#DtSR Podcast: Guest Host on Newscast

#DtSR RabbitI was a guest host recently on the Down the Security Rabbithole Podcast to give my take on the legal aspects of current cybersecurity news with host Rafal Los (@Wh1t3Rabbit) and co-guest host John Foster (@dearestleader). As always, it was a blast!

Listen to the Podcast  

Join the #DtSR Discussion on Twitter

For more great #DtSR content, check out the full Down the Security Rabbithole Podcast homepage and also check out these past #DtSR podcasts where I was a guest:

#DtSR Podcast: Latest Issues in Law and Cybersecurity

#DtSR RabbitI was a guest recently on the Down the Security Rabbithole Podcast to talk about cybersecurity law with hosts Rafal Los (@Wh1t3Rabbit) and Michael Santarcangelo (@Catalyst). As always, it was a blast!

Listen to the Podcast  

Join the #DtSR Discussion on Twitter

For more great #DtSR content, check out the full Down the Security Rabbithole Podcast homepage and also check out these past #DtSR podcasts where I was a guest:

SecureWorld Post: 4 Key Cyber Insurance Takeaways for Companies from Spec’s v. Hanover Lawsuit

In my latest post for SecureWorld, explain 4 key takeaways for businesses from the Spec’s v. Hanover lawsuit regarding cyber insurance. Check it out and let me know what you think:  4 Key Cyber Insurance Takeaways for Companies from Spec’s v. Hanover Lawsuit

 

Target Data Breach: What Has It Cost? What Has Insurance Covered?

Target, in a recent document filed with the Securities and Exchange Commission, provided updated information on the financial impact of its 2013 data breach:

  • It now estimates paying $264 million in breach-related costs, ranging from litigation claims to the expenses it experienced for fixing systems and sending out information at the time of the attack (previous estimate were $252 million)
  • About $90 million has been covered by ­Target’s insurers

Source: Target: SEC won’t penalize it over 2013 data breach – StarTribune.com

Cyber Insurance: Social Engineering Not Covered Under “Computer Fraud” Insurance Provision

Losses stemming from social engineering scams like the business email compromise are not covered by “computer fraud” provisions of commercial crime insurance policies according to the Fifth Circuit Court of Appeals in Apache Corp. v. Great American Insurance Co. Continue reading “Cyber Insurance: Social Engineering Not Covered Under “Computer Fraud” Insurance Provision”

Cybersecurity Legal Issues: What you really need to know (slides)

Shawn Tuma delivered the presentation Cybersecurity Legal Issues: What you really need to know at a Cybersecurity Summit sponsored by the Tarleton State University School of Criminology, Criminal Justice, and Strategic Studies’ Institute for Homeland Security, Cybercrime and International Criminal Justice. The presentation was on September 13, 2016 at the George Bush Institue. The following are the slides from Tuma’s presentation — a video of the presentation will be posted soon!

Continue reading “Cybersecurity Legal Issues: What you really need to know (slides)”

D CEO Magazine: Why Cybercriminals Are Targeting Law Firms

Many thanks to attorney and legal scholar extraordinaire John G. Browning (@therealjohnbrow) for quoting Shawn Tuma in his article in this month’s D CEO magazine: Why Cybercriminals Are Targeting Law Firms. Continue reading “D CEO Magazine: Why Cybercriminals Are Targeting Law Firms”

Cybersecurity Legal Year in Review – #DtSR Podcast

Do not miss this podcast discussing key cybersecurity legal events from 2015. Shawn Tuma joined the DtSR Gang [Rafal Los (@Wh1t3Rabbit), James Jardine (@JardineSoftware), and Michael Santarcangelo (@Catalyst)] on the Down the Security Rabbit Hole podcast.

In this episode…

  • Most important cybersecurity-related legal developments of 2015
    • Tectonic Shift that occurred with “standing” in consumer data breach claims
      • Discussion of law prior to Neiman Marcus case, and post-Neiman Marcus
      • Does this now apply to all consumer data breach cases?
      • Immediate impact? Companies now liable?
      • Lesson is in seeing the trend and how incrementalism works
      • Michaels & SuperValu case dismissals in light of Neiman Marcus
  • Regulatory Trends
    • FTC & SEC gave hints in 2014, post-emergence of Target details
    • Wyndham challenged authority – came to fruition in August 2015
    • SEC not far behind – significant case in September 2015
    • Aggressiveness of FTC is substantial – FTC v. LabMD … all over LimeWire
  • Officer & Director Liability
    • 2014 – SEC Comm. fired the warning shot … pointed the finger
    • Shareholder derivative litigation
    • Individual liability of IT / Compliance / Privacy “officers”
  • Anticipated 2016 Legal Trends
    • Regulatory enforcement … which, by the way, is why NIST is becoming default
    • Shareholder Derivative – much more likely than consumer class actions at this time
    • Lessons from both of these: when you need to persuade the “money folks” that they need to act, mention D&O Liability (especially Caremark) and Regulatory focus on individuals … now they’re in the cross-hairs
    • Realization that cybersecurity is more of a legal issue than anything else (IT or business) b/c it is the legal requirements and consequences that ultimately drive everything

Go HERE to listen to the Podcast!

Why Lawyers Need to Understand Cyber Insurance for Their Clients

Texas Bar JournalCybersecurity, data breach, cyber attacks, and cyber insurance. Unless you live under a rock, you have heard of it. You better hope your lawyer has too!

Shawn Tuma argues that the minimum standard of care for lawyers practicing in 2015-16 requires a basic understanding of cyber insurance. He recently explained that argument, along with his co-author Katti Smith, a seasoned cyber insurance professional with AIG.

The Texas Bar Journal published their article, Risky Business: Why lawyers need to understand cyber insurance for their clients, in the December 2015 issue. In the article, they explain what cyber insurance is, what kinds of policies cover cyber liability, key first-party and third-party costs that should be covered by such a policy, as well as key items that are often not covered.

Go check it out and let them know what you think.

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud and data privacy law. He is a Cybersecurity & Data Protection Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.