Businesses should plan ahead for cyberattacks

A significant breach may slow a company’s operations or cause it to cease business entirely.

A single breach resulting in the loss of personal consumer information can initiate multimillion-dollar lawsuits or even class-action lawsuits and reputational harm.

Recent news stories highlight just how much harm a cyberattack can cause to a business. In 2020, MGM Resorts, Zoom and Magellan Health all fell victim to cyberattacks. While these were multi-million dollar incidents, small businesses are also big targets.

A dog rescue group, a small toy company, and a two-location magazine store fell victim to cyberattacks in recent years.

Sometimes a cyber breach occurs because of a hole in network security. A business should regularly check its firewalls and security. Other times, a security breach happens due to a compromised email. The email may appear to come from a legitimate vendor but direct the employee to use a different link. When the employee clicks on the link, malware may be installed on the business’ network. Another way hackers infiltrate a business is through phishing. The criminal tries to get an employee to reveal confidential information, such as a bank account.

Even what might be considered a small breach can place valuable financial data, customer records, employee information and manufacturing facilities at risk. A single breach resulting in the loss of personal consumer information can initiate multimillion-dollar lawsuits or even class-action lawsuits and reputational harm.

In addition, a significant attack or breach may slow a business’ operations or cause it to cease entirely because of a loss of sales, the cost of rebuilding or paying government fines may be too much.

It’s not just monetary; company employees may fall victim to blackmail or extortion as a result of an attack. And there’s the added stress and time, as well as the need for internal and external resources that will be required to investigate and mitigate the breach.

Have an incident response plan ready

So, how can businesses mitigate the fallout related to a cyberattack? By ensuring an incident response plan is in place and that all employees are educated to understand the risks. An incident response plan is a set of instructions developed to assist a business in preparing, detecting, responding and recovering from a cyber incident. Though some businesses may be unaware, standards such as PCI-DSS (Payment Card Industry Data Security Standard) demand that security policies be in place and that a company’s employees be trained to understand their roles in protecting against data breaches and cardholder data theft.

Businesses can be directed to organizations, like the National Institute of Standards and Technology (NIST), that offer guidelines in responding to a cyber breach.

An incident response plan prepares a business for the unfortunate event of a security breach. Having a plan in place will outline who does what during an incident, including the roles of each member of the incident response team. It will also provide steps on how to contain the damage, the breach, and how to restore system integrity. There will also be instructions on how to document the incident and response for later review.

An example of an incident and its handling when cybersecurity insurance is involved follows:

The breach occurs.
The breach is discovered.
If applicable, the area where the breach occurred is secured and physical equipment collected as evidence.
The incident response team is notified and initiates the incident response plan.
Senior management is informed of the breach and provided with as much detail surrounding the breach as possible.
The incident is reported to the business’s cyber insurer. The insurer will connect the business to an incident response broker who will instruct it on the next steps, such as determining if the breach impacts state regulations or requires that law enforcement be involved. This may also include releasing a statement to the public describing the incident, damage and steps to containment.
The incident is resolved according to direction from the incident response broker and the business’ incident response plan.

It is also beneficial to retain a lawyer as part of the incident response team to ensure that all communications to outside agencies, including the business’ cyber insurer, are protected by attorney-client privilege. This becomes important in the event of a future lawsuit brought against a business as a result of a data breach. The communication between a business’ retained lawyer and others related to the incident will be considered privileged information and usually cannot be used in subsequent court proceedings.

It should be noted that once the cyber insurer is involved, they will control certain aspects related to the incident. Since the insurer will likely cover claims for loss and damage related to a breach, it wants to ensure that the business responds appropriately and quickly to reduce damages. As a result, a business may not have the final say about how a specific cybersecurity incident is handled.

When a cyber incident happens, it’s imperative that a business quickly responds to contain the breach and mitigate any future damage. By educating employees and instituting an incident response plan, small businesses will be better prepared in the event of network security infiltration.

