Computer Attacks Leading To More Cyberinsurance

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://news.investors.com/072914-710809-companies-growing-interest-in-cyberinsurance.htm?ven=newsmaxcp&src=aurlcfy

Insurers put food on the table by preparing for disasters that most people
would rather not think about: fires, hurricanes, earthquakes, car
accidents, collapsing buildings. Now they're increasingly writing policies
for another worry — cyberattacks.

One of the many changes brought by the Internet revolution is that stealing
customer data or a company's proprietary information is easier than ever.
One doesn't even need to be on the same continent anymore to commit the
theft. And it can be weeks or even months before the damage is even
detected.

In response, insurers are selling more cyberpolicies . Coverage may include
loss or corruption of business data, lost business activity, legal defense
costs, the cost of posting cash rewards to catch cybercriminals, crisis
communications management, identity theft and defamation via social media.

While these hazards can be difficult to underwrite, insurers have had years
to refine their products.

"It's probably the fastest-growing aspect of the insurance market right
now," said Bob Parisi, leader of network security and private practice for
insurance broker and risk adviser Marsh USA. "We've seen nothing to
indicate that acceleration is going to wane any time soon."

In May, a federal grand jury indicted five Chinese officials for allegedly
committing industrial espionage by hacking into the data systems of U.S.
Steel(NYSE:X), Alcoa (NYSE:AA), Allegheny Technologies (NYSE:ATI) and
others.

A Chinese businessman was arrested last month for allegedly hacking into
the computer systems of Boeing (NYSE:BA), Lockheed Martin (NYSE:LMT) and
other companies that have large defense contracts with the U.S. government.

Recently cyberattacks moved into the top 10 list of global business risks,
according to the Allianz Risk Barometer Survey, which polled more than 400
corporate insurance experts from 33 nations.

"It's more prevalent now than it was and harder to detect," said Murray
Jennex, a management information systems professor at San Diego State
University.

Yet challenges remain to raise awareness that cyberinsurance can be an
effective tool to protect against the costs of repairing and defending
against cyberattacks.

With $2 billion paid in cyberinsurance premiums in 2013, the specialty
still makes up a small percentage of the $1 trillion total paid in U.S.
insurance premiums last year, said Marsh Management Research, a division of
Marsh USA.

Average coverage limits purchased by firms with more than $1 billion in
revenue rose by 10% in 2013 to $28.2 million each, says Marsh. The
estimated cost varies widely. A 2014 study sponsored by the software
security firm McAfee estimated that cybercrime costs businesses worldwide
$445 billion annually. An old Symantec (NASDAQ:SYMC) study put that total
at $114 billion — 13 years ago in 2001.

"Many businesses may not completely understand their vulnerability at this
point," said Robert Hartwig, president and chief economist at the Insurance
Information Institute.

Challenges remain for underwriters and clients to know how much to insure
and why. For instance, what is the value of lost privacy?

"We're a century and a half ahead when it comes to mitigation and
prevention of fires," Hartwig said. "We're in the first decade when
thinking of how to prevent cyberattacks."

The costs of compromised computer security are very real.

The cybersecurity breach last December at Target (NYSE:TGT), in which
hackers obtained tens of millions of consumers' credit and debit card
information, ultimately cost Chief Executive Officer Gregg Steinhafel his
job.

The attack made some customers skittish, hurt sales and contributed to a
14% decline in Target's share price over two months. The Minneapolis-based
big-box retailer was hit with more than 50 lawsuits, now being coordinated
before a federal judge in Minnesota.

Michaels (NASDAQ:MIK), eBay (NASDAQ:EBAY), JPMorgan Chase (NYSE:JPM) and
St. Joseph Health System all have reported cyberattacks within the last 12
months.

The number of U.S. companies with cyberinsurance varies with the research.
Nearly a third of U.S. companies have a cyberinsurance security policy,
according to a 2013 report sponsored by Experian and conducted by the
Ponemon Institute. Zurich Insurance Group reported last year that 52% of
U.S. companies surveyed were covered, but a study sponsored by Willis Group
Holdings (NYSE:WSH) said that a mere 6% of Fortune 500 companies carry such
protection.

Whatever the number of cyberattacks inflicted or cyberinsurance policies
sold, insurers will try to protect clients and cash in on this wrinkle in
the Internet revolution.

"While it's hard to underwrite," said Marsh USA's Parisi, "that hasn't been
a deterrent to insurance companies rushing into this market space."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!