationship with their brokers on the health plan side. Joseph hints at how the trend is gradually setting in in cyberspace as more cyber firms are working on building better client relationships by assessing and handing policies that genuinely benefit them.

Further in the dialogue, Marc and Joseph discuss cyber compliance and its ever-changing landscape. Though the term has existed for a long time, it has continually evolved with new amendments to cyber laws and acts and varies from institution to institution. It’s necessary to comply with any regulations, for non-compliance can impact your reputation.

Highlights:

“Compliance is a great word, and it means different things to different people. Some people, when they hear compliance, they’re like, well, if we’re 80% of the way there, that’s good enough, that’s compliant.”

“Compliance also means doing all the things that you need to do with respect to the regulatory environment in which you’re in. And for different companies, that means different things.”

“You may not be able to make information available to your customers, you may impact your reputation, all of that also plays into compliance in the sense that if we comply with a reasonable set of safeguards, we can really save our business.”

“What’s interesting there is this personal liability, potentially, right with fiduciary obligations under ERISA for companies that don’t do that, for individuals who don’t meet their fiduciary role, as well as on the other side for advisors and other entities that service plans.”

Time-Stamps:

[00:43] – Joseph’s entrepreneurial journey

[03:43] – Where to contact Joseph

[05:17] – Advice around insurance coverage for clients

[12:33] – Cyber compliance amid the rapidly changing organizational landscape

 

Connect with Joseph:

 

Email: joseph.lazzarotti@jacksonlewis.com

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Biometric Information Privacy and Cybersecurity With Peter Halprin

In this episode of CHATTINN CYBER, Marc Schein interviews Peter A. Halprin, partner at Pasich LLP’s New York office, where he assists policyholders with insurance coverage issues. He is also an adjunct professor of law at Cardozo Law with expertise in areas of arbitration, commercial law, dispute resolution, and processes international arbitration. Today’s conversation is centred around privacy laws and explains the Biometric Information Privacy Act (BIPA) in detail.

The BIPA came around in 2008 and had since stood out from other privacy laws for its extensive litigation surrounding its purpose, scope of implementation, and relevant details. It intends to cover protection for biometric risks, including fingerprints, retinal scans, and several other face or body detections that have become commonplace today by regulating the collection, dissemination, storage, consent, and destruction of any associated data from the point of generation.

Any exclusion on the distribution of materials that violates a statute, particularly TCPA, would also apply to PIPA or other similar claims. Moreover, the BIPA also allows a private right to action, which means you can individually sue people for violations. Peter explains this by breaking down Six Flags’ fingerprint scan privacy issue, for which the entertainment corporation was slammed $36 million by the plaintiff as settlement despite having refused any fault or liability.

Bigger privacy violation claims can have a twofold benefit from insurance – helping with the defense of the claim and indemnity or the settlement of a potential class of action. A recent decision by the Eastern District of North Carolina has brought into light the importance of having your risk coverage neatly handled under a cyber policy.

In conclusion, Peter explains why it helps to have a broker to assess your policy – the more expressed the coverage, the better informed you are of the risks. Additionally, having the right policy can reduce the liability and defence costs on your side.

Highlights:

“The interesting thing, I think that we’re seeing, too, is a lot of litigation about whether or not insurance should respond. But I caution that most of those cases involve general liability, or business owners policies, and not cyber insurance.”

“An exclusion based on the distribution of materials in violation of a statute, particularly TCPA, would also apply to PIPA or other similar claims. ”

“I think that the main thing that people need to keep in mind is just when you’re doing policy reviews, and when you’re working with your broker to assess your policy, the more expressed the coverage can be for something like that. I think the better to know exactly what is and what isn’t covered when you’re buying your policy so that you can really understand the risks associated with what you’re doing, then to try to have to figure it out after the fact.”

“If you’re working with your insurer and your insurance providing coverage is that they may see a lot of these claims for a lot of their clients. And so panel counsel or counsel that is pre-approved may have a lot of experience by doing these things. And it may even help reduce liability and perhaps defense costs on that on that side, too. ”

Time-Stamps:

[01:51] – Peter talks about his work and involvement with cyber insurance

[03:03] – Exploring the BIPA in detail

[07:27] – Does the BIPA have a private right to action?

[09:53] – The role of insurance in bigger privacy claims

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Exploring Fraud Resolution, Identity Theft Protection, And Security Incident Notifications With Michael Bruemmer

In this episode of CHATTINN CYBER, Marc Schein interviews Michael Bruemmer, VP of Consumer Protection and Global Data Breach at Experian Consumer Services, CA. Marc and Michael discuss the latter’s education, upbringing, unexpected journey into cyberspace, and unique business model and services.

