Posts Tagged ‘Insurance’

Changing the Cyber Security Playing Field in 2015

Posted by Paul Ferrillo, Weil, Gotshal & Manges LLP, on Tuesday January 20, 2015 at 8:36 am
  • Print
  • email
  • Twitter
Editor’s Note: Paul A. Ferrillo is counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation. This post is based on a Weil Alert authored by Mr. Ferrillo; the complete publication, including footnotes, is available here.

“If this incident [Sony] isn’t a giant wake-up call for U.S. corporations to get serious about cybersecurity, I don’t know what is. I’ve done more than two dozen speaking engagements around the world this year, and one point I always try to drive home is that far too few organizations recognize how much they have riding on their technology and IT operations until it is too late. The message is that if the security breaks down, the technology stops working—and if that happens the business can quickly grind to a halt. But you would be hard-pressed to witness signs that most organizations have heard and internalized that message, based on their investments in cybersecurity relative to their overall reliance on it.”

— Author Brian Krebs, Dec. 20, 2014.

“For those worried that what happened to Sony could happen to you, I have two pieces of advice. The first is for organizations: take this stuff seriously. Security is a combination of protection, detection and response. You need prevention to defend against low-focus attacks and to make targeted attacks harder. You need detection to spot the attackers who inevitably get through. And you need response to minimize the damage, restore security and manage the fallout.”

— Professor Bruce Schneier, Dec. 19, 2014.

Without a doubt, the last month in the world of cyber security has been tumultuous. It has now been confirmed that two companies in the United States have potentially been the subject of cyber-terrorism. Servers have been taken down or wiped out. Businesses have been significantly disrupted. Personally identifiable employee information has been shoveled by the pound onto Internet credit card “market” sites. The cyber security world has changed. And two of the most respected men in cyber security have both iterated similar messages: it is time for U.S. corporations to take this stuff seriously.

…continue reading: Changing the Cyber Security Playing Field in 2015

The Importance of a Battle-Tested Cyber Incident Response Plan

Posted by Paul Ferrillo, Weil, Gotshal & Manges LLP, on Friday December 19, 2014 at 9:00 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Paul A. Ferrillo, counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation, and is based on a Weil Alert authored by Mr. Ferrillo.

“The scope of [the Sony Pictures Entertainment (SPE)] attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public…. The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.”

— Remarks by Kevin Mandia, “Sony Investigator Says Cyber Attack ‘Unparalleled’ Crime,” Reuters, December 7, 2014. [1]

“The days of the IT guy sitting alone in a dark corner are long gone. Cybersecurity has become an obvious priority for C-Suites and boardrooms, as reputations, intellectual property and ultimately lots of money are on the line.”

— Priya Ananda, “One Year After Target’s Breach: What Have We Learned?” November 1, 2014. [2]

“Resiliency is the ability to sustain damage but ultimately succeed. Resiliency is all about accepting that I will sustain a certain amount of damage.”

— NSA Director and Commander of U.S. Cyber Command Admiral Mike Rogers, September 16, 2014. [3]

We have definitively learned from the past few months’ worth of catastrophic cyber security breaches that throwing tens of millions of dollars at “preventive” measures is simply not enough. The bad guys are too far ahead of the malware curve for that. [4] We have also learned that there are no such things as quick fixes in the cyber security world. Instead, the best approach is a holistic approach: basic blocking and tackling such as password protection, encryption, employee training, and strong, multi-faceted intrusion detection systems [5] really trump reliance on a “50 foot high firewall” alone. But there are also two more things that are critical to a holistic cyber security approach: a strong, well-practiced Incident Response Plan (IRP), and, as Admiral Rogers noted above, the concept of cyber-resiliency, i.e., the ability to take your lumps, but continue your business operations unabated.

In this post, we tackle two questions: (1) What are the essential elements of a Cyber IRP? and (2) Why are IRPs so important to your organization?

…continue reading: The Importance of a Battle-Tested Cyber Incident Response Plan

Cyber Security, Cyber Governance, and Cyber Insurance

Posted by Paul Ferrillo, Weil, Gotshal & Manges LLP, on Thursday November 13, 2014 at 9:07 am
  • Print
  • email
  • Twitter
Editor’s Note: Paul A. Ferrillo is counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation. This post is based on an article authored by Mr. Ferrillo and Christine Marciano, President of Cyber Data Risk Managers.

JP Morgan Chase. Community Health Systems. The Home Depot. Kmart. There has been no shortage of data breaches in recent weeks—with new developments on an almost daily basis. The age of cyber hactivisim, cyber extortion, and cyber terrorism is here, and it is not going away any time soon.

