in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

BYOD Security: Because Insurers Might Have Second Thoughts On Paying Up

Good news for DSW Shoe Warehouse, Inc.: a federal appellate court has found that the company is entitled to insurance coverage of nearly $7 million in connection with a 2005 computer data breach.  The real point of the story, though: make sure you've got adequate data security software like AlertBoot protecting your information assets.

Lower and Appellate Courts in Agreement

When DSW Shoe Warehouse experienced a data breach involving the loss of 1.4 million credit cards, their insurer -- National Union Fire Insurance -- claimed that it didn't need to pony put because

DSW "had not sustained loss 'resulting directly from' the theft of customer information," and that it was an uncovered "indirect loss"[businessinsurance.com]

This, despite the fact that National Union had offered a "blanket crime policy" for computer fraud.  The lower courts disagreed with the insurer, and now the 6th U.S. Circuit Court of Appeals has upheld the lower courts' ruling:

"Without ignoring that this is a commercial crime policy directed at the insured's loss and not a commercial liability policy, our task is to determine the intention of the parties from the plain and ordinary meaning of the specific language used," said the three-judge panel's unanimous ruling.

"Despite defendant's arguments to the contrary, we find that the phrase 'resulting directly from' does not unambiguously limit coverage to loss resulting 'solely' or 'immediately' from the theft itself," said the ruling.

"In fact," said the ruling, a policy endorsement "provided coverage for loss that the insured sustained 'resulting from' the 'theft of any insured property by computer fraud'which includes the 'wrongful conversion of assets under the direct or indirect control of a computer system by means of … fraudulent accessing of such computer system.'"[businessinsurance.com]

This is great news for DSW.  After seven years, it has finally managed to get what it's due.  But, the situation raises questions and observations:

  1. The insurance companies will change their language.  I watched a rerun of The Rainmaker on TV last night, and maybe I'm being affected by it, but isn't "not paying" one of the ways insurance companies ensure policy holders' money stays with the company?  Nothing as sinister as in the movie starring Matt Damon, but the introduction of legalese and other legal vehicles is certainly used.  You can bet insurers will be reflecting on the above and make changes to contractual language so they don't get caught flatfooted the next time around (and with computer hacking, there's always a next time).

  2. Can you afford a seven-year lawsuit?  DSW may have won, but it took them seven years.  DSW is also a company with a $2.89 billion market capitalization and ranked as a Fortune 1000 enterprise that can afford such a protracted fight.  How many companies out there have signed up for a policy without DSW's financial resources, expecting to get remunerated.

  3. Is this the best way to use your resources?  Getting computer and cyber insurance is probably a good idea in this day and age.  However, the best policy is still to either eliminate (easier said than done) or minimize (definitely more manageable) the risks of being victimized.  Would it make sense to (1) use your financial resources to invest in data protection tools like mobile security software [http://www.alertboot.com/disk_encryption/disk_encryption_product_tour.aspx ; BYOD device protection] for devices and significantly reduce the risks of a breach or (2) have to hire lawyers to go after an insurer that won't pay because it thinks it doesn't have to due to a technicality, and wait seven years for that payout?

Not the First Time

Regarding point #1 above, I'm not necessarily convinced that I'm feeling a temporary Rainmaker-induced sense of indignity regarding insurance companies.  There is precedent.  For example, this one where Sony got caught with their proverbial pants down when Anonymous attacked last year.

And, again, it's a company with vast financial resources.

What about smaller companies that can't afford to lose their customers due to the negative PR that the breach has created and can't afford to match an insurance company's wherewithal in the court room?


Related Articles and Sites:
http://www.businessinsurance.com/article/20120823/NEWS07/120829934?tags=%7C299%7C75%7C83%7C302%7C303

 
<Previous Next>

Data Encryption: MacGyver Can Do All With His Trusty Swiss Army Knife But Secure Data

Data Breach Law Heat Map Verdict: Pretty

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.