Michael entered the cyber industry fifteen years ago, after quitting working on the tech side for Dell and Lenovo. After returning to Austin, he joined CSIdentity, leading the sales, data breach, and identity theft departments, and hasn’t looked back since.

Michael attributes Experian’s success in insurance cybersecurity with three things — their Program and Events Manager, their family of forensics experts, privacy attorneys, data analysts, and notification vendors (among many others), and the powerful brand and community they’ve created within the organization. Their notification industry work includes fraud resolution, offline enrollment, and identity theft protection.

Michael explains that the foundation of his work hasn’t altered in the past three years and continues to focus on consistently delivering incident notification services, meeting deadlines, and ensuring customer satisfaction. He discusses Experian’s unique business model that provides an ongoing fraud resolution, using which clients can get a year’s worth of credit monitoring. Michael also touches on Experian’s plans of rolling out crisis management response services soon.

The best practice to mitigate cyber risks at any company is to consult with cybersecurity experts before a potentially harmful incident has already occurred. Even if you haven’t had an event, Michael explains that you should always have a private attorney and a cyber insurance provider at the ready. In the event of a suspected breach, you need to reach out to them quickly.

Towards the close of the episode, Michael also talks about ransomware attacks and the percentage of companies giving in to such threats today. Tune in to this episode to learn in better detail about thriving in the cybersecurity industry.

Highlights:

“We value our relationships with people that refer us, that don’t refer us, because it’s such a small community. If your reputation is good in that community, it goes a long way but it only takes one bad event, one dissatisfied customer and then things don’t go so well after that.”

“What I suggest is that you have a privacy attorney, you’re also able to operate under privilege as you if you so choose to. And we’re always encouraging that with any client.”

“The survey that ZD net said was that, in actuality, 83% (of companies) paid the ransomware, which I found was really interesting, despite the FBI, despite the other regulatory agencies, they don’t pay, you’re probably going to get it dumped on the dark web, let alone your brand is going to be exposed. Let alone you’ll never get the encryption key.”

“About 50% of the events that we get contacted in become never notifiable. So in other words, we don’t even go into action, but we still get a heads up so that we can prepare.”

Time-Stamps:

[00:43] – Michael talks about his upbringing

[04:38] – About the cybersecurity services provided at Experian

[05:58] – The notification practice at Experian

[10:21] – Why you need legal counsel before a potential cybersecurity breach/ threat

Connect with Michael:

Website: www.experian.com/databreach

LinkedIn: https://www.linkedin.com/in/michaelbruemmer/

 

 

Driving Innovation Using Simple Secret Management With Brian Vallelunga

In this episode of CHATTINN CYBER, Marc Schein interviews Brian Vallelunga, CEO of Doppler, a San Francisco-based company that provides secrets management software for developers. Brian has been featured in the Forbes 30 under 30 for enterprise technology experts for his outstanding achievements with Doppler. In addition, he has attracted the likes of Sequoia, Google Ventures, Kleiner Perkins, and Peter Thiel to invest in his startup.
Brian worked at Uber which gave him the needed experience and stability to help launch his own business. He founded Doppler to make secrets management easy for developers, which would increase a company’s security further.
A significant challenge Brian and his team faced with their company was fundraising — almost all the investors they came across were a bad fit for their company. It led them to join Y Combinator, a startup accelerator that has helped launch over 3000 companies to date.

From Insurance to Crypto – Understanding The Trends in Law with Stephen Palley

In this episode of CHATTINNCYBER, our host Marc Schein interviews Stephen Palley, partner at Anderson Kill. He chairs the Technology, Media and Distributed Systems group of the organization. Stephen is also a regular speaker and prolific writer on insurance, construction, and technology. He is the lead editor and contributing author to the ABA Forum on the Construction Industry’s best-selling treatise on construction insurance.

When in law school, Stephen had planned on becoming a technology lawyer. In a few years, Stephen had learned programming, found a new method for settling cases, and turned it into a software program! He then came across Bitcoin and Ethereum – two branches of crypto assets, and started working for crypto clients both on the front end regulatory compliance and handling disputes. Hence, interestingly, Stephen had set his career as a successful crypto lawyer at a firm best known for representing policy holders.

