News and thought leadership
Subscribe to our latest updates, reports and upcoming events. Subscribe >
Showing 1 - 10 of 29
Kennedys responds to a call for views on software resilience for businesses and organisations
The ever-increasing use of digital technologies means that software resilience is crucial in preventing incidents such as the 2020 SolarWinds attack or the discovery of the Log4j vulnerability. While businesses and organisations have made significant progress to address cyber risks, this continues to be a threat to the wider UK economy and the rest of the world.
Ninth Circuit rules that California Insurance Code § 533 bars coverage for a settled malicious prosecution lawsuit
In an interesting new decision, the Ninth Circuit in Aspen Specialty Ins. Co. v. Miller Barondess, LLP (“Miller Barondess”) held that Section 533 of the California Insurance Code—which states that “[a]n insurer is not liable for a loss caused by the willful act of the insured; but he is not exonerated by the negligence of the insured, or of the insured’s agents or others”—precluded coverage under a lawyers professional liability insurance policy issued to the law firm Miller Barondess, LLP for a malicious prosecution action.
Getting physical: Ohio Supreme Court holds that software cannot be physically damaged and endorsement covering software must be triggered by physical loss or damage to covered property
On December 27, 2022, the Supreme Court of Ohio unanimously ruled that a businessowners property insurance policy issued by Owners Insurance Co. (Owners) to EMOI Services, LLC (EMOI) did not afford coverage for losses sustained in a ransomware attack because computer software is “entirely intangible” and “cannot experience ‘direct physical loss or physical damage’.
Minnesota Federal Court rules Cyber Business Interruption clause covers funds lost in fraudulent wire transfer incident
As previously reported, on November 3, 2022, the federal district court for Minnesota, applying Minnesota substantive law, ruled that an insured was entitled to coverage under a Cyber Business Interruption clause for money lost in a fraudulent wire transfer incident.
Case review 2022-09-13
Federal Court of Australia weighs in on scope of cover for “direct financial loss” arising from a cyber incident
In this article we explore the recent Federal Court decision in Inchcape Australia Limited v Chubb Insurance Australia Limited, which highlights the importance of considering the precise wording of the policy when determining whether a cyber insurance policy will adequately cover an insured for potential losses.
Guidelines on key compliance requirements for the Personal Data Protection Act in Thailand
After several years of delays the Personal Data Protection Act B.E. 2562 (2019) ("PDPA") came into force in Thailand on 1 June 2022. Since then, on 20 June 2022, subordinate legislation (the "Notifications") under the PDPA was issued by the Personal Data Protection Committee ("PDPC") and published in the Royal Thai Government Gazette.
These Notifications are intended to set out the various criteria and rules, as well as much needed guidance and clarification, of some key requirements under the PDPA.
Case review 2022-07-06
Federal Court of Australia paves the way to requiring AFS licensees to have adequate cybersecurity and cyber resilience measures
In the recent case of Australian Securities and Investments Commission v RI Advice Group Pty Ltd, the Federal Court of Australia considered for the first time the cybersecurity obligations of Australian Financial Services licensees and their authorised representatives.
Maryland amends its privacy law – Still not a comprehensive law, but it inches closer to other privacy laws
Maryland has updated its Personal Information Protection Act (“PIPA”), and while PIPA may not be considered a “comprehensive” privacy law, the revisions to PIPA enacted under House Bill 962 (“the Act” or “HB 962”) will bring some of PIPA’s provisions in line with the comprehensive data privacy laws recently enacted by a handful of other states.
Australia considers a statutory cause of action for serious invasion of privacy
While Australia was one of the first countries in the world to adopt privacy legislation, it has always lacked a cause of action for invasion of privacy. The Attorney-General’s Department is currently reviewing the Privacy Act 1988 (Cth), including whether an action for invasion of privacy should be introduced into Australian law.
FTC issues warning to companies in light of Log4j risks
As 2021 came to a close and the ever-present threat of ransomware attacks continued to loom large, there was arguably no greater security risk in the minds of cybersecurity professionals than the Log4j vulnerability. Jen Easterly, director of the U.S. Cybersecurity & Infrastructure Security Agency, referred to Log4j as the most serious security flaw she had ever seen, which may not be fully resolved for years to come.