Data security issues are no longer just an IT Department concern. Indeed, they have become a matter of corporate survival, and therefore companies should incorporate them into enterprise risk management and insurance risk transfer mechanisms, just as they regularly insure other hazards of doing business. As the number of data breaches has increased, the demand for cyber insurance has likewise dramatically increased more than that for any other insurance product in recent years. Every board of directors should be questioning its officers and management as to “whether or not its company should be purchasing cyber insurance to mitigate its cyber risk.” If management answers, “Oh, it costs too much,” or “Oh, it will never pay off,” second opinions should be obtained. Rapidly. Because neither answer is correct.

…continue reading: Cyber Security, Cyber Governance, and Cyber Insurance

Update on Directors’ and Officers’ Insurance in Bankruptcy

Posted by Kobi Kastiel, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Wednesday September 24, 2014 at 9:02 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Douglas K. Mayer, Of Counsel in the Restructuring and Finance Department at Wachtell, Lipton, Rosen & Katz, and is based on a Wachtell Lipton memorandum by Mr. Mayer, Martin J.E. Arms, and Emil A. Kleinhaus.

Directors’ and officers’ (“D&O”) insurance coverage continues to represent a key element of corporate risk management. See memo of July 28 2009. A decision in the bankruptcy of commodities brokerage MF Global, In re MF Global Holdings Ltd., No. 11-15059 (S.D.N.Y. Sept. 4, 2014), provides a recent illustration of how D&O insurance may be treated upon the bankruptcy of the insured company, depending on the specific structure and terms of the insurance at issue.

…continue reading: Update on Directors’ and Officers’ Insurance in Bankruptcy

Cyber Governance: What Every Director Needs to Know

Posted by Kobi Kastiel, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Thursday June 5, 2014 at 9:23 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Paul A. Ferrillo, counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation, and is based on an article authored by Mr. Ferrillo.

The number, severity, and sophistication of cyber attacks—whether on our retail economy, our healthcare sector, our educational sector or, in fact, our government and defense systems—grows worse by the day. [1]

Among the most notable cyber breaches in the public company sphere was that hitting Target Corporation (40 million estimated credit and debit cards allegedly stolen, 70 million or more pieces of personal data also stolen, and a total estimated cost of the attack to date of approximately $300 million). [2] Justified or not, ISS has just issued a voting recommendation against the election of all members of Target’s audit and corporate responsibility committees—seven of its ten directors—at the upcoming annual meeting. ISS’s reasoning is that, in light of the importance to Target of customer credit cards and online retailing, “these committees should have been aware of, and more closely monitoring, the possibility of theft of sensitive information.” [3]

…continue reading: Cyber Governance: What Every Director Needs to Know

How Much Protection Do Indemnification and D&O Insurance Provide?

Posted by Yaron Nili, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Wednesday May 28, 2014 at 9:02 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Jon N. Eisenberg, partner in the Government Enforcement practice at K&L Gates LLP, and is based on a K&L Gates publication by Mr. Eisenberg; the complete publication, including footnotes, is available here. This post is part of the Delaware law series, which is cosponsored by the Forum and Corporation Service Company; links to other posts in the series are available here.

We consider below how advancement of legal fees, indemnification, and insurance operate when officers and directors become involved in regulatory investigations and proceedings. Part I addresses the enhanced risk officers and directors face today in an Age of Accountability. Part II addresses advancement of legal fees, which may be discretionary or mandatory depending on a company’s by-laws. Part III covers indemnification, which generally requires at least a conclusion that the officers and directors acted in good faith and reasonably believed that their conduct was in, or at least not contrary to, the best interests of the corporation. Part IV examines insurance coverage, which varies from carrier to carrier and may or may not provide meaningful protection. Finally, Part V summarizes the principal lessons from the analysis. Although there is significant overlap with similar principles that apply to private litigation, we limit our discussion here to advancement, indemnification, and insurance for regulatory investigations and proceedings.

…continue reading: How Much Protection Do Indemnification and D&O Insurance Provide?

Labor Representation in Governance as an Insurance Mechanism

Posted by E. Han Kim, University of Michigan, Ross School of Business, on Tuesday May 27, 2014 at 9:12 am
  • Print
  • email
  • Twitter
Editor’s Note: E. Han Kim is Professor of Finance at the University of Michigan.

Worker participation in corporate governance varies across countries. While employees are rarely represented on corporate boards in most countries, Botero et al. (2004) state “workers, or unions, or both have a right to appoint members to the Board of Directors” in Austria, China, Czech Republic, Denmark, Egypt, Germany, Norway, Slovenia, and Sweden. Such board representation gives labor a means to influence corporate policies, which may affect productivity, risk sharing, and how the economic pie is shared between providers of capital and labor.

