BreachExchange mailing list archives
Computer Attacks Leading To More Cyberinsurance
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 29 Jul 2014 20:20:12 -0600
http://news.investors.com/072914-710809-companies-growing-interest-in-cyberinsurance.htm?ven=newsmaxcp&src=aurlcfy Insurers put food on the table by preparing for disasters that most people would rather not think about: fires, hurricanes, earthquakes, car accidents, collapsing buildings. Now they're increasingly writing policies for another worry — cyberattacks. One of the many changes brought by the Internet revolution is that stealing customer data or a company's proprietary information is easier than ever. One doesn't even need to be on the same continent anymore to commit the theft. And it can be weeks or even months before the damage is even detected. In response, insurers are selling more cyberpolicies . Coverage may include loss or corruption of business data, lost business activity, legal defense costs, the cost of posting cash rewards to catch cybercriminals, crisis communications management, identity theft and defamation via social media. While these hazards can be difficult to underwrite, insurers have had years to refine their products. "It's probably the fastest-growing aspect of the insurance market right now," said Bob Parisi, leader of network security and private practice for insurance broker and risk adviser Marsh USA. "We've seen nothing to indicate that acceleration is going to wane any time soon." In May, a federal grand jury indicted five Chinese officials for allegedly committing industrial espionage by hacking into the data systems of U.S. Steel(NYSE:X), Alcoa (NYSE:AA), Allegheny Technologies (NYSE:ATI) and others. A Chinese businessman was arrested last month for allegedly hacking into the computer systems of Boeing (NYSE:BA), Lockheed Martin (NYSE:LMT) and other companies that have large defense contracts with the U.S. government. Recently cyberattacks moved into the top 10 list of global business risks, according to the Allianz Risk Barometer Survey, which polled more than 400 corporate insurance experts from 33 nations. "It's more prevalent now than it was and harder to detect," said Murray Jennex, a management information systems professor at San Diego State University. Yet challenges remain to raise awareness that cyberinsurance can be an effective tool to protect against the costs of repairing and defending against cyberattacks. With $2 billion paid in cyberinsurance premiums in 2013, the specialty still makes up a small percentage of the $1 trillion total paid in U.S. insurance premiums last year, said Marsh Management Research, a division of Marsh USA. Average coverage limits purchased by firms with more than $1 billion in revenue rose by 10% in 2013 to $28.2 million each, says Marsh. The estimated cost varies widely. A 2014 study sponsored by the software security firm McAfee estimated that cybercrime costs businesses worldwide $445 billion annually. An old Symantec (NASDAQ:SYMC) study put that total at $114 billion — 13 years ago in 2001. "Many businesses may not completely understand their vulnerability at this point," said Robert Hartwig, president and chief economist at the Insurance Information Institute. Challenges remain for underwriters and clients to know how much to insure and why. For instance, what is the value of lost privacy? "We're a century and a half ahead when it comes to mitigation and prevention of fires," Hartwig said. "We're in the first decade when thinking of how to prevent cyberattacks." The costs of compromised computer security are very real. The cybersecurity breach last December at Target (NYSE:TGT), in which hackers obtained tens of millions of consumers' credit and debit card information, ultimately cost Chief Executive Officer Gregg Steinhafel his job. The attack made some customers skittish, hurt sales and contributed to a 14% decline in Target's share price over two months. The Minneapolis-based big-box retailer was hit with more than 50 lawsuits, now being coordinated before a federal judge in Minnesota. Michaels (NASDAQ:MIK), eBay (NASDAQ:EBAY), JPMorgan Chase (NYSE:JPM) and St. Joseph Health System all have reported cyberattacks within the last 12 months. The number of U.S. companies with cyberinsurance varies with the research. Nearly a third of U.S. companies have a cyberinsurance security policy, according to a 2013 report sponsored by Experian and conducted by the Ponemon Institute. Zurich Insurance Group reported last year that 52% of U.S. companies surveyed were covered, but a study sponsored by Willis Group Holdings (NYSE:WSH) said that a mere 6% of Fortune 500 companies carry such protection. Whatever the number of cyberattacks inflicted or cyberinsurance policies sold, insurers will try to protect clients and cash in on this wrinkle in the Internet revolution. "While it's hard to underwrite," said Marsh USA's Parisi, "that hasn't been a deterrent to insurance companies rushing into this market space."
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Computer Attacks Leading To More Cyberinsurance Audrey McNeil (Jul 31)