Insurers Are Handling 'hundreds' Of Breach Claims

Uploaded on 2016-12-20 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

 

Insurance claims for data breaches are being made at a rate of more than one a day, figures from CFC Underwriting suggest.

The London firm said that in 2016 it had handled more than 400 claims on cyber-breach policies it had issued. The main types of attack being claimed for were privacy breaches and the theft of cash with the massive amount of stolen data shared online driving many attacks, said the firm.

No Recovery

Claims on CFC policies were up 78% on 2015, said Graeme Newman, chief innovation officer at the underwriter.

"About 90% of our claims by volume are from businesses with less than £50m in revenue," he said, adding that a "disproportionate" number of claims were being made by British firms.  

"This is largely down to the fact that on the whole, UK businesses have a lower level of security maturity than their US counterparts," he said.

Ransomware, in which data is encrypted unless victims pay cash to a hacker to unscramble it, was behind 16% of the claims filed with CFC, putting it third behind data breaches and theft, he added.

Mr Newman also pointed out that the major breaches seen in 2016, which have seen huge amounts of login details stolen and shared, was starting to be used much more frequently.

These "phantom breaches" and account takeovers were proving tempting for criminal hackers, said Mr Newman. "They are going after the low-hanging fruit," he said.

Cyber-insurance was becoming necessary to help firms cope with the volume of attacks they faced every day, he said. "It's now become more of an incident response service that pays all the costs associated with that," he said. "You ring up the insurer and they get people in to help."

Many insurance firms now had security, data forensics, incident response and PR firms on call to help respond when a claim is filed, he said. Some also employed experts who had experience negotiating with kidnappers and can advise about the best way to deal with ransom and extortion demands.

The insurance policies were proving popular, said Paul Delbridge, a partner at professional services network PWC, who has studied the market, because the costs associated with investigating and fixing a breach were potentially so high.

In the UK, most policies were for a few million pounds, said Mr Delbridge, and the highest cover that firms can buy is for £25m. In the US, the highest policies cover about $100m (£80m).

The cyber-breach policies were particularly attractive to smaller firms which cannot afford to staff and run a large internal security unit, he added.

"Not investing in your cyber-defences is very risky because if there's a material breach it becomes a very public event and often the PR fallout is such that the business never really recovers," he said.

BBC:           Cyber Liability Insurance’s Data Problems:


 

 

« Destructive Cyber Attack On Saudi Kingdom
Amazon Makes First Successful UK Drone Delivery »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Rapid7

Rapid7

Rapid7 unites cloud risk management and threat detection to deliver results that secure your business and ensure you’re always ready for what comes next.

CyberDef

CyberDef

CyberDef is a consulting company specialising in cyber defence services for small and medium enterprises.

Bunifu Technologies

Bunifu Technologies

Bunifu Technologies is an Information Security and Custom Software Development Company.

Infodas

Infodas

Infodas provides Cybersecurity and IT consulting / system integration services as well as a range of innovative Cybersecurity products to public sector and commercial clients.

Recruit.net

Recruit.net

Recruit.net allows job seekers to instantly find millions of jobs from thousands of web sites with a single search.

Improsec

Improsec

Improsec is a fully independent Cyber Security advisory company - we provide knowledge, experience and both strategic and deep technical expertise to our clients.

National Health Care Anti-Fraud Association (NHCAA) - USA

National Health Care Anti-Fraud Association (NHCAA) - USA

National Health Care Anti-Fraud Association is the leading national organization focused exclusively on the fight against health care fraud.

IT Search

IT Search

IT Search is a specialist IT recruitment company focusing on Cyber Security, IT Infrastructure, Software, Data, Digital Transformation and C Suite leadership positions.

GeoEdge

GeoEdge

GeoEdge is the premier provider of ad security and quality solutions for the online and mobile advertising ecosystem.

Hayes Connor Solicitors

Hayes Connor Solicitors

Hayes Connor Solicitors is a specialist data breach and cybercrime law firm. We act for clients on individual data breaches and also where a group has been compromised as part of a targeted attack.

AdvIntel

AdvIntel

AdvIntel is a next-generation threat prevention and loss prevention company launched by a team of certified investigators, reverse engineers, and security experts.

Legit Security

Legit Security

Legit Security's mission is to secure every organization's software factory by protecting the pipelines, infrastructure, code and people for faster and more secure software releases.

OneCollab

OneCollab

OneCollab, your unwavering ally in the dynamic landscape of IT services and cybersecurity.

CyberSecureRIA

CyberSecureRIA

We founded CyberSecureRIA specifically to secure and support RIAs. We exist to secure SEC-registered RIAs, and keep them compliant with cybersecurity regulations.

View

View

View is the leader in smart building technologies including OT cybersecurity to securely connect buildings to the cloud and manage building networks and OT devices.

Mesh Security

Mesh Security

Mesh Security transforms security data, tools, and infra for enterprise-wide visibility and control.