Subrogating Cyber Attacks, Merck’s Big Insurance Win and More: February Cyber Newsbytes

Subrogating a Cyber Attack

As cyber attacks continue to increase in both frequency and severity on a seemingly daily basis, it’s natural to worry about the “what ifs” involved with being a potential victim. From an insurance perspective, the claims adjuster’s first concern is making their insured whole. Once they get a complete picture of the loss, they will often determine if the responsibility and liability lie with a third party whose actions or inactions may have caused the incident. If this is found to be the case, subrogation against the third party may be a means to recover some of the loss-related expenses. A new, two-part article from  PropertyCasualty 360 provides some good examples of this scenario. It includes considerations the claims adjuster may use to determine the possibility of successful subrogation against the responsible third party. You can view part one of the article here and part two here.

Merck’s $1.4B Insurance Win

A New Jersey court ruling on Merck & Co’s successful lawsuit against its insurers for denying coverage related to the impacts of the 2017 NotPetya cyberattack adds another element to the shifting cyber landscape. An article from Bloomberg notes that Merck’s dispute is with their property insurers due to their silent position on cyber events. This stance has changed for many insurers as cyber risk has evolved. This ruling, the continued increase in ransomware activity and concern around system risk will drive changes in the cyber insurance market as 2022 continues.

RDP Exploits & Ransomware – A Cyber Criminal’s Favorite

Tracepoint CEO Chris Salsberry recently joined NetDiligence to review one of today’s cyber criminal’s favorite exploits; remote desktop protocol (RDP). For those not as technical, Chris does a fantastic job introducing RDP, explaining the use case and helping the reader understand how criminals exploit vulnerabilities to gain access to a victim’s environment. Chris also provides risk management suggestions to secure your work environment. 

2021 Cyber Insurance Regulatory Trends

In today’s market, paying a ransom to stop a ransomware attack is not the only expense an organization faces in the event of a breach. A recent interview with NetDiligence President Mark Greiser and Mullen Coughlin Partner Chris Dilenno touches on fines and penalties, as well as today’s activity levels. The word Chris used to sum things up is simply, “MORE.” Regulators are taking more active roles, conducting more detailed investigations and asking more questions. These questions are the same type of questions that the OCR asks, leading to more fines, penalties and corrective action from the state level. HIPAA-related breaches are also becoming more national in scope and financial exposure rather than just statewide. Companies face increased financial sanctions from regulators when their anemic cybersecurity protocols allow breaches to occur.

Join RCM&D and Booz Allen Hamilton for the next session in our cyber webinar series.

Hosted by RCM&D, this cyber webinar series will provide a brief update on the state of the cyber insurance market along with a detailed “ransomware readiness” presentation from Booz Allen Hamilton’s Cyber Incident Response team. The first session, which took place last month, provided insights into the education industry. The remaining sessions include an industry-focused webinar for healthcare (hospitals, physicians, senior living), and the final webinar will apply to any business or industry.

Healthcare | Thursday, February 24, 2022 | 9:00 a.m. to 10:00 a.m. EST | Register here.
All Industries | Wednesday, March 23, 2022 | 9:00 a.m. to 10:00 a.m. EST | Register here.


RCM&D is here for you to help protect your cybersecurity. Talk to a trusted advisor today with any questions on these highlighted issues and beyond.