• Brooklyn Law School, JD, 1992
  • College of Mount Saint Vincent, BS, 1980

Judith Selby is a partner in the New York office. Focused primarily on insurance coverage matters, Judy represents clients in all phases of large scale, complex first and third party insurance issues. She has extensive experience handling insurance coverage trials in the US and international arbitrations in London.

Judy's practice concentrates on coverage for exposures arising out of emerging technology, digital, and compliance risks. She serves as coverage and monitoring counsel for cyber insurers and also counsels insurers on cyber insurance product development, policy wordings, and silent cyber issues.

Judy’s experience includes coverage opinions, all phases of coverage litigation through trial and appeal, and international arbitrations involving environmental, toxic tort, cyber/privacy, BIPA, TCPA, business interruption, bad faith, pharmaceutical products, and COVID-19 exposures. She also provides insurance due diligence advice in connection with mergers and acquisitions, run offs, and adverse development cover transactions.

Judy was named as a 2021 Insurance Trailblazer by the National Law Journal and won JD Supra 2021 Readers’ Choice Awards in Insurance (number 1) and Cybersecurity (top 10) and was a finalist for the 2015 CLM Outside Professional of the Year award. She has been an invited speaker at prominent industry conferences on privacy, cyber, and related insurance issues, and she is frequently featured in various publications, including the Wall Street Journal, Fortune, Forbes, and Law360. Judy also has also authored three eBooks: A Closer Look at Cyber Insurance, Demystifying Cyber Insurance, and Big Data for Business Leaders.

Judy has completed advanced courses at the Massachusetts Institute of Technology (MIT) and Harvard Business School in the areas of big data, crisis management/business continuity, cybersecurity, the Internet of Things (IoT), and finance, as well as courses in cloud computing and the Data Protection Officer (DPO) role under the GDPR.

Judy contributed to Kennedys' 'Global forecast 2024: Evolving insurance risks' report, published in January 2024.

Qualifications and admissions

  • District of Columbia
  • New York

Market recognition

  • Recognized as a “Top Legal LinkedIn Influencer” by TBD Marketing (2024)
  • Selected as the Zywave Cyber Risk Lawyer of the Year (2023)
  • Selected to the Insurance Authority Specialty Lines Editorial Advisory Board for Law360 (2023)

Presentations and publications


  • “Ransom-ready: Navigating recovery, remediation and legalities,” In-House Client Training (June 2024)
  • “Emerging cyber claims issues,” In-House Client Training (January 2023, November 2023, February 2024, March 2024)
  • “Where cyber and D&O meet IP: The SEC cybersecurity disclosure rule,” In-House Client Training (February 2024)
  • “Privacy litigation update and trends,” In-House Client Training (February 2024)
  • “Document and file management,” In-House Client Training (October 2023)
  • “Cyber Insurance Coverage for Business Email Compromises and Ransomware Attacks: Current Trends and Developments,” In-House Client Training (June 2023)
  • “Expert Insights: The Impact of the Meta Case on Cyber Insurance,” presented to the Cyber Insurance Academy (June 2023)
  • “Business interruption – Avoiding surprises and improving the claims process,” In-House Client Training (February 2023)
  • “Legal issues arising from cyber claims,” In-House Client Training (November 2022)
  • “Cyber claims handling issues,” In-House Client Training (September 2022)
  • “Silent Cyber Issues,” In-House Client Training (June 2022, September 2022)
  • “Kennedys US Cyber Team Capabilities + Current trends discussion,” In-House Client Training (July 2022)
  • “US Privacy & Cybersecurity Legal Landscape & Impacts on Cyber Insurers + overview of emerging cyber claims handling issues,” In-House Client Training (June 2022)
  • “The Risk of Silent Cyber Claims,” In-House Client Training (December 2021)
  • “The Risk of Silent Cyber Claims,” presented at the NAMIC Annual Convention (September 2021)
  • “Legal Industry - Friend or Foe of Cyber Security?” presented for CIISEC (September 2021)


  • Co-author, “Ninth Circuit rules that California Insurance Code § 533 bars coverage for a settled malicious prosecution lawsuit,” published for Kennedys (April 2023)
  • Co-author, “Minnesota Federal Court rules Cyber Business Interruption clause covers funds lost in fraudulent wire transfer incident,” published for Kennedys (December 2022)
  • Co-author, “Connecticut’s new consumer data privacy law: a New Haven for privacy protection? Not exactly,” published for Kennedys (May 2022)
  • Co-author, “An in-depth look at the target decision finding that loss-of-use damages included costs of replacing payment cards compromised in data breach,” published for Kennedys (April 2022)
  • Co-author, “Virginia Slim- A cheat sheet for the Utah Consumer Privacy Act,” published for Kennedys (March 2022)
  • Co-author, “What one court giveth, a brother court taketh away: Thermoflex and 3 policy exclusions in the context of BIPA,” published for Kennedys (March 2022)
  • Co-author, “What is hostile or warlike?: An in-depth look at the Merck war exclusion decision and its shortfalls,” published for Kennedys (January 2022)
  • Co-author, “In a new BIPA decision, coverage barred by Employment-Related Practices exclusion, but not by Access or Disclosure of PI exclusion,” published for Kennedys (January 2022)
  • Co-author, “Seventh Circuit punts BIPA claim accrual question to Illinois Supreme Court,” published for Kennedys (December 2021)
  • Co-author, "’Cyber-ing around the Christmas tree’ Kennedys 2021 cybersecurity and privacy (US) year in review" published for Kennedys (December 2021)
  • Co-author, “Trends and risks faced by retailers in 2021: UK and US perspectives,” published for Kennedys (October 2021)
  • Co-author, “Massachusetts Bay v. Impact Fulfilment and its impact on the duty to defend BIPA claims,” published for Kennedys (October 2021)
  • Co-author, “SEC Cyber Orders: If You Say It, Do It and Make Required Incident Disclosures,” published for Kennedys (September 2021)
  • Co-author, “PRC enacts the Personal Information Protection Law: a 10-point cheat sheet,” published for Kennedys (September 2021)
  • Co-author, “No click-bait here: Click-wrap mandatory arbitration clause in your Terms of Use,” published for Kennedys (August 2021)
  • Co-author, “Lessons learned from the California AG’s CCPA Enforcement Announcement,” published for Kennedys (August 2021)
  • Co-author, “Four states update their breach notification laws,” published for Kennedys (August 2021)
  • Co-author, “New Connecticut law incentivizes better cyber measures through litigation safe harbor,” published for Kennedys (July 2021)
  • Co-author, “Another holding that a data breach forensics report is not privileged,” published for Kennedys (July 2021)
  • Co-author, “Fifth Circuit holds GL Carrier must defend data breach litigation,” published for Kennedys (July 2021)
  • Co-author, “New York City biometric privacy law now in effect,” published for Kennedys (July 2021)
  • Co-author, “NY DFS issues new guidance on ransomware,” published for Kennedys (July 2021)