October 2023 Newsletter: Insurance Horror Stories

October 2023: Insurance Horror Stories

Double, double toil and trouble – spooky season is upon us! 

It’s that time of the year when ghosts, ghouls, and goblins aplenty make an appearance. But for many business owners, other frightful matters are fueling their nightmares. Think cyber incidents, the state of startup funding, and legal battles. Full body chills.

As any business owner knows all too well, there are plenty of risks that businesses are currently facing. After all, it seems like every day there is news of another cyber attack on a business or public institution.

Just look at a recent cybersecurity breach that affected Okta. The identity management company disclosed that unidentified cybercriminals used stolen credentials to access client data through a support system. While the company isn’t a household name, many big-name corporations use Okta, including Zoom and T-Mobile. In the immediate aftermath of disclosing the breach, Okta’s market valuation dropped by more than $2 billion. That’s more terrifying than any machete-wielding, mask-wearing fictional serial killer.

And then there’s news about the turbulent startup investment environment, climate change issues, regulatory compliance – the list goes on. As we said, step aside ghosts and ghouls because these are the real scares for businesses.

Of course, having adequate insurance coverage can go a long way in providing peace of mind for business owners. But we’d be lying if we said there was no such thing as insurance claim horror stories.

So, in the spirit of this spooky time of year and to help your business plan for the future, we thought we’d delve into some current business risks and insurance horror stories. We suggest throwing on The Rocky Horror Picture Show soundtrack for full effect.

Let’s get into it.

• What’s Going On?
• Insurance Horror Stories
• What’s New from Embroker

What’s Going On?

MGM faces $100M loss from ransomware attack — TechTarget

A September ransomware attack on MGM Resorts that resulted in stolen personal customer data is expected to cost the company $100 million. Sounds like a corporate horror story, right? It could have been a lot worse, but MGM executives no doubt had a big sigh of relief that the company kept its insurance up to date since the amount will likely be covered by its cyber insurance policy.

Venture Slowdown Hits the Earliest Stages of Investing, Signaling Worsening Decline  — The Wall Street Journal

The previous haven of seed-stage investing is hitting a slowdown, signaling every founder’s worst nightmare: a deepening downturn in the startup investment realm.

Senators take up looming insurance crisis as policy issuers flee Florida and California  — CNBC

We’ve all heard about the increase in climate-related natural disasters, which have brought devastating conditions to some parts of the country. Some insurers have left hard-hit areas like Florida and California, making disaster recovery increasingly tricky (and not in the trick-or-treat sense). While much of the focus has been on how this trend will impact homeowners, there is no doubt that there are also consequences for businesses in areas heavily hit by climate-related events.

Robocalls, Spam Calls and Cyber Attacks: Who Is Responsible For Protecting Your Organization’s Voice Network?  — Forbes

A new fright is coming to light for tech and security professionals. As this article points out, many are just starting to recognize the increasing threat of voice scammers and voice network attacks. 

Okta’s Latest Security Breach Is Haunted by the Ghost of Incidents Past — Wired

So, we already briefly touched on Okta’s latest cybersecurity snafu, but there is more to get into. Okta’s cyber incidents and associated responses offer valuable lessons for other companies. As this article notes, “repeated incidents and the company’s delayed disclosure have security experts calling foul.” 

Ransomware Soars as Myriad Efforts to Stop It Fall Short — Bloomberg

Something wicked this comes. Or is already here. In what is probably a surprise to no one, 2023 is apparently turning into a horrendous year for ransomware attacks, and some cyber experts are now revisiting the controversial idea of banning ransom payments.

The Restaurant Revolution Has Begun — The New York Times

Most restaurateurs would no doubt welcome a visit from Freddy, Jason, or Michael Myers over going through another global pandemic. So it comes as little surprise that many restaurants are hitting reset on how they do business after COVID.

Workers training AI demand protections from Congress — The Verge

Ahead of a Senate meeting (spooky and frightening in its own right) with artificial intelligence workers, data workers urged lawmakers to protect their rights and guard against a “dystopian future” of surveillance and low wages for people in charge of training AI algorithms. “Dystopian future” sounds like a great costume idea.

The Niche Insurance Policy Behind a Software Company’s Big Legal Payout  — The Wall Street Journal

Legal issues will keep any business owner or executive up at night. In this case, software company Appian, which sued rival Pegasystems over stolen trade secrets and was awarded a $2 billion judgment, took out a niche policy known as judgment preservation insurance, which protects against an award being eliminated or reduced during the appeal process.

