Ransomware attacks have increased in frequency over the past few years. They now rank as the second most frequent type of claim against cyber insurance policies. Experts estimate that a new business is hit with a ransomware attack every fourteen seconds. For 2019, early information is showing that the frequency of ransomware attacks may be decreasing. This seemingly positive trend comes with two significant drawbacks however.
Cyber incidents and cyber practices are testing the boundaries of the law in numerous unique ways. The length of most litigation and the relative newness of cyber technology means that many of the claims and legal principles governing those claims are still working their way through the court system. The high cost of litigation sends many of those claims to settlement talks without a firm decision to guide future cases.
The Dark Overlord hack stands at the intersection of a number of prominent issues in the modern world: terrorism, cyber warfare, confidentiality and privacy. On New Year’s Eve, 2018, a group of hackers calling themselves Dark Overlord stated they had hacked confidential legal files related to the insurance litigation that followed the 9/11 attacks. The hackers demanded a ransom from the law firm from whom the information was stolen. Apparently, the ransom was paid but the law firm breached the terms of the ransom by reporting the breach to law enforcement. Now the hackers have threatened to sell the information online through the dark web.
Insurance companies have a duty to their policyholders to attempt to settle litigation that might exceed policy limits in good faith. This duty means that insurance companies must act honestly, intelligently, and objectively in deciding whether to accept a settlement offer that stays within the policy limits. Failure to do so may result in the insurance company being liable for the entirety of the judgment against the policyholder, even if the verdict exceeds the policy limits.
When thinking about the potential to be sued, many attorneys imagine the possibility of malpractice lawsuits - suit brought by former clients alleging they did not do their job well enough. Few consider the possibility of lawsuits by adverse parties for issues such as malicious prosecution or abuse of process, which in a sense allege that the attorney did their job too well. Despite this, twenty percent of lawsuits filed against attorneys are filed by adverse parties. These cases can pose interesting challenges for attorneys and raise difficult questions under professional liability insurance policies.
You’re not in the technology industry, so you don’t need cyber liability coverage, right? Consider the amount of sensitive or confidential information about your law firm and clients that you store electronically. How would you answer that question now?