Regulatory Guidance on Cyber Breaches and Impact on the Insurance Market, New York Law Journal

By Eric B. Stern, partner and co-deputy chair of the data privacy and cybersecurity practice, Andrew A. Lipkowitz, attorney,  and Kelly S. Geary

New York Law Journal  l  May 13, 2021

As cybersecurity incidents continue to rise in frequency and severity, it is important for cyber insurance underwriters as well as insureds to be familiar with the laws and regulations that may impact cyber coverage.

This article will discuss the recent guidance issued by government regulators, including the recent New York Department of Financial Services’ (DFS) framework with respect to insuring against cyber attacks, and their potential impact on insurance companies and insureds. This article will also discuss recent trends in the cybersecurity insurance market, including how insurance companies have tightened underwriting standards to help meet the challenge of insuring against this growing risk.

Recent Claim Trends in Cyber Insurance

On April 26, 2021, leaked data from the Washington, D.C. Metropolitan Police Department appeared online after the department was hit by a ransomware attack. The data that was posted online included screenshots of arrest records and internal memos. The group that claimed responsibility for the attack, Babuk, threatened to leak further data if their ransom demands were not met within three days, including information about police informants. Babuk claimed to have downloaded a total of 250 gigabytes of data. As of this writing, there is no information about whether the Metropolitan Police paid the ransom.

Read more at the full article.