Why a judge’s Target ruling could spark cyber sales

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.ibamag.com/news/why-a-judges-target-ruling-could-spark-cyber-sales-20551.aspx

Cyber liability take-up rates are finally starting to improve. After nearly
two decades of attempting to sell this fringe product, commercial producers
are seeing businesses turn from window-shoppers to buyers, helped along by
frequent data breaches of major corporations.

Now, a ruling from a federal judge that Target is responsible for the
financial losses banks sustained when the retailer was hacked last year
provides even more incentive for commercial clients to take the plunge.

Judge Paul A. Magnuson of the Minnesota District Court ruled Thursday that
Target was negligent in the holiday data breach and as such, decided to
allow banks and other financial institutions to seek compensation through
legal means.

“Although the third-party hackers’ activities caused harm, Target played a
key role in allowing the harm to occur,” Magnuson ruled. “Indeed,
Plaintiffs’ allegation that Target purposely disabled one of their security
features that would have prevented the harm is itself sufficient to plead a
direct negligence case.”

It doesn’t take a huge leap of imagination for producers to assume that if
Target—with its billions in revenue and sophisticated cyber security
defense—can be ruled negligent, so can their small to midsize clients.
Convincing clients of this additional risk, however, may not be so easy.

“Sometimes they tell me, ‘I’ve got a general liability policy, so if I’m
liable then that should cover it,’” Neil Ness, an agent with Farmers Union
Insurance in Bismark, N.D. told USA Today. “I tell them, ‘Well, GLC only
covers bodily harm or property—stealing someone’s information isn’t
covered.”

That statement is sadly rooted in fact. According to a report from Hanover
Research and Verisk’s ISO, a full 40% of carriers offering cyber insurance
say businesses do not think they need cyber insurance, with another 29%
under the impression they are covered under existing policies.

Yet ignoring cyber risk is particularly dangerous for these small
businesses, Ness said.

“That’s how these hackers practice. They go after the little ones who
aren’t really paying attention.”

Despite the increase in cyber insurance take-up rates, market penetration
is still low. A November Marsh & McLennan Agency survey reveals that just
33% of small to mid-sized businesses have appropriate coverage.

In some ways, that’s good news for producers who can make cyber security a
unique selling point. However, Hanover Research suggests there is yet work
to be done among the producer workforce—a full 51% of survey respondents
say they have no dedicated cyber workers, instead relying on staff from
other lines to sell the policies.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!