3

New Articles

March 26, 2023

UPDATE: NLRB GC Abruzzo Makes Clear All Non-Disparagement and... by: Michael J. Lebowich and Joshua S. Fox
Keller and Heckman Webinar: Navigating the FCC’s Universal Service... by: Gregory E. Kunkle and Casey Lide
Mississippi Gaming Commission Meeting Report: March 23 by: Thomas B. Shepherd III and Christopher S. Pace

March 25, 2023

EC Committee Issues Final Opinion on Hydroxyapatite (Nano) in Oral... by: Lynn L. Bergeson and Carla N. Hutton
Beltway Buzz, March 24, 2023 by: James J. Plunkett
Court Holds That Some Inappropriate Communications Between Employees... by: Philippe A. Lebel and Ryan P. McGill
Governor Whitmer Signs Legislation Repealing Michigan’s Right-to-Work... by: Christopher Mikula and Eric C. Stuart
Behind the Scenes in the Manufacturing Site-Selection Process by: Roderick D. Gillum
April 2023 Department of State Visa Bulletin Shows Further... by: Sarah P. Chiang
Top Three Trends Discussed at 2023 Legalweek by: Electronic Discovery at KL Gates

March 24, 2023

Article By

Cynthia J. Larose

Mintz

Privacy & Cybersecurity Viewpoints

Related Practices & Jurisdictions

All Federal

CNA Denies Cyber Insurance Claim

Tuesday, May 19, 2015

Key takeaway: The insurance applications and underwriting questionnaires prepared in connection with cyber insurance do matter.

Cyber security, and cyber insurance, have dominated the industry headlines for several years now, but even as companies, brokers and insurers work to develop these products, there has been a dearth of case law interpreting key provisions. This is beginning to change as disputes arise and make through way through the judicial system.

One such suit came last week when CNA filed a declaratory judgment action against its insured Cottage Health System, seeking reimbursement of both defense costs and a $4.125 million settlement it had paid out on a claim made under Cottage’s cyber policy. In January 2014, Cottage was sued in a class action in California state court, where it was alleged that the records of more than 30,000 of Cottage’s patients had been disclosed to the public via the internet. Cottage allegedly stored such records on an internet-accessible system but failed to install encryption or use other safeguards. The California court granted approval of the $4.125 million settlement fund in December 2014. CNA, which had reserved rights, filed this action.

In it, CNA invokes the exclusion for “failure to follow minimum required practices” which precludes coverage if the insured does not “continuously implement the procedures and risk controls identified in the Insured’s application for this Insurance.” In its application Cottage had indicated that it regularly re-assessed its exposure to information security and privacy threats, among other, more specific, data-protection procedures. CNA asserts that this representation in the application was false.

Insureds and insurers in the cyber space would do well to watch this matter unfold. The exclusion invoked, and the application questions it relies on, are broadly worded and may leave room for strong arguments on both sides. Regardless of the outcome, we can be sure that this is only the beginning of judicial interpretation of the key terms of cyber-related policies. Interested readers can also review one of the first cyber-related decisions in the country, which came out of the District Court of Utah last week, here.

Credit: Staff attorney Jacquelyn Burke

Latest Legal News & Analysis

UPDATE: NLRB GC Abruzzo Makes Clear All Non-Disparagement and Confidentiality...

Proskauer Rose LLP

Keller and Heckman Webinar: Navigating the FCC’s Universal Service Program:...

Keller and Heckman LLP

Mississippi Gaming Commission Meeting Report: March 23

Jones Walker LLP

EC Committee Issues Final Opinion on Hydroxyapatite (Nano) in Oral Cosmetic...

Bergeson & Campbell, P.C.

Beltway Buzz, March 24, 2023

Ogletree, Deakins, Nash, Smoak & Stewart, P.C.

TRENDING LEGAL ANALYSIS

Colorado Insurance Regulators Take Aim at Algorithms

Greenberg Traurig, LLP

NLRB Provides Guidance on Confidentiality & Non-Disparagement Clauses

Steptoe & Johnson PLLC

Around the World and Back Again: Tips for Global Brand Protection

Norris McLaughlin P.A.

Divided SEC Proposes Slew of Cybersecurity Regulations for Securities Market...

Squire Patton Boggs (US) LLP

Governor Whitmer Signs Law Repealing the Right to Work Act

Varnum LLP

Florida Enacts Significant Tort Reform

Hill Ward Henderson

Upcoming Legal Education Events

How To Tackle Legal Issues in 2023: Legaltech for Solopreneurs and SMB owners

Tuesday, March 28, 2023

Breakfast Training Workshop: Anatomy of A Private Equity Transaction

Wednesday, March 29, 2023

To Sell or Not to Sell - A Discussion on the Monetization of Crypto Insolvency Claims

Wednesday, March 29, 2023

Family Office Compensation and Talent: 2023 Trends and Planning

Wednesday, March 29, 2023

About this Author

Cynthia Larose Privacy Attorney Mintz Levin

Cynthia J. Larose

Chair, Privacy & Cybersecurity Practice

Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-...

[email protected]

617-348-1732

March 27, 2023

Volume XIII, Number 86

3

March 26, 2023

March 25, 2023

March 24, 2023

Article By

Related Practices & Jurisdictions

CNA Denies Cyber Insurance Claim

Latest Legal News & Analysis

TRENDING LEGAL ANALYSIS

Upcoming Legal Education Events

Legal Disclaimer