It’s a Scary Time for CUs, Cyber Attacks, and Insurance

May 26, 2021 at 9:16 am Leave a comment

Warren Zevon once called on his dad to bring him “lawyers, guns, and money.” Given the sharp increase in cyber-attacks, your average credit union CEO should be asking for lawyers, money, and better cyber insurance policies.

Recently, an article in The American Banker proclaimed that these are scary times for small banks and credit unions, some of which have recently been the target of ransomware attacks. Yours truly is highlighting this trend not simply because I want to scare you into action but because I believe that for many financial institutions the question is not if, but when you will find your credit union’s data being held by hackers who want money in return for allowing you to access your client’s personally identifiable information.

One of the most basic steps you can take to help protect yourself against ransomware and data theft attacks is to buy insurance. This is an issue that yours truly is also becoming increasingly obsessed about because there is a lack of clear guidelines as to precisely what a policy provides your credit union and even if your regulators are going to penalize you for using insurance proceeds to recover from ransomware payments.

My paranoia has been fueled by this recent GAO report describing an insurance industry that is scrambling to adjust to the rapidly evolving and increasingly expensive niche of cyber-attacks. For your credit unions that means that it is absolutely crucial that you get competent counsel to provide new guidance as to what is and is not covered under your policy. It also means that you should not assume that general language in your existing policy already provides you insurance protection. There are more and more cases in which this precise issue is being litigated. For example, I recently came across this case, West Bend Mutual Insurance Company v. Krishna Schaumburg Tan, Inc., in which an insurance company tried to deny coverage to a business that was sued after providing biometric data of customers to third parties.

In the medium to long term these issues will resolve themselves. Courts will scrutinize and effectively standardize basic terms. The problem is that this is little comfort to those of you confronting these issues right now. Time to call the lawyers and bring the money.

Entry filed under: General, Legal Watch, technology. Tags: , , .

Time For the Climate Change Talk Are You Prepared for the New POA requirements?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Authored By:

Henry Meier, Esq., Senior Vice President, General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association. In addition, although Henry strives to give his readers useful and accurate information on a broad range of subjects, many of which involve legal disputes, his views are not a substitute for legal advise from retained counsel.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 720 other followers

Archives