Stephen speaks on regulatory crackdowns within crypto in the U.S. and China. The crackdown in China has impacted Bitcoin miners, and a lot of that impact has moved to the U.S. But Stephen firmly believes that a similar crackdown cannot happen in the U.S. Stephen also comments on recent guidance from the OFAC around Bitcoin and the facilitation of ransomware payments. He says the guidance puts victims in between a rock and a hard place.

Stephen also gives guidance for millennials and Gen Z’ers who are fascinated by cryptocurrency. He says no matter what new thing is brought up, you need to remember that regulators and law enforcement judges will have access to it. Also, this is never quick money without effort – risks exist.

Quotes

“We already have a fairly well-developed regulatory framework and a way of understanding crypto. I think it is too deeply embedded in our business at this point for it to disappear.”

“What we do tell people is that when faced with a conundrum, we definitely want you to be in touch with law enforcement.”

“If you are expressing a favorable opinion publicly about a security and you have a stake or position, and if you are being paid to promote it, under federal law, you have to disclose that.”

“Just because you gave something a new name doesn’t mean that regulators and law enforcement judges won’t be able to deal with it and address it.”

“One of the reasons for the fascination with space is pure and simple: the promise of hope for quick profits with not much work. I’m sorry, but it comes from somewhere, there’s always a risk, and somebody always pays.”

“What people don’t know is what’s happening behind the scenes. Most regulatory enforcement actions are confidential. You have no idea what the competitor is dealing with.”

Time-Stamps:

[01:03] – Stephen reveals his story of getting into insurance law and crypto.

[04:21] – Stephen comments on the regulatory crackdown in crypto in the U.S. and China.

[08:30] – Guidance from OFAC on Bitcoins and facilitation of ransomware payment.

[12:47] – Advice for the millennials and Gen Z who have a fascination with cryptocurrency.

[14:33] – Risk management and insurance policies.

Connect with Stephen:

Email spalley@andersonkill.com

LinkedIn  https://www.linkedin.com/in/stephendpalley

 

 

Cyber Risks and Their Threat to Finance With Omar Refaqat

In this episode of CHATTINN CYBER, Marc Schein interviews Omar Refaqat, Senior Manager of Crowe’s Cyber & Risk Consulting Practice. Omar has extensive experience working as a #Telecom and Networks Engineer at several successful companies before venturing into cybersecurity.

Omar’s chats about his engineering background which gave him a solid foundation to understand today’s threats, technologies, and opportunities.

Credit card fraud, email fraud, hybrid attacks, and sim spoofing are the different types of attacks increasing every passing day. Omar explains  simspoofing is the technique used to defeat MFA multi-factor authentication. In this type of #fraud, attackers redirect the messages or #data from your phone’s sim to their phone so that the authentication code you’re supposed to receive in your phone goes directly to them.

Cryptocurrency and blockchain adoption has exploded.  We chat about why there’s so much trust around the two technologies and why people are increasingly drawn to them.

Highlights:

“What we’ve seen over the last decade or so is really a convergence between that and cyber threats and cybercrime.”

“It’s interesting that it’s really a push-pull effect. The banks, central and insurance and credit unions are moving in this direction, but the cloud providers are finally also waking up to the fact that they have this huge industry out there that really wasn’t that excited about their products and services.”

“And that’s the basic technology underlying cryptos. Think of this as a distributed ledger where you don’t need an intermediary to provide that trust. And it’s really that everybody has access to it, you can see what everyone else is doing. And that’s where the trust comes from.”

“What we have seen from our perspective as an accounting firm, we have a risk practice, we have a consulting practice, we have a fairly large audit practice as well. All these things tying together security can no longer be treated as siloed service or applicant application.”

“The way we work with our clients is, as we said, we start with really helping them from the advisory perspective, from a consulting perspective in doing risk assessments, understanding where the technology risks lie in helping them put together those in various programs to help build controls mitigate the risk to the extent that they want to and they need to, and then come in as retirement as an audit practice and make sure that, that ethical framework is is compliant and effective.”

Time-Stamps:

[01:17] – Omar shares his life’s story with us

[03:44] – Omar shares about his time in the finance industry and the convergence of finance and cyber crimes

[06:43] – What is sim spoofing?

[15:15] – What technologies can financial services industries make use of?

[25:38] – Why technology can no longer be seen as a siloed type of service

Connect with Omar:

LinkedIn: https://www.linkedin.com/in/omarrefaqat/

 

 

 

 

 

 

 

 

 

 

 

Brian Warszona’s journey through the cyber insurance industry

In this episode of CHATTINN CYBER, Marc Schein interviews Brian Warszona, UK Cyber Deputy Practice Leader at Marsh McLennan. Brian has over a decade’s worth of experience in the cyber insurance space and has, over the years, shifted from the carrier side to the broker side of the industry.

