As the nation’s most far-reaching data privacy law, California Consumer Privacy Act (CCPA), is set to begin Jan. 1, 2020, businesses and their insurers are preparing for a new era in cyber liability.

Anxiety is on the rise and a sense of urgency has set in for Robert L. Wallan’s clients. Wallan, a partner in Pillsbury Winthrop Shaw Pittman LLP in Los Angeles, Calif., handles class actions, insurance recovery and business-related litigation.

In early May, the city of Baltimore was struck by a ransomware attack that completely crippled the city’s computer networks and online services. Five weeks after the attack, the city was only able to restore one third of employees’ emails and the city’s billing system for water services was still offline. By July, email access for employees was finally restored, according to the Baltimore Sun, but the city’s email archive was still not accessible. Experts estimate that the Baltimore ransomware attack will cost the city approximately $18 million to restore all systems, yet the perpetrators of the attack demanded just $80,000 in cryptocurrency.

While Baltimore continues to make headlines, smaller cities and government agencies are also generating news about ransomware attacks. Three additional cities in Florida have been attacked and two of them — Lake City and Riviera Beach — agreed to pay the ransom, ranging from U.S. $500,000 to $600,000.

While there are “huge opportunities” on the horizon for the cyber insurance industry, cyber insurance underwriters still face the challenge of not having enough historical data to work with.

“It’s really scary to underwrite something when you just don’t know what the potential losses could be,” said Brian Meredith, managing director at UBS Group AG, during a panel discussion on trends in the property/casualty insurance sector at S&P’s 2019 Global Insurance Conference in New York. “There’s lots of opportunity here, but we need a lot more data to expand it.”

U.S. real estate title insurance company First American Financial Corp. said on Friday it had learned of a design defect in one of its production applications that had made possible unauthorized access to customer data.

The statement was sent in response to a report by security news website Krebs on Security, which said First American’s website had exposed about 885 million files dating back to 2003.

Climate change is seen by more countries as a top international threat, but many also name ISIS and cyberattacks as their top security concern, according to a new survey by the Pew Research Center conducted among 27,612 respondents in 26 countries from May 14 to Aug. 12, 2018.

The Intergovernmental Panel on Climate Change released a report last year expressing serious concerns about the possible impacts of climate change, both in the near and distant future. Broadly speaking, people around the world agree that climate change poses a severe risk to their countries. Since 2013, worries about the climate threat have increased significantly. The biggest increases have been in France (up 29 percentage points) and Mexico (up 28 points), but there have been double-digit rises in the U.S., U.K., Germany, Spain, Kenya, Canada, South Africa and Poland as well.

A June 2018 decision rendered by the Supreme Court of the United States established an interesting principle on digital privacy in a case related to a criminal proceeding.

The decision stated that the government must obtain a warrant in order to collect historical cell site location information (CSLI) of customers held by the cellphone companies. The case’s decision is based on whether police must require a warrant in order to access information from users generated by cellphones of a suspect in a criminal investigation. This decision implies that in the future, law enforcement authorities will not have an “unrestricted access to a wireless carrier’s database of physical location information” (From the majority by Justice John Roberts).

Cyberattacks increasingly target and succeed inside energy and utility companies’ IT networks, rather than their critical infrastructure, according to a new report from cybersecurity firm Vectra.

In the past, the energy and utility industry’s cyber efforts have focused on preventing disruption of power availability via industrial control networks.

But the Department of Homeland Security issued a technical alert in March warning the industry of a “multi-stage intrusion campaign” originating in Russia targeting IT networks in the U.S. energy sector.

Risk managers are very concerned about the cyber risks facing their companies and are heavily investing in protection against cyber attacks with the blessings of their boards and CEOs, a major shift from even just 10 years ago when convincing a company to worry about cyber was a big challenge for risk managers.

However, the new challenges for them include getting the right coverage from the insurance market and ensuring their companies have enough coverage in the event of a major breach, three risk managers on a recent panel at Advisen’s Cyber Risk Conference in San Francisco said.

Right now, somewhere in the United States, a cyberattack is happening. In fact, many cyberattacks are likely happening—which is why cybercrime damage costs are estimated to hit $6 trillion annually by 2021. Risk management professionals and executives are not only challenged by the volume of cyberthreats, but by their growing complexity as well.

Ransomware attacks, for example, were predicted to exceed $5 billion in 2017—up more than fifteen-fold from 2015—as organizations grapple with how to not only prevent these attacks but mitigate the financial losses and downtime they cause. Yet despite the trends, more than half (52%) of organizations that suffered successful cyberattacks in 2016 indicated in a Cybersecurity Ventures report that they would not make any changes to their security in 2017. And even for those that do update their cybersecurity plans, cyberattacks have become an inevitability for most organizations. As a result, developing a complete response plan for cyberattacks is essential to protecting your business and customers.

(Bloomberg) --Malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016, the White House said Friday.

The estimate comes in a Council of Economic Advisers (CEA) report on the impact of cyber attacks on U.S. government and industry. The report details the range of threats that U.S. entities face from actors, including corporations and countries such as Russia, China, Iran and North Korea.