Panera faces lawsuit over ‘Charged Lemonade’ energy drink after 21-year-old’s death — CNN

This is a heartbreaking and distressing situation for all involved. A wrongful death suit was filed against Panera Bread alleging that a 21-year-old woman with a heart condition died after drinking a high-caffeine drink at the restaurant that she may have thought was a regular lemonade. 

What to know as IRS kicks off withdrawal option for pandemic-era small business tax credit — CNBC

Just hearing mention of the IRS is likely enough to make shivers run down your spine. Sure, it’s Halloween, but tax time is the real spooky season for many. And to help some business owners avoid a horror story at tax time, the IRS has announced a special withdrawal process for small businesses that wrongly claimed a pandemic-era tax break, allowing them to fix mistakes before the IRS catches them. (Cue screams of terror.)

Meta sued by 42 attorneys general alleging Facebook, Instagram features are addictive and target kids — CNBC

Few things are scarier these days than the amount of time we spend on social media. Those cat videos are hard to pass up. Now, a group of attorneys general is suing Meta over claims the features on Facebook and Instagram are addictive and aimed at kids and youth.

Cyber Risk: The Call is Coming from Inside the House

A threat actor has breached your law firm’s system and has been watching the email traffic of one of your partners. When the partner is about to transmit the bank account information of a client to obtain settlement funds from opposing counsel, the threat actor jumps in and responds, taking on the tone and acting as if they are the partner and providing fraudulent bank account information to opposing counsel, who then wires the settlement funds to said account. By the time the parties discover this, the bank is unable to stop the wire or recover the funds! Gasp!

Errors & Omissions: The Ransomware Wolf

The Managing Partner of your firm receives a ransomware demand from a threat actor who has infiltrated and locked you out of your firm’s system where client files are maintained. The threat actor has obtained client files containing personal information, including tax returns and financial statements, and has sent you screenshots of the same. They have demanded the Bitcoin equivalent to $1M for the encryption key to unlock the systems and prevent them from publicly posting the confidential client information they have obtained! Spooky!

Directors & Officers: A Telltale Startup

After a series of disagreements about the management of the ABC Company, one of the founding Directors resigned and immediately started a new firm. His former employer at ABC Company has sued his new firm, alleging that the Director took certain proprietary software and licenses with him, unfair competition, and trademark infringement.

Employment Practices Liability: A.I. Robot

For efficiency and economic reasons, your company began utilizing AI this year to sort through resumes submitted for open positions. However, ten months later, you receive a Class Action lawsuit filed by a group of individual applicants who allege they were discriminated against based on their race and/or gender in the resume selection and hiring process. Upon investigation, you discover that the AI technology has been routinely sorting out resumes of females and individuals of diverse backgrounds, despite many, if not all, of these applicants being qualified for the position they applied for.

What’s New at Embroker

Events, Stories, and More

2023 Cyber Risk Index Report

Our 2023 Cyber Risk Index Report is now available. Based on a survey of more than 500 startup founders, the report looks at the cybersecurity landscape, emerging threats, and what businesses can do to prepare. Interested in learning about how investor interest in cybersecurity has changed, what new protections your business needs, and if AI is the next big threat? Then check out this report for loads of insight about what the future holds.

Security and Compliance: How to Protect Your Organization

Do you know the industry regulations, laws, and obligations your business must follow regarding cyber protections? How can you mitigate risks while also making sure your business stays compliant? To help kick off Cybersecurity Awareness Month, Mike Malestsky, Embroker’s AVP of Insurance Products, and Davison Paull, General Counsel at Dashlane, discussed these topics and more during a webinar at the start of October. Missed the webinar? Fear not; you can watch it on demand here.

Aiming for Privacy and Cyber Stewardship

Embroker CIO David Derigiotis was a speaker at Bloomberg Law’s 2023 In-House Forum, Unlocking the Power of Data: Aiming for Privacy and Cyber Stewardship, held on September 20. The forum tackled two trends heading towards a collision. On one hand, companies need an increasing amount of data and analytical tools to remain competitive. However, the need for privacy frameworks and the drive to reduce data usage to decrease cyber risk and privacy litigation are growing. If you couldn’t tune in for this highly informative forum, you can still catch the replay.