Beware of the checks your on-line privacy and security policies write. If your you-know-whats can’t cash them, plaintiffs might. Increasingly, plaintiffs are filing lawsuits after “hackers” access their personal information through undersecured websites or electronic databases. Almost every company holds some type of customer information in electronic form. As companies enhance their web presences, many have posted security and privacy policies. If you’re a business owner, you likely have one (if you don’t, you should). And if you’ve ever used the internet (if you haven’t, you’re not reading ..read more

Increasingly, businesses buy cyberinsurance to protect valuable electronic assets, including computer systems themselves and the data stored within them. These policies, however, are relatively young.  They frequently utilize terminology taken from traditional property/casualty policies, the meanings of which are informed by decades of case law.  These seemingly familiar words, however, are creating novel cyberinsurance issues that may impact the coverage you have, or think you have. In Nat’l Ink & Stitch, LLC v. State Auto Prop. & Cas. Ins. Co., CV SAG-18-2138, 2020 WL 37446 ..read more

Classic phishing attacks identify an item of information or an opportunity that is appealing to a target audience, and they use that to bait the target into clicking a malicious link or opening a corrupted file. Like a worm to a fish. Hence the term, phishing. The earliest attacks fed off of a near universal allure – money. Do as I say, and you will receive hundreds of thousands, or even millions, of dollars. As we wised up, the scams became more tailored. Professionals were hit with new client inquiries. Manufacturers received purportedly important alerts from trade associations. Parents’ in ..read more

Had my mother previewed this post, she would have cautioned me not to give myself a kenahorah (ken-a-ho-rah).  That’s a yiddish term.  It means doing or saying something to tempt evil, to invite bad things to come your way.  The title of this post, in light of what may or may not be warranted mass hysteria, would seem to flirt with something that, to be on the safe side, should not be flirted with.  Alas, like the names of my children, Bubby does not get a preview of my blogs.  She sees them after they are posted, just like you.  So, at the risk of a kenahorah… My office is still open.  Will t ..read more

In 2018, the FBI’s Internet Crime Complaint Center (IC3) received more than 900 complaints of internet driven crime every day.  This amounted to over 350,000 complaints involving $2.7 billion in losses.  Business enterprise compromises (BECs) were the most common and the most consequential. These scams, which involve the use of fraudulent emails instructing recipients to unwittingly wire payments to criminals’ bank accounts, accounted for over 20,000 complaints and a whopping $1.2 billion in losses in 2018.  The Cyber Division of the FBI’s Economic Crimes Unit investigates these complaints wit ..read more

In April 2016, I highlighted insurance issues related to business enterprise compromises, or BECs.  Yesterday, I had the privilege of presenting on the topic to the Central Jersey Chapter of the Institute of Internal Auditors at its Annual Fraud Conference (thanks  to Frank Pina at Mercadian for the invite). Since I last wrote about the subject, the FBI has determined that BECs, also known as CEO fraud, social engineering and spoofing, are among the most costly forms of cyber-crime.  Refresher: the FBI defines a BEC as a “sophisticated scam targeting both businesses and individuals performing ..read more

In January, I offered my view on Zurich’s invocation of an ‘act of war’ exclusion to deny coverage for Mondelez International’s losses caused by NotPetya.  And made a funny joke about Oreos in the process.  You’re welcome.  More recently, I was interviewed by Matt Fleischer-Black for CyberInsecurity News on the same subject, and Matt suggested that his research revealed that Sony’s claims were covered by AIG following the 2014 ‘The Interview’ hack.  That got me thinking – if AIG covered Sony’s losses, is there a difference between Sony’s AIG policy and Mondelez’s Zurich policy? Sony reportedly ..read more