Computer Attack Insurance Rates Rise After High-Profile Breaches

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.brudirect.com/0-science-technology/science-technology-security-privacy/item/35035-computer-attack-insurance-rates-rise-after-high-prof

Hacks of Sony, Target, Home Depot and major health insurers have made it
more expensive to cope with data theft, Reuters reports.

Just as you safeguard your home with insurance, companies get insurance to
cover any problems with customer and corporate data. With hacking on the
rise, that protection is getting harder to obtain and pay for.

A torrent of cyberattacks on US companies over the past two years has led
cyber insurers to boost premiums for high-risk companies and in some cases
limit damage cover to a maximum of $100 million, according to a Reuters
report on Monday. The limits make it hard for companies to operate in the
modern networked era and could mean higher costs they'll have to pass along
to customers.

Hacks are expensive. Companies must pay for forensic investigations, credit
monitoring, legal fees and settlements. Rising cyber insurance premiums and
limited damage coverage effectively mean that companies could be liable to
pay more if they're hit by a cyberattack. Companies without full insurance
could easily end up paying hundreds of millions out of pocket.

The 2013 attack on US retailer Target cost the company $264 million. Target
expects to only recoup around $90 million of that from insurance payouts,
Reuters said. A similar attack on Home Depot forced the US home improvement
chain to shell out $234 million in expenses, but insurance will only cover
about $100 million, Reuters said.

High-profile attacks, like the ones against Sony, Home Depot and Target,
have forced insurers to judge certain companies as too high risk. That's
especially true for health and retail companies, which have highly
sensitive customer data. Three insurance companies recently told Reuters
that they turned away clients seeking computer attack insurance or limited
coverage to $75 million and $100 million after reviewing companies'
computer security mechanisms.

Just like good home security systems can get you a break on your home
insurance payments, the price of cyber insurance depends in part on
companies' security measures.

Health insurers are suffering the most from insurance hikes, sometimes
seeing premiums triple in price, said Bob Wice, a focus group leader for
insurer Beazley, according to Reuters. Massive security breaches at the
beginning of 2015 affected millions of customers at two US health insurers,
Anthem and Premera Blue Cross.

Upon renewing its insurance after the hack, Anthem only managed to secure
$100 million in insurance protection, and that was on the condition that it
pay the first $25 million of any damage costs itself, the company told
Reuters.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!