Merck & Co.'s proposed settlement with insurers over a $1.4 billion claim related to the NotPetya attack will change the language the insurance industry uses to exclude acts of war in its policies, and organizations need to consider how those changes affect risk, said attorney Peter Halprin.
A proposed settlement has been reached between Merck & Co. and several insurers that were appealing a 2023 court decision saying the insurance companies could not invoke "hostile warlike action" exclusions in refusing to pay drugmakers' claims filed after the 2017 NotPetya cyberattack.
Senior analyst Alla Valente discusses Forrester's "Predictions 2024: Cybersecurity, Risk and Privacy" report, which outlines five predictions to help security, risk and privacy leaders prepare for the coming year. She also discusses the significance of governance and accountability in the use of AI.
Chicago-based CommonSpirit is still waiting to hear back on its insurance claim for an October 2022 ransomware attack, but the hospital chain said disruption of some facilities and "significantly" hampered billing and collection activities contributed to a $1.4 billion operating loss for the year.
To some extent, ransomware has become like COVID-19 - a threat we all need to learn to live alongside. But Aaron Bugal, field CTO of Sophos, says there is still much that security and technology leaders can do to reduce their risk by addressing activity that often precedes a ransomware attack.
According to the latest Sophos State of Ransomware report, there is a ransomware pandemic infecting businesses across the Asia Pacific region.
Ransomware is like COVID-19 – a threat that all businesses need to learn to live with.
In this e-book, Sophos’ Field CTO for Asia Pacific Aaron Bugal discusses with...
According this report, the rate of ransomware attacks has remained steady. Sixty-six per cent of research respondents said their organization was hit by ransomware in the previous year. With adversaries now able to consistently execute attacks at scale, ransomware is arguably the biggest cyber risk facing...
It is increasingly important for healthcare entities to carefully examine their cyber and other insurance policies to see what risks are covered in the event of a cyber incident, especially as the threat landscape continues to evolve, said attorney Peter Halprin, a partner at law firm Pasich LLP.
In the latest weekly update, ISMG editors discuss the shifting dynamics of cyber insurance, why APAC is approaching privacy regulations around emerging technologies, and how U.S. authorities charged the co-founders of cryptocurrency mixer Tornado Cash with money laundering.
The cyber insurance landscape has evolved significantly over the last 10 to 15 years. Initially, renewals were relatively straightforward, but with the rise of cyberthreats such as ransomware, the market has shifted dramatically to reduce risk exposure.
Fears that cyber insurance coverage drives companies into paying ransomware demands more easily than not appear unfounded, concludes a British think tank study that also suggests insurers should do more to enact corporate discipline. Cyber insurance has been dogged by accusations of moral hazard.
Cyber insurance companies gather a lot of information on the cost of breaches, but security organizations need to know the bigger picture. Jack Jones, chairman of the FAIR Institute, discussed identifying risk and evaluating overall costs with the FAIR model.
"Insurance is a tool," said Libby Benet, the global chief underwriting officer for AXA XL. "When you buy an insurance policy, you are buying a network of professional crisis managers." In this episode of "Cybersecurity Insights," Benet discussed present and future cybersecurity insurance issues.
Hospital chain CommonSpirit has upped its estimate on the financial toll incurred by a ransomware incident last fall that disrupted IT systems and patient services at some of its facilities for weeks. But company officials reportedly expect many of the costs to be covered by the company's insurance.
Cyber insurance applicants should provide detailed responses that clarify the nature of their business to avoid claim denials in the event of a security incident. Pasich LLP Senior Managing Associate Tae Andrews urged applicants to "interrogate the interrogator" to push back on vague questions.