There are recognized patterns of higher risk. For example, Hurricanes and earthquakes do catastrophic damage to a specific geographic area. These natural disasters pose unique risks to insurance companies as a result of that history. If an insurance company insures at lot of this type of risk, it can face massive losses and have its financial stability threatened. For this reason, insurance companies try to avoid insuring too many homes or businesses (for this example) in an at risk area for hurricane or earthquake damage. While this helps keep insurance companies financially sound, it can make coverage harder to obtain for those who need it most.
The problem of Social Engineering techniques called Phishing, Whaling, Spear Phishing, Pharming, or Impersonation Fraud has become significant and widespread in recent years. The insurance industry has made efforts to keep these risks in mind for cyber liability policies. Sometimes there is language added that will protect a company, but sometimes communication is added to a basic policy that would not protect a business against these specific risks.
When people think of cyber losses and cyber insurance, they tend to think of privacy breaches. The exposure of personally identifying information and concomitant risk of identity theft, which is followed by notification costs and regulatory fines is a recognized threat. More and more, though, the interruption of day to day business is the highest cost of a breach. These losses can lead to lost sales, lost productivity, reputational damage, and missed deadlines leading to breach of contract.
When businesses think of ways that poor cyber security can lose them money, they often think of hackers breaching their systems. It’s easy to picture this as a pitched battle between the cyber criminals storming the castle walls, and the defenders seeking to repel them. Unfortunately, some cyber incidents and privacy breaches occur not through the concerted efforts of the bad guys; instead they happen due to simple mistakes and negligence by a company’s own employees.
More and more companies are purchasing cyber insurance as the risks to the company’s businesses from the breach of their networks expand. More companies are also requiring that their vendors and contractors obtain cyber insurance to protect themselves from breaches caused by third parties. As the cyber insurance market place grows, it’s important for companies to know what they get with their cyber insurance policies to maximize the advantage of their purchase.
Ransomware continues to be a popular tool among hackers and cyber criminals. By locking users out of their own systems, these cyber criminals can extort significant payments from companies who risk losing way more money due to the interruption to their business. Traditionally, the number one target of ransomware attacks has been the healthcare industry due to the incredibly time-sensitive nature of their business. Recently however, hackers have focused their attacks on industrial businesses which is bad news for product manufacturers and physical plants.
How much would it cost your business to shut down for a week? How much would it cost your business to shut down for a month? Employees unable to get work done, unable to complete sales orders or deliver products to your customers? For some businesses, the answer to that question can be in the millions.
Cyber coverage remains a hot topic in the insurance world. The coverage is relatively new and complicated questions of claims handling are still working their way through the court system with often unforeseeable results. Now, a novel defense is one cyber coverage lawsuit may throw a major wrench in the extent of protection these policies provide.
The Dark Overlord hack stands at the intersection of a number of prominent issues in the modern world: terrorism, cyber warfare, confidentiality and privacy. On New Year’s Eve, 2018, a group of hackers calling themselves Dark Overlord stated they had hacked confidential legal files related to the insurance litigation that followed the 9/11 attacks. The hackers demanded a ransom from the law firm from whom the information was stolen. Apparently, the ransom was paid but the law firm breached the terms of the ransom by reporting the breach to law enforcement. Now the hackers have threatened to sell the information online through the dark web.
It seems not a week goes by these days without news breaking of another massive data breach affecting hundreds of millions of people. At the end of November 2018, Marriot, the global hotel chain, announced they had been hacked and the personal information of five hundred million preferred customers had been exposed to criminals. What’s worse, Marriott announced the original data breach occurred over four years ago, leaving people unknowingly at risk for identity theft during that time.