Insurers Get Much More Cautious About Cyber Risk

Insurance giant Anthem has effectively scared off possible victims of a 2015 data breach by asking them to examine their personal computers for evidence that their own shoddy security was to blame for their information falling into the hands of criminals.

Some of the affected Anthem customers sued for damages which they say resulted from the breach, but then they withdrew their suits after Anthem got a court order allowing them to examine customer breaches.

The examiners would be looking only for evidence that their credentials or other personal data had been stolen even before the Anthem hack ever took place, according to a blog by Chad Mandell, an attorney at LeClairRyan.

“If that proved to be true, it would call into question whether the plaintiffs’ alleged injuries had truly been caused by the Anthem hack,” he writes. In other words, they failed to properly secure their personal devices, so the damages they suffered might have been their own fault, not Anthem’s.

After the forensic exams were ordered, several of those who filed suit asked the judge to drop their complaints, either because they suspected Anthem would find evidence the data was lost before the breach or because they didn’t want to submit to having their PCs snooped. Or perhaps they just didn’t want the inconvenience of giving up use of their machines for the duration of the search.

Regardless, it proved an effective legal strategy for Anthem. If just a few of those who sue walk away, it still means fewer possible payouts.

And it points out how difficult it is to prove that personal data used by criminals was stolen in a particular breach. Yes, the victim’s information was exploited, but how it got into the hands of the criminals is not so easily determined.

It might be argued that seeking forensic analysis of victim’s computers could help set a lower bar for corporate security. Why should a company offer stronger protection for their customers than the customers provide for themselves? Given that not all customers practice poor cyber defense of their own computers, that argument probably won’t fly.

But as Mandell notes, those customers who demanded perfect security from Anthem might have been asking too much. “As a result, one has to wonder whether they had reasonable expectations regarding their personal privacy to begin with,” he writes. “In suing Anthem, were the customers seeking to hold the company to an almost impossible standard?”

NetworkWorld

You Might Also Read:

Anthem failed to encrypt data prior to cyber-attack:

Cybersecurity Breaches Cost UK Businesses Close To £30bn Last Year:

Cyber Insurance: 7 Questions To Ask:

Why SMEs Need Cyber Insurance:

Insurance & Cyber Vulnerability - Get Your Report for 2016:

 


 

« Half Of All Canadian Businesses Hacked
French State Hackers Get Ready For Cyber Warfare »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authenware

Authenware

AuthenWare delivers the highest level of identity security based on behavioral biometrics.

Korea Information Security Industry Association (KISIA)

Korea Information Security Industry Association (KISIA)

KISIA is a non-profit organization for the information security industry in Korea.

Paygilant

Paygilant

Paygilant’s disruptive technology is designed to protect mobile payment  financial transactions against fraudulent attacks, whether executed by NFC, QR code, P2P or in-app.

Pindrop Security

Pindrop Security

Pindrop solutions are leading the way to the future of voice by establishing the standard for security, identity, and trust for every voice interaction.

Advanced Systems International SAC

Advanced Systems International SAC

Advanced Systems international is a global company dedicated to data security software design, development, support, and licensing.

SteelCloud

SteelCloud

SteelCloud has spent the last decade inventing technology to automate policy compliance, configuration control, and Cloud security.

Government Communications Security Bureau (GCSB)

Government Communications Security Bureau (GCSB)

GCSB contributes to New Zealand’s national security by providing information assurance and cyber security to the New Zealand Government and critical infrastructure organisations.

CS3STHLM

CS3STHLM

CS3STHLM is the Stockholm international summit on Cyber Security in SCADA and Industrial Control Systems.

Smart Protection

Smart Protection

Smart Protection are experts in brand and trademark protection - we fight against counterfeits and unauthorized usages of brands with machine learning technology.

Towerwall

Towerwall

Towerwall offers a comprehensive suite of security services and solutions using best-of-breed tools and information security services.

CoursesOnline

CoursesOnline

CoursesOnline.co.uk is a database listing IT security courses from providers across the UK.

xMatters

xMatters

xMatters is a digital service availability platform that helps enterprises prevent, manage, and resolve IT incidents before they can become business problems.

Computer Services Inc (CSI)

Computer Services Inc (CSI)

CSI is a leading fintech, regtech and cybersecurity solutions partner operating at the intersection of innovation and service.

Searchlight Cyber

Searchlight Cyber

Searchlight Cyber is a leading darknet intelligence company. Working with law enforcement, industry, and end users to help protect society against the threats of the darknet.

DerSecur

DerSecur

DerSecur has been engaged in advanced technology activities in the field of Application Security since 2011. We offer R&D technology solutions in the field of SAST, DAST and SCA analysis.

Fingerprints

Fingerprints

Fingerprints is the world-leading biometrics company. Our solutions are found in millions of devices providing safe and convenient identification and authentication with a human touch.

SecuRedact

SecuRedact

SecuRedact is an AI-powered tool to detect and pseudonymize personal data in text and images. Fast, local, secure, and free to try.