X-Industry

The ramifications from the 2017 NotPetya attack, which the US government said was caused by a Russian cyber-attack in Ukraine, continues to be felt worldwide as now cyber insurers are modifying coverage exclusions; that is - expanding the definition of these attacks as an "act of war."  This 5-year-old cyber-attack appears to be leading the insurance industry on its head.

Mondelez International, parent of such popular brands as Cadbury, Oreo, Ritz, and Triscuit, was hit hard by NotPetya, with fa

A rise in any price by 92% hurts.  That's real cash like money.  This is the kind of thing that starts cutting into your whole cyber budget.  The Wall Street Journal (WSJ) recently reported, "Many US cyber insurers dramatically increased their rates during 2021, alarmed by a rash of cyber-attacks that struck companies around the world and drew the attention of national governments.  Data from regulatory filings and collated by ratings agencies shows that among the largest insurers, direct writte

Ransomware is now a primary threat for businesses, and with the past year or so considered the "golden era" for operators, cybersecurity experts believe this criminal enterprise will reach new heights in the future.  These are only a handful of 2021's high-profile victims of threat groups including DarkSide, REvil, and BlackMatter.  According to Kela's analysis of dark web forum activity, the "perfect" prospective ransomware victim in the US will have a minimum annual revenue of $100 million and

It is never easy to negotiate with criminals, especially in the cyber-world we live in.  Organizations that fall victim to a ransomware attack should never let the cyber criminals know they have cyber insurance, because if the attackers know that their victim holds an insurance policy, they are more likely to outright demand the ransom payment in full.  Criminals are smart and cunning.

Cybersecurity researchers recently examined over 700 negotiations between ransomware attackers and ransomware v

There seems to be a pattern in data breach and other cyber-attack cases.  After a data breach, a company often turns to its insurer for coverage.  Some companies have specialized cyber insurance and sometimes it does not.  Yet, even if businesses have paid for what they believe to be comprehensive cyber security risk insurance, the insurer may refuse to pay the claim.  Insurers often have many reasons for refusing coverage such as a failure to notify in a timely fashion, failure to mitigate cost

Ransomware has been a cyber security issue for the past several years and somewhat hits its peak - with the Colonial Pipeline ransomware attack.  Ransomware is defined as a form of malicious software that is designed to restrict users from accessing their computers or files stored on computers until they pay a ransom to cybercriminals.

Ransomware typically operates via the cryptovirology methods or using cryptography (encryption) to design powerful malicious software.  The software then uses sym

With cyber-attacks ramping up and up since the international pandemic, the need for proper cyber protection and cyber insurance coverage is taking on a new meaning, as well as many other business risk factors.[1]  With all the current business concerns in an ever-changing US administration priorities, the corporate risks and vulnerabilities are closely coupled with cyber security matters.  As an example, fossil fuel-energy companies and drug developers are among the most common issuers updating

As cyberattacks rise, so does the call by business leaders and shareholders to be ready to respond to a cyber incident.  Cyber insurance and a solid Incident Response plan are two critical components to make your company resilient.

Cyber attorney Shawn Tuma says one of these things is likely to influence the other, which surprises many organizations and may surprise you.  Tuma is Co-Chair of the Data Privacy and Cybersecurity Practice at law firm Spencer Fane, www.spencerfane.com.

Tuma explains

Artificial Intelligence (AI) has been viewed as the right answer to all our questions for the past few years. AI, like a lot of technology, can be used for both Good and Evil. This article explores how AI is being used on both sides of the fight.

Link to the full report: TR-20-054-001_AI hazards.pdf

As of January 1, 2020, California became the first state to permit residents whose personal information is exposed in a data breach to seek statutory damages in amounts ranging from $100-$750 per incident, even in the absence of any actual harm, with the passage of the California Consumer Privacy Act (“CCPA”).  The class actions that follow are not likely to be limited to California residents, but will also include non-California residents pursuing claims under common law theories.  At Red Sk

It is getting more expensive for organizations that are victims of ransomware attacks to recover.  The average cost more than doubled in the final quarter of 2019.  According to a recent report, an average total cost of negotiation, remediation and ransom payment is $84,116.  This amount is almost double the previous figure of $41,198.

This increase is not only the result of cybercriminals demanding higher ransom amounts, but the increase in the number of victims who are willing to pay the ranso