Specific Technologies Driving Insurtech Investment in 2024

Understanding the Funding Decline The decrease in funding does not necessarily spell trouble for the insurance sector but instead highlights a strategic shift, the report suggests. “The insurance industry, like many sectors, is focusing on the most promising ventures with substantial insurance potential,” the report explains. “Insurers are directing their investments toward key areas and current trends such as embedded insurance, employee benefits, and cyber risk management. This strategic investment approach signals a forward-looking mindset within the industry.” Three Key Insurtech Trends for 2024 The report identifies three major trends shaping insurtech investments in 2024: Public Insurtech Companies: Financial and Growth Strategies The report also notes that public insurtech companies are prioritizing revenue growth as their main goal. These firms are restructuring their financial strategies to boost cash flow and capitalize on rising revenue streams. Their growth prospects are supported by expanding asset portfolios and strong market demand. “Public insurtech companies are focusing on revenue growth and optimizing their financial frameworks to increase cash flow,” the report states. “The growth potential for these companies is driven by increasing revenue opportunities, broadening asset bases, and a robust market for their services.” In summary, while global insurtech funding saw a decline in 2023, the industry’s focus on GenAI, digital process management, and connected insurance technologies is setting the stage for a dynamic and forward-looking 2024.

Business

Insurer Secures Unanimous Supreme Court Victory in New York Choice of Law Dispute

In the world of sports, a clean sweep, a shutout, or a perfect game is the ultimate achievement. In the legal arena, a unanimous decision from the U.S. Supreme Court is equally rare and significant. In a notable legal triumph, Great Lakes Insurance SE achieved a unanimous 9-0 victory in the Supreme Court on February 21, 2024. This victory follows a protracted legal battle that began in the District Court of Pennsylvania, advanced to the U.S. Court of Appeals for the Third Circuit, and culminated in the Supreme Court’s decisive ruling. Background of the Case: Great Lakes Insurance SE v. Raiders Retreat Realty Company The heart of the dispute was the insurance contract’s clause selecting New York law to govern any future legal conflicts. Although the financial implications of this case were relatively minor compared to the broader marine insurance industry, the insurer’s determination to uphold a crucial maritime legal principle has significant long-term implications for marine insurance. Faced with the insured’s counterclaims—including allegations of breach of fiduciary duty, insurance bad faith, and violations of Pennsylvania’s Unfair Trade Practices Law—the insurer was confronted with serious risks. Such claims could lead to the shifting of attorney’s fees, treble damages, and more, which might normally encourage insurers to settle rather than risk pursuing justice. However, Great Lakes Insurance, supported by The Goldman Maritime Law Group, opted to challenge the Third Circuit’s decision and seek clarity from the Supreme Court. Supreme Court Ruling: A Landmark Decision In a landmark ruling, Justice Brett Kavanaugh affirmed that choice of law provisions in maritime contracts should be upheld by default. This ruling is a major victory for establishing a consistent federal standard in maritime law and avoiding a patchwork of state laws that could complicate marine insurance disputes. The Supreme Court’s decision overturned the Third Circuit’s earlier judgment, which had questioned whether Pennsylvania’s public policy concerns might override the insurance contract’s choice of New York law. By upholding the New York choice of law clause, the Supreme Court eliminated the extra-contractual bad faith claims under Pennsylvania law, thereby ensuring that the dispute could be resolved based on the merits of the insurance claim itself. Significance of the Supreme Court’s Decision This ruling represents a significant advancement in maritime law, affirming that choice of law clauses in maritime contracts are generally enforceable. The decision establishes a clear, uniform legal framework for resolving maritime contract disputes, which will streamline the process and ensure fair adjudication of future insurance claims. Justice Clarence Thomas’s concurring opinion was particularly notable for its criticism of the 1955 Wilburn Boat v. Fireman’s Fund Insurance decision, which had previously influenced maritime insurance law. Thomas argued that Wilburn Boat was incorrectly decided and stressed that a uniform and enforceable set of rules is essential for the development of maritime law. Impact on the Marine Insurance Industry The Supreme Court’s decision sets a “bright-line” rule affirming that choice of law clauses are valid unless there is a strong argument against the selected jurisdiction. By endorsing New York’s insurance laws as a reasonable choice, the ruling supports a more consistent and predictable legal environment for marine insurers. This decision represents a major step forward in maritime law, helping insurers better assess risks, determine premiums, and ensure fair and efficient resolution of maritime insurance disputes.

Businesses should plan ahead for cyberattacks