Cyber Security Insurance Difficult for Business to Navigate

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.bloggernews.net/134537

Cyber insurance is now booming, with about 50 carriers in the industry. An
increasing number of companies have cyber insurance to protect against
cyber crime. However, businesses claim it’s not easy to get adequate
coverage.

Losses from data breaches are difficult to quantify. The tangible losses
are more easily insured, says a New York Times online report. When it comes
to a data breach, there are often related losses such as reputational
damage and loss of customer loyalty that are harder to quantify.

Add to this the fact that underwriters don’t yet have sufficient data to
estimate the likeliness or cost of an attack; most breaches get missed or
aren’t reported publicly.

While an insurance company can tell you the precise odds of a major city
office building burning down, nobody knows when the next giant retailer
will be hacked. Statistics on hacking risks aren’t constant due to the
continuous evolution of cyber crimes.

According to New York Times estimates, companies seeking coverage can only
hope for, at best, a $300 million policy, peanuts compared to the billions
devoted to property protection. Though this still sounds generous, the cost
of a major breach can easily exceed it. Target’s situation is on course for
just that, says the New York Times online article. The 2011 Sony breach has
already exceeded $2 billion in fallout.

The best policies cover costs associated with alerting customers, plus
forensics, call center setups, consumer identity monitoring, legal fees and
a crisis management firm. But that may only dent the disaster. Policies
don’t address loss in profits due to customers jumping ship. A policy can’t
prevent a marred brand reputation. “Although a solid cyber policy will
cover notification, crisis management expenses, defense costs, damages and
the costs associated with regulatory action, it would not cover other,
potentially much larger losses, such as reputational injury and loss of
brand and market share,” says Roberta Anderson, an insurance coverage and
cybersecurity attorney with the law firm of K&L Gates, LLP. “Those losses
are difficult to value and remain uninsurable in the market today.”

Expect the cyber insurance industry to continue swelling while cyber crime
continues to remain several steps ahead of businesses and security systems.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!