…continue reading: Labor Representation in Governance as an Insurance Mechanism

Multiple-Based Damage Claims Under Representation & Warranty Insurance

Posted by Noam Noked, co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Tuesday November 26, 2013 at 9:16 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Jeremy S. Liss, partner focusing on capital markets and mergers and acquisitions at Kirkland & Ellis LLP, and is based on a Kirkland publication by Mr. Liss, Markus P. Bolsinger, and Michael J. Snow.

Private equity funds are increasingly using representations and warranties (R&W) insurance and related products (such as tax, specific litigation and other contingent liability insurance) in connection with acquisitions as they become more familiar with the product and its advantages. [1] Acquirors considering R&W insurance frequently raise concerns about the claims process and claims experience. A recent claim against a policy issued by Concord Specialty Risk (Concord) both provides an example of an insured’s positive claims experience and highlights the possibility for a buyer to recover multiple-based damages under R&W insurance.

R&W Insurance Advantages

Under an acquisition-oriented R&W policy, the insurance company agrees to insure the buyer against loss arising out of breaches of the seller’s representations and warranties. The insurer’s assumption of representation and warranty risk can result in better contract terms for both buyer and seller. For example, the seller may agree to make broader representations and warranties if buyer’s primary recourse for breach is against the insurance policy, and the buyer may agree to a lower cap on seller’s post-closing indemnification exposure as it will have recourse against the insurance policy. In addition, R&W insurance often simplifies negotiations between buyer and seller, resulting in a more amicable, cost-effective and efficient process.

…continue reading: Multiple-Based Damage Claims Under Representation & Warranty Insurance

FDIC Cautions Financial Institutions Regarding Increase in D&O Insurance Exclusions

Posted by Noam Noked, co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Saturday November 9, 2013 at 9:07 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from John Dugan, partner and chair of the Financial Institutions Group at Covington & Burling LLP, and is based on a Covington & Burling E-Alert.

The FDIC last week issued a Financial Institution Letter advising financial institutions and their directors and officers of the increased use of exclusionary terms or provisions in D&O policies, and the resulting increased risk of uninsured personal civil liability for directors and officers. (FIL-47-2013, October 10, 2013).

The FDIC Letter urges the directors of financial institutions to make well-informed choices about D&O coverage, including consideration of costs and benefits, exclusions and other restrictive terms in proposed policies, and the implications for personal financial liability for directors and officers.

D&O insurance is a critical asset for financial institutions and their directors and officers, and the FDIC Letter expressly affirms that the purchase of D&O insurance serves a valid business purpose. The FDIC’s Letter is also a timely reminder that the D&O insurance market is in constant flux and that—in addition to seeking advice from insurance brokers—directors should consider seeking advice from experienced coverage counsel to gain a better understanding of the potential impact of restrictive provisions in proposed policies.

…continue reading: FDIC Cautions Financial Institutions Regarding Increase in D&O Insurance Exclusions

NY State Department of Financial Services at the One-Year Mark

Posted by Noam Noked, co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Tuesday May 28, 2013 at 9:21 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Jayant W. Tambe, partner focusing on litigation concerning securities, derivatives, and other financial products at Jones Day, and is based on a Jones Day commentary; the full text, including footnotes, is available here.

Since the New York State Department of Financial Services (“DFS”) began operations in late 2011, the agency appears to have lived up to its billing as an activist regulator of insurers and financial institutions. DFS has taken on several novel issues and will likely continue to do so. Insurers and financial institutions doing business in New York should keep DFS on their radar given the scope of its regulatory mandate and its initial enforcement activities since inception. Institutions outside New York may also want to monitor DFS’s initiatives, which may pique the interest of federal or state law enforcement and regulatory agencies in other jurisdictions and lead to similar or parallel initiatives.

DFS’s Actions Since Inception

On October 3, 2011, the former New York State Banking and Insurance Departments were combined to create DFS. The 4,400 entities DFS supervises have about $6.2 trillion in assets and include all insurance companies in New York, all depository institutions chartered in New York, the majority of United States-based branches and agencies of foreign banking institutions, mortgage brokers in New York, and other financial service providers.

…continue reading: NY State Department of Financial Services at the One-Year Mark

Next Page »
 
  •  » A "Web Winner" by The Philadelphia Inquirer
  •  » A "Top Blog" by LexisNexis
  •  » A "10 out of 10" by the American Association of Law Librarians Blog
  •  » A source for "insight into the latest developments" by Directorship Magazine