Insurers Are Handling 'hundreds' Of Breach Claims

 

Insurance claims for data breaches are being made at a rate of more than one a day, figures from CFC Underwriting suggest.

The London firm said that in 2016 it had handled more than 400 claims on cyber-breach policies it had issued. The main types of attack being claimed for were privacy breaches and the theft of cash with the massive amount of stolen data shared online driving many attacks, said the firm.

No Recovery

Claims on CFC policies were up 78% on 2015, said Graeme Newman, chief innovation officer at the underwriter.

"About 90% of our claims by volume are from businesses with less than £50m in revenue," he said, adding that a "disproportionate" number of claims were being made by British firms.  

"This is largely down to the fact that on the whole, UK businesses have a lower level of security maturity than their US counterparts," he said.

Ransomware, in which data is encrypted unless victims pay cash to a hacker to unscramble it, was behind 16% of the claims filed with CFC, putting it third behind data breaches and theft, he added.

Mr Newman also pointed out that the major breaches seen in 2016, which have seen huge amounts of login details stolen and shared, was starting to be used much more frequently.

These "phantom breaches" and account takeovers were proving tempting for criminal hackers, said Mr Newman. "They are going after the low-hanging fruit," he said.

Cyber-insurance was becoming necessary to help firms cope with the volume of attacks they faced every day, he said. "It's now become more of an incident response service that pays all the costs associated with that," he said. "You ring up the insurer and they get people in to help."

Many insurance firms now had security, data forensics, incident response and PR firms on call to help respond when a claim is filed, he said. Some also employed experts who had experience negotiating with kidnappers and can advise about the best way to deal with ransom and extortion demands.

The insurance policies were proving popular, said Paul Delbridge, a partner at professional services network PWC, who has studied the market, because the costs associated with investigating and fixing a breach were potentially so high.

In the UK, most policies were for a few million pounds, said Mr Delbridge, and the highest cover that firms can buy is for £25m. In the US, the highest policies cover about $100m (£80m).

The cyber-breach policies were particularly attractive to smaller firms which cannot afford to staff and run a large internal security unit, he added.

"Not investing in your cyber-defences is very risky because if there's a material breach it becomes a very public event and often the PR fallout is such that the business never really recovers," he said.

BBC:           Cyber Liability Insurance’s Data Problems:


 

 

« Destructive Cyber Attack On Saudi Kingdom
Amazon Makes First Successful UK Drone Delivery »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

iTrinegy

iTrinegy

iTrinegy is a world leader in Application Risk Management offering solutions to mitigate all networked application deployment risks

Parasoft

Parasoft

Parasoft is an independent software testing and software quality assurance tool and solution vendor.

NICE Systems

NICE Systems

NICE Systems provide software solutions to ensure compliance, fight financial crime, and safeguard people and assets.

Global Learning Systems (GLS)

Global Learning Systems (GLS)

Global Learning Systems provides security awareness and compliance training programs for employees that effectively promote behavior change and protect your organization.

Grimm Cyber

Grimm Cyber

GRIMM makes the world a more secure place by increasing the cyber resiliency of our client’s systems, networks, and products.

Seceon

Seceon

Seceon OTM, is a cyber security advanced threat management platform that visualizes, detects, and eliminates threats in real time.

App-Ray

App-Ray

App-Ray provides fully automated security analysis of mobile applications to find security issues, privacy breaches and data leaking potentials.

Trusted Knight

Trusted Knight

Trusted Knight is a leading provider of security software solutions focused on defeating newly developed malware and crimeware trojans.

FileWave

FileWave

FileWave offers a single solution for managing apps, devices, and more for Mac, Windows, and mobile devices.

Tecnalia Research & Innovation

Tecnalia Research & Innovation

Tecnalia is the largest center of applied research and technological development in Spain, a benchmark in Europe and a member of the Basque Research and Technology Alliance.

Extreme Protocol Solutions (EPS)

Extreme Protocol Solutions (EPS)

Extreme Protocol Solutions is an industry leading Data Sanitization Software, Hardware and Onsite Service Provider.

R3

R3

R3 is an enterprise blockchain software firm working with a broad ecosystem of more than 300 participants across multiple industries to develop blockchain applications.

Beauceron Security

Beauceron Security

Beauceron's cloud-based platform gives employees a powerful personal cyber-risk coach empowering them to improve their cybersecurity practices and behaviours.

Thoma Bravo

Thoma Bravo

Thoma Bravo is a leading private equity firm with a 40+ year history and a focus on investing in software and technology companies.

TatvaSoft

TatvaSoft

TatvaSoft is a custom software development company delivering business IT solutions and related services to customers across the globe.

IT Voice

IT Voice

IT Voice specializes in Managed IT and VoIP solutions. Our focus is simplifying the technology so our customers can stay focused on what they do best.