Threat from hackers brings rush for extra insurance

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.telegraph.co.uk/finance/newsbysector/banksandfinance/insurance/10950060/Threat-from-hackers-brings-rush-for-extra-insurance.html

The world’s leading insurance market has reported a sharp increase in
companies seeking insurance cover from hackers stealing customer data and
cyber terrorists shutting down websites to demand a ransom.

Geoff White, underwriting manager for cyber, technology and media at
Lloyd’s syndicate Barbican, said the market for cyber insurance had
“increased dramatically”, with gross written premiums rising sharply every
year since 2009.

In 2012, gross written premiums totalled an estimated $850m (£500m),
increasing to $1.3bn last year, and are expected to be well above $2bn in
2014, he added.

Cyber attacks on business are the driving force behind the rapid rise in
the insurance market. “We saw a very quick influx of US retailers looking
to increase their insurance limits by quite sizeable amounts. In some cases
they were purchasing three or four times the limit, as a result of the
Target data breach,” said Mr White.

US retail giant Target was the victim of one of the most sophisticated and
co-ordinated cyber attacks ever during the busiest shopping day of the year
over the Black Friday holiday weekend in November last year. A criminal
gang collected bank card information from about 40m Target customers as
they swiped their cards at the till, in a technique known as “skimming”.

Despite the rise in insurance cover, however, many UK companies are still
exposed, with nine out of 10 UK small companies suffering from a data
breach, according to the Government’s 2013 Information Security Breaches
Survey Report.

“A lot of companies don’t feel the cyber threat is relevant to them, they
still think this is a problem for big business. However, if you use email
or have a smartphone or a computer then there is a risk,” Mr White added.

Perversely, it is improved technology that is the biggest risk to business,
according to Prof Peter Sommer, a cyber security expert.

“Most of the people in an organisation feel they don’t want to get left
behind, but all too often they don’t think through the security
implications. If you look in particular at cloud computing, some of the
contracts that people are signing seem to leave businesses extremely
exposed.” .

“Across the board people are taking appalling risks and they don’t know
what they would do if something went wrong,” Prof Sommer warned.

Prof Sommer is concerned the insurance market may be unable to cope with
claims. “When it comes to cyber there are lots of risks and they keep
changing, and you have a general absence of actuarial material. The
question for the underwriter is how on earth do I cover this?” he said.

The Barbican syndicate is already insuring US utility companies and there
has been an increase in interest from UK utility companies, which would
require cover in the billions, according to Mr White.

“I would suggest right now we haven’t got a billion of capacity as a market
overall, but we are working to understand the needs of utility firms,” said
Mr White. “I would look at insurance as only part of the risk management
solution, really companies need better education.”

As UK business surges ahead in the race for new technology it could be
undone by an age old problem.

“The human element is huge, with the greatest will in the world you can
have the best firewalls and antivirus, but if a socially engineered email
comes through to you and you click on the link you have been breached,” Mr
White said.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!