Never being ones to miss an opportunity, cyber criminals and state actors are taking advantage of the disruption and uncertainty provoked by the COViD-19 breakout and are launching cyber-attacks on remote workers at home and on supply chains. Cyber criminals are focusing their efforts on phishing attacks and state actors are taking advantage of the pandemic though spear-phishing efforts.
Q: What should companies do to help prevent cyber-attacks caused from working remotely?
A: Educate your employees about how to recognize phishing emails on both mobile devices and desktop/laptops.
All emails related to the new coronavirus and the COVID-19 pandemic that invite the recipient to click on a link or open an attachment should be treated as suspicious. That is particularly true if they appear to come from governmental organizations or large companies with which the recipient has no connection.
Phishing attacks frequently originate in non-English speaking countries. Employees need to look for awkward phrasing and typographical errors.
As always, emails that seek personal information should be viewed with extreme skepticism. That is particularly true now with respect to emails concerning the pandemic.
Q: How can companies manage the security risk of working remotely?
A: Educate employees about how to make home systems secure by:
- Encrypting computer drives
- Requiring strong passwords for wireless networks
- Patching their software on a regular basis
- Installing strong antivirus software that is regularly updated
- Require two factor authentication to access company systems
- Use mobile device management solutions to limit risks inherent in using personal devices such as mobile phones
- Train employees about what to do if they think their computer or their company account have been compromised
- Avoid public wifi
- Ensure virtual private networks (VPNs) and other secure remote working tools are configured for security. Avoid having default system administrator logins in place
- In the longer term, if it hasn’t been done, implement and configure remote access solutions to limit the ability to store sensitive information on the employee’s computer and to prevent malware from migrating from an employee’s home computer to the company’s systems.
Q: What do companies need to know when collecting additional personal data due to COVID-19?
A: The COVID-19 pandemic is something most people have never seen before. It is frightening and confusing, and people often don’t know what to do. In an effort to protect employees, customers, and others, companies may ask for data from individuals that they aren’t entitled to, and they may illegally share that with others.
Companies need to think carefully about collecting and sharing information that is legally protected. While the COVID-19 pandemic is a unique phenomenon, it has not yet led to changes in the law concerning the collection, sharing, and use of private information. Accordingly, companies should continue to adhere to existing privacy laws. Lockton encourages companies to consult with legal counsel whenever questions arise in this regard.
Q: How are regulators responding to the pandemic?
A: Regulatory compliance has become more difficult for many companies as the pandemic has spread. Regulators are feeling their pain and are granting various forms of relief. Broadly speaking, the goals appear to be to allow companies to handle data in ways that promotes delivering healthcare to individuals and to facilitate tracking the spread of the pandemic. To date, the regulatory relief has been fairly narrow.
Now more than ever, companies need to pay attention to the data protection regulatory environment that they are in. While it seems fair to say that regulators will be understanding throughout the pandemic, it would be a mistake to relax compliance efforts in any area other than those specifically identified by regulators.
Q: How do cyber policies cover employees working from home?
A: Many concerns have recently been around remote working environments. Employees working from home create a potential issue regarding whether their personal computer is part of a company’s computer system for purposes of cyber coverage. “Computer system,” or words to that effect, are typically defined in a policy. Most policies seem to encompass remote working arrangements to fall under this definition. The definition of Insured also commonly includes employees working on behalf of the Insured. If any insurer takes a contrary position, that claim will be very challenging to resolve.
Q: How is technology-related business interruption covered in cyber policies?
A: Nuances around other related coverages are not as straight forward. While we expect business interruption resulting from a cyber incident to be covered as in normal course, system failures resulting in interruption will depend on the extent of coverage in place as well as the facts around the circumstance. Civil actions may exclude coverage while technology failures under the Insured’s control resulting in a system outage will most likely be covered, assuming that coverage is in place. (Note system failure business interruption coverage is not a traditional coverage and usually is sublimited or priced at a high premium, depending on the operations of an organization). Although it isn’t difficult to imagine circumstances that would paint this coverage issue in a heavy coat of gray paint, insurers are likely to be skeptical of arguments where the cyber event causing the loss is not clear.
