Insights
Publications

Winery, Vineyard Cyber Attack Risk Grows With Web-Connected Systems

4/28/2017 Articles
North Bay Business Journal

In the internet of things (IoT), new opportunities for efficiency continually bring new cyber risk. If a device in your winery or vineyard connects to the internet, it is vulnerable. And so is the rest of the system connected to it.

You should consider whether your insurance coverage would cover its losses and liabilities, should you undergo a cyber attack or failure of your systems that leaves your business or your customers compromised.

So what can companies do to manage these exposures? They should deliberately consider their risks and whether their current insurance programs cover those risks. They should not assume they are covered. In many cases, it might not be so clear.

Traditional insurance policies may provide insurance in some scenarios. For example, you might suffer a property loss because of a cyber attack. Such an attack could cause irrigation sensors to fail, leading to vine damage, or harm stored wines, if refrigeration controls fail.

Your property insurance may well cover it, if the policy is of the all-risk variety. But if you have a policy that specifies the perils such as fire, flood etc., it is possible that you’re not covered for property losses resulting from a cyber attack.

Cyber Liability Insurance

Similarly, your company very likely carries commercial general liability (CGL) insurance. There has been a lot of activity in the courts recently about whether a company is entitled to a defense from its CGL insurer against class-action lawsuits arising from data security breaches. Unfortunately, those coverage cases have not yielded a clear answer. And CGL policies will not cover the costs that a company incurs to investigate and respond to a data security breach anyway.

A number of insurance companies now issue specialized cyber insurance policies. Each insurer’s policy form offers different coverage and restrictions. Additionally, the forms are lengthy, very complex and often negotiable. For these reasons, the help of a good knowledgeable broker or insurance-coverage counsel is important to help you understand what a policy covers and what other options may be available.

Here are some scenarios to consider.

Third-Party Attack

When personally identifiable information is taken from a third-party vendor’s computer system (i.e., a credit card processor), you are legally responsible to notify your customers of the event. While a cyber insurance policy could cover you for losses due to the attack on a third-party system, some policies will only cover you for an intrusion on your own computer system or on hardware that you control.

As a result, it is important to understand whether you rely on third-party vendors to collect or store personally identifiable information and, if so, whether your cyber insurance policy would cover you in such an event.

Credit Card Issuance Costs

Another risk, closely related to credit card transactions, is PCI DSS (Payment Card Industry Data Security Standard) assessments for data security breaches. If there is a breach, the banks will have to issue new credit cards, and you may be responsible for the expense.

Your cyber insurance policy can cover assessments made against you. If you are running credit card transactions, this would be a coverage to confirm is in your policy.

Business-Interruption Loss

If you suffer a business interruption or denial-of-service (DDoS) cyber attack, a typical cyber insurance policy might cover you for one of two kinds of loss: A direct business interruption loss resulting from a loss you’ve suffered because of an intrusion into your computer system and a contingent business-interruption loss resulting in a loss of revenue because of an intrusion into a third-party’s system on which you rely.

However, these coverages are not standard and quickly evolving, so it is important to understand your possible losses in such an event and whether your insurance policy would cover them.

Ransomware

A cyber insurance policy will also cover cyber extortion or ransomware attacks. It is common in these policies to cover the investigation and response to cyber extortion attempts and even extortion payment – as long as you have the insurance company’s consent before you make that payment.

New risks will continue to appear. The more you know about your business’ unique risk profile, the better prepared you will be to mitigate those risks and negotiate the appropriate level of insurance to protect you.

Fundamentals of Security

Rick Doten, cyber and information security chief for the Crumpton Group LLC, suggests that you mitigate threats right at the start by observing the fundamentals of good security: “Know what data and systems are critical to your business, and where sensitive data is located; know what threat scenarios would be harmful to your business; prioritize your risks; and keep your systems properly maintained.”

The latter is one of two basic pieces of security advice: Keep your systems up to date, and use different passwords for every site and application you visit. Since generating and remembering multiple unique passwords is complicated, he advises using a password manager.

Companies should follow that advice: strengthen their IT defenses, and keep an eye on all their insurance policies. Policy form wording and coverage are changing rapidly, and what’s covered today may not be in next year’s renewal. Conversely, new coverage may be available next year that aren’t available now.

Firm Highlights

Publication

Regulatory Changes Underway To Address Dwindling California Property Insurance Market

We keep hearing about how difficult it is for our clients to get property insurance these days, both for homes and businesses in Northern California’s wildfire-prone areas. Which, of course, is most of Northern...

Read More
Publication

Charitable Planning With Guest Stephanie Hood: Navigating Complex Rules and Traps for the Unwary

Welcome to  EO Radio Show - Your Nonprofit Legal Resource . This week, I am delighted to have Stephanie Hood return as my guest. Stephanie is my colleague at Farella Braun + Martel and...

Read More
News

Who’s Who Legal 2023 Recognizes Farella Lawyers

Six Farella Braun + Martel lawyers have been recommended by Who’s Who Legal 2023 as leading practitioners in their fields. Who’s Who Legal – Environment 2023 James Colopy Robert Hines David Lazerwitz Chris Locke...

Read More
Publication

Reporting Dispute Claims Within Closely Held Wineries

Many wineries operate as closely held companies, meaning they’re owned by an individual or small group of shareholders, who are often members of the same family. Disputes regarding ownership interests can arise, particularly when directors...

Read More
Publication

BIPA Liability: Existing CGL Coverage May Provide a Lifeline for Policyholders

Developments in the law have increased the potential liability that companies could face under the Illinois Biometric Information Privacy Act (BIPA), but fortunately for policyholders, Illinois case law has also solidified coverage for BIPA...

Read More
Publication

When Can an Insurer Pursue a Malpractice Claim Against Defense Counsel Retained for an Insured? (Part One)

By Jalen M. Brown, Kristin Davis, Shanti Eagle, PeterJ. Georgiton, and John Mark Hart When an insurer accepts an insured’s tender and agrees to provide a defense, it is often an afterthought as to whether...

Read More
Publication

Disputes Between Shareholders May Not Be Governed by Fiduciary Duties but Could Be Covered by Insurance

(As published in Private Company Director ) Disputes regarding ownership interests often arise in the context of closely held corporations, particularly when directors, officers, or majority shareholders sell or acquire ownership interests in the...

Read More
News

Farella Braun + Martel Earns 2024 Best Law Firms® Rankings

Read More
News

Farella 2024 Partner Elevations: Cynthia Castillo and Greg LeSaint

Northern California legal powerhouse Farella Braun + Martel is pleased to announce the election of two lawyers to partnership effective Jan. 1: Cynthia Castillo and Greg LeSaint. “We are thrilled to elevate Cynthia and...

Read More
Publication

When Can an Insurer Pursue a Malpractice Claim Against Defense Counsel Retained for an Insured? (Part Two)

By Jalen M. Brown, Kristin Davis, Shanti Eagle, Peter J. Georgiton, and J. Mark Hart Part 1 of our two-part article addressed the circumstances in which an insurer can directly pursue malpractice claims against...

Read More