Insurers Are Handling 'hundreds' Of Breach Claims

Uploaded on 2016-12-20 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

 

Insurance claims for data breaches are being made at a rate of more than one a day, figures from CFC Underwriting suggest.

The London firm said that in 2016 it had handled more than 400 claims on cyber-breach policies it had issued. The main types of attack being claimed for were privacy breaches and the theft of cash with the massive amount of stolen data shared online driving many attacks, said the firm.

No Recovery

Claims on CFC policies were up 78% on 2015, said Graeme Newman, chief innovation officer at the underwriter.

"About 90% of our claims by volume are from businesses with less than £50m in revenue," he said, adding that a "disproportionate" number of claims were being made by British firms.  

"This is largely down to the fact that on the whole, UK businesses have a lower level of security maturity than their US counterparts," he said.

Ransomware, in which data is encrypted unless victims pay cash to a hacker to unscramble it, was behind 16% of the claims filed with CFC, putting it third behind data breaches and theft, he added.

Mr Newman also pointed out that the major breaches seen in 2016, which have seen huge amounts of login details stolen and shared, was starting to be used much more frequently.

These "phantom breaches" and account takeovers were proving tempting for criminal hackers, said Mr Newman. "They are going after the low-hanging fruit," he said.

Cyber-insurance was becoming necessary to help firms cope with the volume of attacks they faced every day, he said. "It's now become more of an incident response service that pays all the costs associated with that," he said. "You ring up the insurer and they get people in to help."

Many insurance firms now had security, data forensics, incident response and PR firms on call to help respond when a claim is filed, he said. Some also employed experts who had experience negotiating with kidnappers and can advise about the best way to deal with ransom and extortion demands.

The insurance policies were proving popular, said Paul Delbridge, a partner at professional services network PWC, who has studied the market, because the costs associated with investigating and fixing a breach were potentially so high.

In the UK, most policies were for a few million pounds, said Mr Delbridge, and the highest cover that firms can buy is for £25m. In the US, the highest policies cover about $100m (£80m).

The cyber-breach policies were particularly attractive to smaller firms which cannot afford to staff and run a large internal security unit, he added.

"Not investing in your cyber-defences is very risky because if there's a material breach it becomes a very public event and often the PR fallout is such that the business never really recovers," he said.

BBC:           Cyber Liability Insurance’s Data Problems:


 

 

« Destructive Cyber Attack On Saudi Kingdom
Amazon Makes First Successful UK Drone Delivery »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Security Magazine

Security Magazine

Security, the business magazine for security executives, focuses on management issues facing top security professionals and effective solutions being employed, both physical and cyber.

Bryan Cave LLP

Bryan Cave LLP

Bryan Cave LLP is a global business and litigation law firm. Practice areas include Data Privacy and Security.

CionSystems

CionSystems

CionSystems provides identity, access and authentication solutions to improve security and streamline IT infrastructure management.

MSAB

MSAB

MSAB is a pioneer in forensic technology for mobile device examination.

Atea

Atea

Atea is the market leader in IT infrastructure for businesses and public-sector organizations in Europe’s Nordic and Baltic regions.

Sepior

Sepior

Our vision is to make Sepior the leading provider of cloud-encryption software in the world.

Oak Ridge National Laboratory (ORNL)

Oak Ridge National Laboratory (ORNL)

ORNL conducts basic and applied research and development in key areas of science for energy, advanced materials, supercomputing and national security including cybersecurity.

UncommonX

UncommonX

UncommonX offers enterprise-class cybersecurity protection for mid-size organizations by combining adaptive threat and intelligence software with 24/7 industry experts.

Assure IT

Assure IT

Assure IT is a Singapore company specialising in technology governance, risk and compliance.

Avetta

Avetta

Avetta One is the industry’s largest Supply Chain Risk Management (SCRM) platform. It enables clients to manage supply chain risks and suppliers to prove the value of their business.

mxHERO

mxHERO

mxHERO reduces the risks inherent with ransom and cyber-security threats specific to email.

Assetnote

Assetnote

The Assetnote platform enables organizations to effectively map and continuously monitor their external attack surface.

Relatech

Relatech

Relatech is a Digital Enabler Solution Knowledge (D.E.S.K.) Company that offers digital services and solutions dedicated to the digital transformation of businesses.

RAD Security

RAD Security

RAD Security (formerly KSOC) is a cloud native security company that empowers engineering and security teams to drive innovation so they can focus on growth versus security problems.

Siguria Kibernetike (Cyber Security)

Siguria Kibernetike (Cyber Security)

Siguria Kibernetike is a company based in Tirana that offers full service in the field of cyber and physical security.

CyRiSo

CyRiSo

CyRiSo is a cyber security consulting company with a focus on 'as-a-service' services for the most pressing challenges of cyber security.