Orrick Insurance Lawyers Author Article on Risk Posed by ‘Heartbleed’ Encryption Flaw

Westlaw Journal Insurance Coverage | July.25.2014

Insurance counsel Kristi Singleton and associate Richard Gallena have co-authored an article about the increase in cyber security attacks and the first- and third-party coverage that may be available under different types of insurance policies. The article, “Encryption Flaw Heartbleed Creates Data Risk: How Insurance Can Stanch the Bleeding", was published by Westlaw Journal Insurance Coverage. An excerpt from the article is below.

In early April, news broke of an encryption flaw named Heartbleed that had exposed companies to data breaches for nearly three years. Heartbleed is a vulnerability in OpenSSL, an open-source set of libraries for encrypting online services that is used by nearly two-thirds of all websites. The vulnerability allows hackers to steal personal information such as bank account information, Social Security numbers and passwords from companies, with little risk of detection.

Although the ability to escape detection makes the extent to which hackers have exploited these vulnerabilities unclear, for many companies, costs and future liabilities related to Heartbleed may be very substantial. Insurance policies may be available to help stem the hemorrhaging of financial losses and liabilities. This commentary discusses the increase in cybersecurity attacks and examines first- and third-party coverage that may be available under different types of insurance policies. It also describes state security breach notification laws that may be triggered by events like Heartbleed, as well as recent Securities and Exchange Commission guidance on disclosing cyberrisks in public filings.