When people think of cyber losses and cyber insurance, they tend to think of privacy breaches. The exposure of personally identifying information and concomitant risk of identity theft, which is followed by notification costs and regulatory fines is a recognized threat. More and more, though, the interruption of day to day business is the highest cost of a breach. These losses can lead to lost sales, lost productivity, reputational damage, and missed deadlines leading to breach of contract.
More and more companies are purchasing cyber insurance as the risks to the company’s businesses from the breach of their networks expand. More companies are also requiring that their vendors and contractors obtain cyber insurance to protect themselves from breaches caused by third parties. As the cyber insurance market place grows, it’s important for companies to know what they get with their cyber insurance policies to maximize the advantage of their purchase.
Ransomware continues to be a popular tool among hackers and cyber criminals. By locking users out of their own systems, these cyber criminals can extort significant payments from companies who risk losing way more money due to the interruption to their business. Traditionally, the number one target of ransomware attacks has been the healthcare industry due to the incredibly time-sensitive nature of their business. Recently however, hackers have focused their attacks on industrial businesses which is bad news for product manufacturers and physical plants.
When people think of property insurance, they often immediately think of buildings – things like houses, retail stores, or warehouses. If they continue the thought further, they may think of additional items of property like furniture or inventory. These items have a very real physical presence, and that physical presence subjects them to potential damage or loss from known hazards like a fire or water damage. Property insurance exists to protect individuals and companies from that loss.
The Dark Overlord hack stands at the intersection of a number of prominent issues in the modern world: terrorism, cyber warfare, confidentiality and privacy. On New Year’s Eve, 2018, a group of hackers calling themselves Dark Overlord stated they had hacked confidential legal files related to the insurance litigation that followed the 9/11 attacks. The hackers demanded a ransom from the law firm from whom the information was stolen. Apparently, the ransom was paid but the law firm breached the terms of the ransom by reporting the breach to law enforcement. Now the hackers have threatened to sell the information online through the dark web.
The cyber market has evolved incredibly in a few short years. It’s been barely more than twenty years since the internet became a ubiquitous presence in the lives of most Americans. As cyberspace has grown, the risks attendant on cyberspace has grown as well. To meet the challenges of combining scope and risk, legislators and courts have had to move quickly to regulate this area and protect individuals from loss. At the same time, insurance companies have had to tailor policies to protect companies from the risks of doing business online.
Within the context of cyber security, one most always discusses the subject in exponentials; Whether considering the number of breached records, the amount of damage, or the size of data leaks. What was groundbreaking three years ago in volume will seem quaint by the end of the year. A host of news stories regarding the 2013 and 2014 data breaches at Yahoo Inc. over the past few months have underlined this aspect of the conversation about cybersecurity. It serves as a stark reminder that companies need to keep an eye on their cyber risks and seriously consider purchasing cyber insurance if they have not done so already to survive this increasingly harsh ecosystem.
The clash between the stringent privacy requirements of HIPAA and the known vulnerability of most cyber systems creates a host of anxieties for most modern medical care providers. The Health Insurance Portability and Accountability Act requires that medical providers and insurers take reasonable precautions to ensure that the medical information of their patients remains private. At the same time, it is increasingly apparent that almost all cyber information systems have at least a few vulnerabilities, even if only through their users, and few systems can withstand a dedicated, concentrated cyber assault.
Wire transfer fraud claims resulting from cyber attacks have increased dramatically over recent years, and companies are losing millions of dollars in these attacks. As is common when a new business risk develops, organizations look to their insurance policies to help cover their losses. As we have shared in previous examples, the coverage is not always adequate.
The extent of coverage for a company that has been a victimized may be sparse, and the costs of any breach are ongoing. Consequences of a fraudulent wire transfer depend not just on the specific wording in the policies a business has purchased, but as seen in the following instances, also being upheld differently in different states.
What Is GDPR?
The General Data Protection Regulation or GDPR is a set of laws created with one ultimate goal: to protect the personal data of people in or from the European Union (EU). The critical point here is that the individual’s nationality or residence is irrelevant- just whether they are in or from the EU. This law has forced the hand of many businesses to adopt the regulations into their practices for data collection- most commonly seen on websites. The GDPR became effective on May 28, 2018, but many businesses are still catching up due to inertia in changing procedures and practices.