Q: What risks do technology errors & omissions policies cover?
A: Companies with technology E&O policies in place may see liability claims arising out of outages or degradations in their service due to inadequate bandwidth, staffing or other problems in their course of business. It is important for policyholders to review the definitions of Wrongful Act and Claim as well as the exclusionary language in the policy.
Directors' and Officers
Q: A new Officer of the Company acting as a stand in for one of the directors who has been taken ill with COVID. Are they covered?
A: As long as the new officer is included within the definition of Insured Person within the D&O policy.
Q: Do I need to continually disclose provisions made to insurers throughout the policy period?
A: Yes, is there is anything material please provide this information to your broker so this information can be disseminated to your insurers.
Q: Can I suspend my cover?
A: Unfortunately, you cannot suspend your motor policy: You may reduce your cover to laid up only if you feel you will not drive your car – however, you must also SORN the vehicle at the same time to avoid falling foul of UK minimum insurance requirement laws. You may also want to consider reducing your mileage if you feel you will not need the limit currently on your schedule.
Q: Can I reduce my annual mileage?
A: Under normal circumstance this is not something that is available. However, while the issues regarding COVID-19 prevent the normal use of your vehicle, some insurers may agree to reduce your mileage to a more suitable level mid-term. Contact your broker/insurer to discuss your options in more detail.
Q: Can I use my car as an NHS Volunteer?
A: Most insurers are taking a pragmatic approach to cover the use of personal vehicles in connection with the NHS Volunteering initiative. Check with your broker/insurer for clarification.
Q: What if my MOT is due and I cannot get to the garage due to self-isolation?
A: We recommend following the latest Government advice:-
The insurance industry through the Association of British Insurers have stated that their members will take a pragmatic approach to customers who do not have an MOT Certificate. Latest information is here:-
Even without an MOT Certificate there is a need to make certain that a vehicle is in a road worth condition.
Q: If I already have travel insurance will I still be covered if my trip is cancelled due to COVID-19?
A: Provided you purchased the policy before the FCO advised against travel to your planned destination, you should be covered.
Q: What if I travel against official advice?
A: We would never advise against travelling against official advice and aware that towns have been isolated and British Embassy staff have been withdrawn from many of the affected areas. Some airlines and transport services might still be willing to take passengers, but the health risks and limited assistance available would seriously compromise your visit. Most travel policies will exclude cover if you are travelling against official advice, so there would likely be no cover for emergency medical treatment, repatriation, etc.
Q: I don’t have travel insurance, but I have a holiday booked – can I still buy travel insurance to cover cancellation as a result of COVID-19?
A: Unfortunately it’s probably too late to buy this type of insurance now, we are not aware of any policies offering this and even if you had an annual policy, many are now excluding coronavirus cover for trips booked after the FCO advised against all but essential travel on 17th March 2020.
Q: Should I book a new holiday now?
A: Due to Foreign Office advice against all but essential travel, taking a holiday outside the UK is not possible until at least 17 April 2020. Right now it is extremely unlikely that you will be able to buy travel insurance that covers you for most coronavirus-caused cancellations and claims. This even applies to those who have annual travel insurance, as many of those won't cover coronavirus issues for new bookings.
Ongoing Renovation Works
Q: My policy contains a cessation of works clause which restricts cover if no works are taking place for a period of time? If the renovation works are forced to stop due to COVID-19 will my policy cover still be limited?
A: As it current stands we believe it is business as usual in respect of works project pausing with contractors off site. Depending on the insurer and policy, there is usually an automatic 60 days or in some cases 90 days of cover for a cessation of works, but if works are likely to stop for a period beyond that, insurers will need to be notified in advance in order to agree to extend the cessation of works period.
Risk Management Guidelines for Additional Homes that are Unoccupied
Q: Due to COVID-19 I will not be able to visit my weekend home for the foreseeable future. Will cover under my household insurance policy be affected in any way?
A: In general we believe that cover should not be affected as the COVID-19 situation is out of the control of policyholders. In the event of a claim, insurers would consider each claim on its own merits.
