In a report released November 23, Moody’s Investors Service announced that the implications of cyber threats could start taking a higher priority in its credit analysis. Moody’s said it views cyber threats as similar to other extraordinary event risks, such as a natural disaster. “While we do not explicitly incorporate cyber risk as a principal […]
Cyber Risk
FFIEC Warns of Increase in Cyber Attacks Involving Extortion, Encourages Financial Institutions to Develop Response Programs
Last week, the Federal Financial Institutions Examination Council (FFIEC) issued a joint statement warning of an “increasing frequency and severity of cyber attacks involving extortion.” The statement warned that criminals have been extorting financial institutions using a variety of tactics, including denial of service attacks, theft of sensitive information, and use of “ransomware,” which is […]
The Supreme Court To Resolve Whether a Violation of a Statutory Right Confers Article III Standing
The Supreme Court’s recent decision to hear the appeal in Spokeo, Inc. v. Robins may have significant implications for data breach litigation in particular and consumer class action litigation generally. At issue is whether a plaintiff who has suffered no actual injury or harm nonetheless has standing under Article III of the United States Constitution […]
New York State Regulator to Examine Insurers on Cybersecurity Following Comprehensive Risk Assessments
On March 26, 2015, Benjamin Lawsky, Superintendent of the New York State Department of Financial Services (DFS), sent a letter to the CEOs, General Counsel, and Chief Information Officers of all insurers doing business in the state to inform them of a mandatory cybersecurity questionnaire and the initiation of targeted cybersecurity examinations. Approximately 160 insurers […]
FFIEC Issues Warnings on Malware and Cyber Attacks
The Federal Financial Institutions Examination Council (FFIEC) has issued two joint statements warning of specific cyber risks. The warnings, which were issued on March 30, 2015, address risks arising from destructive malware, which can destroy sensitive data, and cyber-attacks that compromise user credentials. In both statements, the FFIEC also provides guidance on how to mitigate […]