May 12, 2021

Possible Regulatory Impact Likely After Colonial Pipeline Hack

Pipeline Attack

The May 6, ransomware attack against Colonial Pipeline is likely to increase cost for cyber insurance, and may prompt legislators to push for tougher standards for critical infrastructure resources such as pipelines, energy grids, and water systems.  The attack may prompt insurers to tighten the types of incidents covered, or to require companies looking for insurance to adopt stronger security standards before purchasing a policy.  In addition, the Biden administration is expected to direct responsible agencies such as the Cybersecurity & Infrastructure Security Agency, and the Federal Energy Regulatory Commission to take a serious look at heavier regulations for critical… Read more

Jan 23, 2018

Cybersecurity in M&A Transactions: Frequently Asked Questions

Cybersecurity and Data Privacy

1. What types of transactions implicate cybersecurity and data privacy concerns? Cybersecurity and data privacy concerns arise in many different types of M&A transactions, but greater focus on potential cybersecurity and data privacy issues should be directed toward transactions involving (a) a target company that operates in certain highly-regulated industries, (b) the acquisition of sensitive information and data, and/or (c) the transfer of sensitive information and data across national borders. Target companies that operate in the financial services and healthcare industries, for example, are subject to the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act of 1996, respectively…. Read more

Aug 3, 2017

Recent Cyber Insurance Decision Rejects Claim for Computer Fraud

are you covered?

A federal judge in Michigan recently granted summary judgment to Travelers in American Tooling Center, Inc. v. Travelers Casualty and Surety Company of America, Case No. 16-12108, United States District Court, Eastern District of Michigan.  That decision interpreted the “computer fraud” provision of Travelers’ insurance policy, finding no coverage for the insured for the losses claimed. The basic facts were that American Tooling asked its vendor in China, YiFeng, for all outstanding invoices by email. American Tooling received a response by email, from an account that looked very much like the YiFeng account, and which directed American Tooling to send… Read more

Jul 31, 2017

Commercial Litigation Versus Other Civil Litigation, and Emerging Commercial Litigation Trends

Judge's Bench

Introducing the Smith, Gambrell & Russell’s Litigation Blog The litigation attorneys of Smith, Gambrell & Russell, LLP are proud to announce the launch of the firm’s Litigation Blog, which covers trending news and hot topics in the area of commercial litigation. The firm’s litigators have handled commercial disputes and trials for decades, and we are excited to share our experience, insight and thought leadership on a wide range of timely litigation issues that impact businesses. To kick things off, the first post on the Litigation Blog offers an overview of commercial litigation versus other types of civil litigation, and emerging commercial… Read more

Jun 20, 2017

A Primer on the EU’s General Data Protection Regulation

Data Protection

Overview Over four years in the making, the General Data Protection Regulation (the “GDPR”) was approved by the European Council and Parliament on April 14, 2016, and will come into force beginning on May 25, 2018. In the wake of ever-increasing cyber security and data privacy threats across the globe, the GDPR is intended to harmonize data privacy laws across Europe and increase data privacy protections for all European Union citizens. The GDPR will replace the Data Protection Directive 95/46/EC (the “Directive”), which required each member state of the European Union to pass national legislation to implement the intended outcome… Read more

Feb 1, 2017

New York DFS Issues First in the Nation Cybersecurity Regulation


The New York Department of Financial Services (“DFS”) recently issued proposed cybersecurity requirements for financial services companies.  The proposed regulation would be codified at 23 NYCRR 500, and would be effective March 1, 2017. This action, which places New York squarely in the vanguard of US regulators, will have wide-ranging effects given the number of banks, insurance companies, and financial services companies that are licensed in New York.  It will also affect companies that do business with those regulated companies, referred to in the proposed regulation as “Third Party Service Providers,” whether or not the business affiliates are otherwise required… Read more