Cyberloss subrogation law firm – Things to keep an eye on in 2015.
Steve Vondran, Esq. is a civil litigation lawyer licensed to practice law in California and Arizona. He is a former executive counsel member for the Arizona state bar intellectual property section and a formerly worked at a web-based software company (ASP) (Timeledger.com) as digital marketing / project manager while going through law school. Attorney Steve was also one of the early “Privacy Law” consultants working for Experian to help position and implement products designed to assist with Gramm Leach Bliley (GLB) privacy compliance for financial institutions.
Mr. Vondran has also served as a volunteer legislative analyst for the Identity Theft Resource Center in San Diego, and previously worked for Epoch Internet, an Internet Service Provider based in Orange County, California. He graduated from Whittier Law School with a focus on Intellectual Property Studies. He has a passion for digital technology, software, and information systems and has designed two software programs. The Law Offices of Steven C. Vondran, P.C. handles insurance subrogation claims for several carriers in the Southwest United States region. We love to fight for our Clients and recover money due the carrier.
From the articles I read online, cyber insurance is still gaining ground, but gaining slowly. Companies are concerned about having coverage for digital risks (such as data breaches), but not all companies are jumping to get a cyber insurance policy in place to cover the insurance gaps that may exist with the general commercial liability policy. That being said, stories about data breaches and other cyberlosses continue to dominate the major news and social media. This blog discusses some of the cyber subrogation related things I have been studying. If you are a carrier and are tempted to subrogate a cyberloss case, send us an email using the contact form below. There is going to be trial and error in this line of recovery, but with a creative and tenacious team of attorneys, we believe recovery of losses is a real possibility. As the old adage goes “nothing ventured nothing gained.”
What types of business risks will brick and mortar and online business be wanting to insure against?
The following are some of the main types of “digital risks” that both small and large businesses will want to protect against. Businesses can obtain cyber insurance policies to cover both first and third-party losses.
A. Typical first party coverage items:
1. DATA BREACH / DATA LOSS (this is most important to financial, medical, online retailers, media, entertainment & technology companies and restaurants). Smaller companies with lesser resources to devote to Cybersecurity may be at greater risk of loss. Customer personal identifying information (“PII”), financial data and medical records (Private health information – “PHI) being exposed creating privacy concerns and risk of identity theft. Such information can include – diseases suffered, medications taking, social security number, date of birth, credit card payment information (what people are buying), credit card numbers, passport numbers, etc.
Typical reported losses:
a. Crisis services: Forensic investigation to identify cause of breach and patch | breach notification to affected clients (many state laws require notification to the affected persons) | costs of credit monitoring for affected clients
b. Legal fees & guidance: costs to defend data breach privacy lawsuits | costs of settlements
c. Regulatory fines and penalties and response to regulatory investigations (ex. FTC or State Attorney Generals) & PCI Fines (Payment Card Industry Data Security Standards). Fines can be from $5,000 to $500,000.
d. Loss of client due to defection (opportunity losses)
e. Public relations & reputation management costs (costs to replace lost business goodwill)
f. Costs to restore data
Some reports, for example from NetDiligence CyberClaims Study 2014, indicate that in 2014 the losses can be as high as $956 per exposed record, and average payout could be $733,109. These are staggering losses that carriers must find a way to try to recover through subrogation efforts.
Typical reasons for the losses
1. Hackers (improper network security)
2. Malware & viruses (improper network security)
3. Staff & employee mistakes & misuse (negligence, improper training, or failure to follow corporate policies)
4. Disgruntled employees (laptop, software & hardware theft which allows data exposure)
5. Social attacks (social engineering) – form of cyber espionage
2. Business interruption – For example, a loss caused by a Distributed Denial of Service (“DDOS”) attack. When businesses suffer down time, they lose orders, and lose credibility with their clients (loss of opportunity). For online retailers, this can be a significant financial loss to deal with.
3. Theft of Trade Secrets – For example technology companies that have been hacked and lost valuable trade secrets. A trade secret derives its value from being not generally known in the relevant industry. When a hacker gains access to this critical corporate information, the company can be financially ruined and all investment can be lost.
4. Online copyright infringement – with the risk of everything digital being subject to copyright laws (anything that is “fixed in a tangible medium and which is a creative work of authorship”) is protected by copyright laws whether a copyright is registered or not. Accidental and willful copyright infringement can occur by employees and staff, and there may be director and officer liability for copyright infringement.
5. Cyber extortion & cyber terrorism – This is another problem area which we will be expanding on in other blog posts.
6. Electronic media & website publishing liability – This is another area where cyber-loss claims can arise.
Potential subrogation targets for Cyber insurance losses
1. Negligent network security analysts 2. Negligent penetration testers 3. Third party IT companies 4. Internet security monitoring (managed security providers) 5. Software providers who sell buggy software that enables cybercrime (ex. not-ready for market firewalls) 6. Others
Contact a Law Firm that is ready to discuss a cyber subrogation strategy for carriers
We know what carriers want. Hard work, responsive work ethic, honesty, integrity, and to grow the bottom line by recovering losses that occur both online (digital losses) and offline (ex. fire and flood losses). Our law firm can help you map out a strategy in these areas, and we have a flexible and aggressive fee structure that we believe is the best in the legal industry. We can handle the small cases (under $50,000) on up to large cyberloss or property loss cases. Contact us at (877) 276-5084.