Brian started his career working with Marsh in Chicago for six years. He then worked as an underwriter at Chubb for two years. Later, Brian helped create the Chicago office for another brokerage firm, before landing his current job at Marsh McLennan.

Brian discusses why shifting from the carrier side to the broker side gave him a whole different perspective on the industry. He could talk about risk in a way that would make it more efficient for both the company and the client. He was creating solutions and bespoke policies for the clients.

Brian explains in detail the terms underwriter and syndicate and how they function in cyber insurance. He also distinguishes an underwriter’s role at Lloyds and in the States and explains his preferences across the geographies. According to Brian, a syndicate has to report back into Lloyds about what they’re doing from a financial stability side of things.

We also discuss the impact of COVID in the industry. Brian shares that from a coverage standpoint, nothing has changed in the pandemic. But there have been revolutionary changes elsewhere. COVID has not only affected Lloyds but also changed the way clients deal with businesses. They don’t have in-person underwriting meetings with syndicates and underwriters from the syndicates so frequently today.

Towards the close of the episode, we talk about Brian’s article on human-capital management regarding cyber risk and discuss the points to keep in mind while identifying suitable vendors.

Highlights:

“I think it’s [the pandemic] allowing us to be a little bit more connected. In some cases, we probably have too many zoom meetings because of it. But on the flip side, we actually have a lot of communication going back and forth, whether it be through zoom teams, or instant messages or wherever it might be.”

“From an analytic standpoint, to the corporate side of things, I really wanted to be in that room with the client talking about, here’s what we can do here. And here’s all the different solutions.”

“I don’t think we can go through a cyber conversation around the market if we didn’t talk about ransomware.

Time-Stamps:

[00:58] – Brian discusses his journey in the cyber insurance industry

[02:21] – Brian shares why he decided to shift from the carrier side to the broker side of the business

[03:35] – Discussing the London insurance mentality

[05:30] – Explaining the terms syndicate and underwriting

[06:39] – The influence of the pandemic in revolutionizing work practices

[08:54] – Talking new requirements in London based carriers

[10:18] – Human Capital Management with regards to cyber risk

[14:59] – Identifying suitable vendors

 

Connect with Brian:

 

LinkedIn: https://www.linkedin.com/in/brian-warszona-36891b12/?originalSubdomain=uk

 

 

 

Cyber Insurance And The Pivots In Underwriting – An interview With Meredith Schnur

In this episode of CHATTINN CYBER, Marc Schein interviews Meredith Schnur, Managing Director and US Cyber Brokerage Leader at Marsh USA, Inc. Meredith offers actionable insights.

Meredith talks about progression in the cyber insurance space. Underwriting and brokerage today look a lot different from how it was in the past. In terms of negotiating arrangements with your clients, bigger always means better. Hence, you cannot survive without developing personal relationships with your clients.

We also learn the challenges that the cyber insurance industry faces – the most substantial challenge being underwriting. It’s not the strategies but the implementation of the strategy that is turning to be demanding. Also, the amount of information that clients have to supply to the underwriting community has undergone a dramatic shift. Hence, the challenge lies everywhere, from allocating resources, getting the right people to the table, answering their questions, understanding the cyber risk profile of an organization, and communicating that to the underwriting community.

Meredith also talks about the common misconceptions around cyber insurance. Clients are still unaware of the amount of underwriting and required information that needs to be supplied at any time. Hence, price hikes are not as welcome to them as we might require.

Speaking about where the future of cyber insurance is, Meredith, says it is undoubtedly in a sustainable and healthy market. For that to take place, stabilization is needed. In the next-generation training program organized by Marsh, building networks and coming out of your comfort zone is vital. Programs like the Track program and Cyber mentorship program help young minds receive adequate mentorship and support.

To part with, Meredith provides advice and guidance to the next generation of insurance professionals who are hoping to get into this field. If risk management truly thrills you, then it is highly recommended that you choose this field!

Quotes:

“From the late 90s to mid-2000s, we called it Network Security and Privacy because that was what it was. We were protecting the network and the overall adoption of this term cyber.”

“If you can’t truly understand the purpose of the policy and the intent of that policy, make sure we understand what the words really mean and what they say.”

“However, if you don’t have the ladder, the second part of being able to truly understand the art of relationship building, technical nature, and how to actually work with all different shapes, sizes, and each deal specifically, you can’t have it.”

