For approximately the past decade, cryptocurrencies were used by those who wanted to transact business anonymously and without oversight or restrictions imposed by any governmental authority.  More recently, the concept of cryptocurrencies has been used to raise capital outside of traditional financial structures.  Indeed, the rise of raising money through the issuance of “virtual tokens” using “Initial Coin Offerings” (“ICOs”) has caused a sharp rise in the prevalence and market value of cryptocurrencies.

Those involved with cryptocurrencies believe that their virtues include stronger security against theft, easier transactions, and insulation from government-induced currency fluctuations, among other things.  But the inescapable reality is that hackers, technical errors, and fraud happen.  In addition, regulators have been taking notice and have been attempting to flex their authority, although the manner in which any given regulation applies to cryptocurrencies is far from certain.  One thing that is certain, is that the cryptocurrency “industry” poses unique and evolving risk.  Given this, the insurance industry is also engaged in attempting address the needs of this emerging market, although underwriters can be expected to rigorously assess the risks posed, and insurance procurement can be a challenge for some. Continue Reading The New Money: Cryptocurrencies and the Role of Insurance

Social engineering and electronic impersonation scams have increased in recent years, as have cases involving resulting claims for insurance coverage. Claims typically involve the impersonation of a company executive, employee, or client and a fraudulent electronic communication directing an employee of the policyholder to transfer funds to another account. As outlined in our update of November 8, 2017, courts differ significantly as to whether or not this situation triggers coverage under a standard crime policy or fidelity bond. For example, some courts have held that the scheme does not produce a loss “resulting directly” from the “use of a computer” as required for certain “computer fraud” coverage. E.g., Apache Corp. v. Great Am. Ins. Co., 662 Fed. Appx. 252, 258 (5th Cir. 2016); Incomm Holdings, Inc. v. Great Am. Ins. Co., No. 1:15-cv-2671-WSD, 2017 WL 1021749, at *8-*10 (N.D. Ga. Mar. 16, 2017). Other courts have reached the opposite conclusion and found coverage. E.g., Medidata Solutions, Inc. v. Fed. Ins. Co., 268 F. Supp. 3d 471, 477-78 (S.D.N.Y. 2017), aff’d 729 Fed. Appx. 117 (2d Cir. 2018); Principle Solutions Grp., LLC v. Ironshore Indem., Inc., No. 1:15-CV-4130-RWS, 2016 WL 4618761, at *2, *5 (N.D. Ga. Aug. 30, 2016).

Continue Reading False Pretense Exclusion No Bar to Coverage of Fraudulent Impersonation Scams

The recent series of significant hacks to Marriott, Target, Anthem, Home Depot, and other businesses make it clear that there is now another inevitable event to add to death and taxes, namely intrusions to businesses’ on-line databases of their customers’ personal information. These intrusions include outside vigilante hackers who are simply trying to sell their services and then try to incite the government or private plaintiffs to assert damage claims against the targeted businesses from the exploited vulnerabilities. To counteract the inevitability of such intrusions, cyber-security providers and insurance companies are now considering offering a new product that would combine guarding against unwanted intrusions with guaranteed coverage for the cost of the inevitable hack. The product would basically warrant that there will be no damaging access or release of on-line data, and would provide a specified but limited payment to compensate for any damages should an intrusion and/or release of data nonetheless occur. Continue Reading Developments in Cyber-Coverage Options

The European Union’s Global Data Protection Regulation (GDPR) took effect on May 25, 2018, and drastically expanded the compliance obligations of companies involved in the collection, use, and management of any European Union citizens’ data. The GDPR imposes a strict regulatory scheme with steep penalties for non-compliance, with maximum fines set at the greater of 20 million Euros or 4% of a company’s annual worldwide revenue. GDPR Art. 83, § 5. Please refer to Perkins Coie’s GDPR Resources for a more comprehensive overview. Continue Reading Will your cyber policy provide coverage for GDPR violations?

Welcome to The Perkins Coie Tech Risk Report, a source for updates on, and analysis and interpretation of, insurance issues relevant to emerging technologies. We will address coverage issues related to cyber coverage, privacy, digital assets like cryptocurrency, Blockchain and other emerging technologies. The blog is written for start-ups and other companies dealing with emerging issues in the technology industry.

Attorneys from Perkins Coie’s Insurance Recovery Group will be the primary content authors. They will be joined from time to time by attorneys from other practice groups, such as the firm’s Blockchain and Virtual Currency, Emerging Companies, Technology Transactions and Privacy and Data Security practice groups.

Please sign up to receive our postings. We welcome your feedback, comments, and questions, and we look forward to our conversations. Thank you for visiting!

The potential for cyberattacks and data breaches continues to loom large in any company’s calculus of risk, with events like the recent WannaCry attack only highlighting the threat. For years, the insurance industry has responded in kind by offering variations on forms of cyber risk insurance. However, not all policies are created equal. It is important for the insured to be aware of what is covered—and what is not.

At its most basic level, cyber risk insurance can be divided into first-party and third-party coverages. Most policies will contain some combination of these coverage types. Both of these coverages potentially contain pitfalls for the unwary.  Continue Reading How to Protect Against Cyber Liability Threats

Even though cyber breaches—hacks, ransomware attacks, denial or delay of service attacks, malware, phishing and the like— have existed for years, coverage under actual cyber policies (as opposed to CGL, D&O, or crime policies) is now starting to be litigated. One of the early issues that has been addressed under a cyber policy is if cyber policies provide coverage for Payment Card Industry (PCI) fees assessed by credit card companies in case of a data breach for which the insured is ultimately liable. In P.F. Chang’s China Bistro, Inc. v. Federal Insurance Co., No. CV-15-01322-PHX-SMM,  2016 WL 3055111 (D. Ariz. May 26, 2016), the court answered that question in the negative under the cyber policy at issue there. Continue Reading Cyber-Policy Coverage for Payment Card Industry (PCI) Fees

Does your business manufacture autonomous vehicles, supply components or software for use in autonomous vehicles, or otherwise incorporate autonomous vehicles into its business plan? For any venture involving autonomous vehicles, there are new risks that your business should understand and insure.

But first, what exactly qualifies as an autonomous vehicle? There are varying levels of automation, and before evaluating insurance options, it is important to understand the levels of automation. The Society of Automotive Engineers (SAE) has established levels of automation on a scale of 0 to 5, from no automation to full automation, respectively. The full chart created by SAE in its standard J3016 is available here. Continue Reading Autonomous Vehicles: New Risks in A Driverless World