Q: My household insurance policy contains certain warranties and conditions that I will not be able to comply with due to COVID-19. Will my cover be affected?
A: If COVID-19 is the reason for being unable to comply with policy terms and conditions, that would be out of the Insured’s control so we believe that this should not jeopardise an otherwise valid claim. Insurers would consider each claim on its own merits.
Q: My property is long term unoccupied so my policy is subject to a regular visits clause requiring someone to visit every 7 days. I am unable to comply with this requirement due to COVID-19, will my cover be affected?
A: This situation would be out of the policyholders control so we believe that this should not affect coverage, however, insurers would consider any claim on its own merits. In these circumstances, we recommend that home owners consider whether it’s possible for a neighbour or someone in close proximity to check the property without breaching government guidance.
Q: My holiday home has a central station alarm, but I am concerned that if I was burgled and the monitoring station response was affected due to the COVID-19 situation, will I still be covered?
A: We would recommending checking with the central station monitoring company to find out if due to COVID-19 there is any impact on monitoring response, and if so, inform insurers.
The COVID-19 outbreak is changing work processes and the risk exposure of professionals in all areas, which may also affect their insurance protection. Lockton has put together some of the most important changes affecting solicitors in the UK.
Q: Are Solicitors key workers?
A: The government has confirmed that key workers include those “essential to the running of the justice system”. These are:
- advocates (including solicitor advocates) required to appear before a court or tribunal (remotely or in person), including prosecutors
- other legal practitioners required to support the administration of justice including duty solicitors (police station and court) and barristers, solicitors, legal executives, paralegals and others who work on imminent or ongoing court or tribunal hearings
- solicitors acting in connection with the execution of wills
- solicitors and barristers advising people living in institutions or deprived of their liberty
Only legal practitioners who work on the types of matters, cases and hearings listed above can be classified as key workers.
Q: What do solicitors need to consider when using electronic signatures?
A: An electronic signature is capable in law of being used to execute a document (including a deed) provided that (i) the person signing the document intends to authenticate the document and (ii) any formalities relating to execution of that document are satisfied.
Our view is that the requirement under the current law that a deed must be signed “in the presence of a witness” requires the physical presence of that witness. This is the case even where both the person executing the deed and the witness are executing / attesting the document using an electronic signature.
Q: What are a solicitor’s professional obligations if they are unable to provide the services required, due to coronavirus?
A: You should notify the client as soon as practical that due to coronavirus issues the service cannot be provided, and suggest that they try another solicitor. The Law Society offers a Find a Solicitor service.
If the matter is due to complete shortly then seeking a deferral of completion is a sensible step, or asking another colleague to complete the deal.
You should ensure that your out of office response for emails has the latest information. It is important the client does not lose out because they think you are going to respond.
Q: Are professional negligence claims likely to increase as a consequence of Covid-19?
A: Yes potentially. According to government estimates, during the peak of a COVID-19 epidemic in the UK up to a fifth of the workforce may without work. This could have significant impact on professional liability.
In view of this potential scenario, professional services firms should be setting up contingency plans to ensure that services can continue to be delivered when staff is reduced. The likelihood of errors and therefore the potential for negligence claims is likely to increase due to the absence and illness of key personnel within the professional services firm as well as at the client and among third party advisors. This could, for example, result in contractual or court deadlines being missed as colleagues pick up files and cases they are not familiar with.
Solicitors should also consider the potential liability of professionals if they contract the illness and infect clients and colleagues, not only affecting the health of individuals but potentially also business’ operations.
Professional firms, similarly to other companies, will need to reassess the stability of their IT systems and data security provisions when an increasing number of employees work from home. Employees that are not used to working from home, particularly if they are under pressure or taking on tasks outside their usual remit may be more likely to fall victim of frauds.
Q: What needs to be considered when working from home?
A: Supervision is key for the solicitors’ profession given responsibility they carry when giving legal advice. Particularly when staff is not used to working from home, firms need to implement robust supervision procedures to keep the same quality of service. Some firms, such as Keystone Law have embraced the working from home policy for many years, proving that the required supervision can be secured when working remotely.