CLM’s Alternative Dispute Resolution Committee recently held a webinar entitled, “Mediating Data Breach, Ransomware, Cyber & Privacy Lawsuits,” which focused on the increasing frequency and severity of cyberattacks, and how that increased activity has changed the insurance and legal landscapes. Below are a few takeaways from the presentation.
12:00:00 p.m.
THE SPEAKERS
Marc Harwell, Member, Harwell Law Group
Bridget Choi, Director of Incident Response, Booz Allen Hamilton
Perla Heady, Senior Claims Counsel—Cyber, Sompo International Insurance
Jean Lawler, MC3-Certified Mediator, Lawler ADR Services
12:04:46
Marc Harwell
“Just in the first half of 2021, our country was faced with the SolarWinds attack, we were faced with the Colonial pipeline attack, and the cyberattacks and ransomware attacks—they just keep coming with no diminishment in sight, and no expectation for diminishment.”
12:05:37
Bridget Choi
“I don’t think anyone honestly was prepared for the frequency and severity of cyberattacks that occurred in 2020 and 2021, and right now we’re in a position where attacks are growing not only in frequency, but severity. Critical infrastructure…is being attacked, and it’s not just large business; it’s every business.”
12:06:42
Bridget Choi
“With [a cyber insurance policy], you get a panel of very experienced highly seasoned privacy attorneys, a panel of very seasoned and highly experienced negotiators, restoration companies, media companies; you get digital forensic companies—all as part of the promise that you pay premium for.”
12:10:58
Perla Heady
“In the past, we used to see much lower [ransomware] demands. They also used to just encrypt. At this point, they’re evolving where they’re not just encrypting systems, but they’re also exfiltrating or stealing data.”
12:12:16
Perla Heady
“We’re seeing states passing more and more legislation protecting individuals from data breaches and/or providing specific rules on the way information is handled, stored, and used. A lot of these laws are eliminating the need to show damages or actual loss and provide for automatic damages.”
12:13:57
Marc Harwell
“I recently read a study that said just in the first half of 2021, the average ransomware payment had increased 82% from all of 2020, with an average payment in 2021 of $570,000, up from an average payment of $312,000 in 2020. That’s just a staggering increase.”
12:15:03
Jean Lawler
“It seems like those [data breach claims] that end up in litigation or pre-suit disputes tend to be the insured vs. an insurer, claiming that there should have been coverage for something that the insurer is not agreeing to pay, and maybe bad faith is thrown in there as a cause of action.”
12:15:56
Jean Lawler
“And then the other [type of claim] tends to be third party lawsuits—subrogation types of lawsuits where either the insurer of someone who was a victim of a data breach, or the actual victim of a data breach, is suing the alleged negligent party for allegedly allowing the breach to happen in the first place.”