‘The Future of Cybersecurity: Why There is Scope for Improvement With Josh Gold’

In this episode of CHATTINN CYBER, Marc Schein interviews Josh Gold, Cyber Insurance Lead at Anderson Kill, one of the top law firms in the North-East. Josh is a shareholder in Anderson Kill’s New York office. He has represented numerous corporate and non-profit policyholders in various industries. Josh’s practice involves matters ranging from international arbitration, data security, directors and officers insurance, business income/property insurance, commercial crime insurance, admiralty, cargo, and marine insurance disputes. He has been lead trial counsel in multi-party bench and jury trials and has negotiated and crafted scores of settlement agreements including coverage-in-place agreements.

As an individual with extensive experience working around technology, Josh explains that technology is here to stay. Young attorneys can eye many opportunities in this area, counseling and guiding clients in the times to come.

Josh explains the landmark decision during the DFW case. He describes the fraud that happened and why it was a hard-fought case. He further shares that there has been some real traction for policyholders in getting insurance coverage for cyber-related claims today, not just under a cyber policy but also under many other business insurance policies.

Josh also talks about Landry’s case. He explains how they had their payment card information stolen. Landry’s got into a fight with their merchant bank, claiming that their retailer was responsible for the breach of their customers’ payment card information. The legal fight between the merchant bank and Landry’s lasted a while. However, Landry’s was, in the end, able to secure a decent win. Josh further expands on various property insurance cases in 2020 and how insurance coverage works in those cases.

Josh and Marc discuss the threats due to cybersecurity breaches in the future and why it could go beyond money and information to bodily injuries and threats to life. He explains the importance of cyber hygiene and why we need to be more thoughtful about such instances in the future.

Josh ends the conversation on an optimistic note and shares that there is scope for preventing cybersecurity crimes in the future. He shares that sound backup systems and cybersecurity hygiene could help us in the same.

Highlights:

“The changes in tech are exponential each year, and sadly, for our clients and for society at large, I don’t think cybercrime is going away, I think we’re going to be living with a lot of problems, a lot of perils. And I think they’re only going to get worse before they get better.”

“It was a hard-fought case [DFW case]; it took years to secure both the district court and the circuit court appellate rulings that we obtained, but a very good day for policyholders and I think we’re starting to see some real traction for policyholders getting insurance coverage for cyber-related claims, not just under a cyber policy, but under lots of other business insurance policies.”

“For really serious breaches, you may need all of that coverage to really fit all of the pieces of the puzzle involving the losses and damages that certainly arise from a breach.”

“If you had 10,000 great employees who were observing good hygiene, it just takes one or five of them to maybe compromise the organization systems.“

“I’m hoping that as we all become more sophisticated users, either as individuals in our personal lives or in our professional lives, when we’re remote, learning, remote working, communicating with our own devices, even if it’s through a web portal, we’re more careful about these things.”

“It’s my hope that between maybe having good backup systems that are insulated from your day to day computing operations, and then having kind of this – if all else fails group that can help you for free, get decryption tools, get your data back without having to pay a hefty ransom. That gives me some hope, that gives me some optimism that there can be an ability to fight back against some of these really strong and sophisticated cyber games that are obviously roaming the world right now, at least virtually causing all kinds of criminal mischief.”

Time-Stamps:

[00:47] – Josh Gold shares his background and about working with Anderson Kill

[04:16] – Learn in detail about the DFW case

[08:47] – About Landry’s case and how Landry’s won in the end

[13:29] – How can policyholders be hopeful about winning in the end?

[15:24] – The importance of maintaining cyber hygiene

 

 

Solving Cyber Disputes Through Arbitration- with Peter Halprin

In this episode of Chattinn Cyber, Marc Schein interviews Peter Halprin. Peter is an insurance lawyer and an arbitrator. He teaches international arbitration at Cardozo. In addition to teaching, he also writes articles and other academic pieces about different areas of arbitration.

In today’s episode, Marc and Peter talk about the challenges faced by cyber insurance, silent cyber, and arbitration. Arbitration is an alternative means of handling disputes. Peter says for sophisticated entities, especially in the cyber context, arbitration can be a really good way to resolve disputes. Apart from choosing the people to resolve the dispute, the main benefit of arbitration is that it is confidential, so you don’t have to talk about the embarrassing cyber breach or security lapse. They also talked about how the insurance coverage and mindsets of businesses changed in recent years.

Peter shared the case of G&G company. Recently the G&G company faced a ransomware attack. The company made the payment and looked to their prime carrier for reimbursement.. The carrier denied saying it was a voluntary payment and wasn’t related to the use of computers as is required under computer fraud coverage in the prime policy. The trial court agreed with the insurer saying there was no coverage, but the Supreme Court disagreed, saying the judgment for the insurer was inappropriate on two grounds. One is that they think that the use of computer could have been implicated here, and there was some measure of fraud that caused the transfer. The interesting thing about this case is that all of this stems from the idea that what enabled the ransomware attack was actually a spear-phishing or other campaign at the outset.  linkage. This is something to be considered.

Peter suggests that when you face challenges with BI claims, make sure you have the right legal counsel involved, involve forensic accounting, and work with the right broker to support you from the claims perspective. He wraps the episode telling us that it seems like because there are so many claims, carriers are very quick to bring in coverage council on their side. So, he calls upon carriers and brokers to work together on that outset.

 

Time-Stamps:

[00:53] – How did he become an insurance lawyer?

[03:09] – The benefit of cyber arbitration

[05:30] – The challenges people are facing with cyber insurance in 2021

[09:25] – The case of  G&G Oil Company

[09:52] – The obligations of cyber laws

[14:33] – Peter’s advice to people facing ransomware challenges

[16:33] – The wreak havoc of ransomware in the pandemic

[17:37] – How does ransomware affect the business income loss?

[20:10] – What the companies need to do at the moment?

[22:30] – What should be the coverage of your insurance?

[23:47] – Closing thoughts

 

Key Quotes:

“Arbitration is a really good place for cyber disputes.”- Peter [04:11]

“The main benefit of cyber arbitration is that it is confidential. And you also get to choose the people who resolve your dispute.” – Peter [03:42]

“The tentacles of cyber issues and where they pop up are unlimited.” -Peter [09:43]

“Just because you paid the ransomware, it doesn’t mean that you are necessarily in the clear. The actor can still remain in your system. Your data can still be corrupted. And dealing with OFAC and other guidance out there, there is a possibility that you may be transferring money to a sanctioned actor. And now you are exposing yourself to additional legal liability.” Peter [15:50]

“In terms of forensic accounting, clients should always check their policies to see what kind of coverage they have. Those people speak 1010 to each other, and so it’s important to have two people that speak like that to each other to resolve the issues.”- Peter [20:36]

“Having the right team in place both in the underwriting and the claim side is essential.”- Peter [22:18]

“Don’t limit your insurance to risk management.”- Peter [22:30]

“Casting your insured in a defensive position in the midst of a crisis is not the best thing to do for customer relations or otherwise.”- Peter [24:23]