“I think the largest challenge that we’re having, even with our largest clients, is the very sharp pivot in underwriting.”

“Sustainable healthy market is what I foresee in five years time. A sharp pitch pivot is needed and required in order to do that, along with stabilization.”

“It is completely underestimated how important having mentors in the business is. It is completely underestimated how to build a network and what building a network can do for your career and for your comfort level. It actually teaches you how to be comfortable in the uncomfortable.”

Time-Stamps:

[03:56] – While negotiating with clients, does bigger mean better in terms of leverage?

[06:07] – Challenges in today’s marketplace.

[08:32] – Misconceptions clients have about cyber insurance.

[13:02] – Next-gen training at Marsh to create future leaders in insurance.

[16:14] – Advice to young folks hoping to get into cyber insurance.

Connect with Meredith

LinkedIn: https://www.linkedin.com/in/meredithschnur

‘The Future of Cybersecurity: Why There is Scope for Improvement With Josh Gold’

In this episode of CHATTINN CYBER, Marc Schein interviews Josh Gold, Cyber Insurance Lead at Anderson Kill, one of the top law firms in the North-East. Josh is a shareholder in Anderson Kill’s New York office. He has represented numerous corporate and non-profit policyholders in various industries. Josh’s practice involves matters ranging from international arbitration, data security, directors and officers insurance, business income/property insurance, commercial crime insurance, admiralty, cargo, and marine insurance disputes. He has been lead trial counsel in multi-party bench and jury trials and has negotiated and crafted scores of settlement agreements including coverage-in-place agreements.

As an individual with extensive experience working around technology, Josh explains that technology is here to stay. Young attorneys can eye many opportunities in this area, counseling and guiding clients in the times to come.

Josh explains the landmark decision during the DFW case. He describes the fraud that happened and why it was a hard-fought case. He further shares that there has been some real traction for policyholders in getting insurance coverage for cyber-related claims today, not just under a cyber policy but also under many other business insurance policies.

Josh also talks about Landry’s case. He explains how they had their payment card information stolen. Landry’s got into a fight with their merchant bank, claiming that their retailer was responsible for the breach of their customers’ payment card information. The legal fight between the merchant bank and Landry’s lasted a while. However, Landry’s was, in the end, able to secure a decent win. Josh further expands on various property insurance cases in 2020 and how insurance coverage works in those cases.

Josh and Marc discuss the threats due to cybersecurity breaches in the future and why it could go beyond money and information to bodily injuries and threats to life. He explains the importance of cyber hygiene and why we need to be more thoughtful about such instances in the future.

Josh ends the conversation on an optimistic note and shares that there is scope for preventing cybersecurity crimes in the future. He shares that sound backup systems and cybersecurity hygiene could help us in the same.

Highlights:

“The changes in tech are exponential each year, and sadly, for our clients and for society at large, I don’t think cybercrime is going away, I think we’re going to be living with a lot of problems, a lot of perils. And I think they’re only going to get worse before they get better.”

“It was a hard-fought case [DFW case]; it took years to secure both the district court and the circuit court appellate rulings that we obtained, but a very good day for policyholders and I think we’re starting to see some real traction for policyholders getting insurance coverage for cyber-related claims, not just under a cyber policy, but under lots of other business insurance policies.”

“For really serious breaches, you may need all of that coverage to really fit all of the pieces of the puzzle involving the losses and damages that certainly arise from a breach.”

“If you had 10,000 great employees who were observing good hygiene, it just takes one or five of them to maybe compromise the organization systems.“

“I’m hoping that as we all become more sophisticated users, either as individuals in our personal lives or in our professional lives, when we’re remote, learning, remote working, communicating with our own devices, even if it’s through a web portal, we’re more careful about these things.”

“It’s my hope that between maybe having good backup systems that are insulated from your day to day computing operations, and then having kind of this – if all else fails group that can help you for free, get decryption tools, get your data back without having to pay a hefty ransom. That gives me some hope, that gives me some optimism that there can be an ability to fight back against some of these really strong and sophisticated cyber games that are obviously roaming the world right now, at least virtually causing all kinds of criminal mischief.”

Time-Stamps:

[00:47] – Josh Gold shares his background and about working with Anderson Kill

[04:16] – Learn in detail about the DFW case

[08:47] – About Landry’s case and how Landry’s won in the end

[13:29] – How can policyholders be hopeful about winning in the end?

[15:24] – The importance of maintaining cyber hygiene