Insurers Get Much More Cautious About Cyber Risk

Insurance giant Anthem has effectively scared off possible victims of a 2015 data breach by asking them to examine their personal computers for evidence that their own shoddy security was to blame for their information falling into the hands of criminals.

Some of the affected Anthem customers sued for damages which they say resulted from the breach, but then they withdrew their suits after Anthem got a court order allowing them to examine customer breaches.

The examiners would be looking only for evidence that their credentials or other personal data had been stolen even before the Anthem hack ever took place, according to a blog by Chad Mandell, an attorney at LeClairRyan.

“If that proved to be true, it would call into question whether the plaintiffs’ alleged injuries had truly been caused by the Anthem hack,” he writes. In other words, they failed to properly secure their personal devices, so the damages they suffered might have been their own fault, not Anthem’s.

After the forensic exams were ordered, several of those who filed suit asked the judge to drop their complaints, either because they suspected Anthem would find evidence the data was lost before the breach or because they didn’t want to submit to having their PCs snooped. Or perhaps they just didn’t want the inconvenience of giving up use of their machines for the duration of the search.

Regardless, it proved an effective legal strategy for Anthem. If just a few of those who sue walk away, it still means fewer possible payouts.

And it points out how difficult it is to prove that personal data used by criminals was stolen in a particular breach. Yes, the victim’s information was exploited, but how it got into the hands of the criminals is not so easily determined.

It might be argued that seeking forensic analysis of victim’s computers could help set a lower bar for corporate security. Why should a company offer stronger protection for their customers than the customers provide for themselves? Given that not all customers practice poor cyber defense of their own computers, that argument probably won’t fly.

But as Mandell notes, those customers who demanded perfect security from Anthem might have been asking too much. “As a result, one has to wonder whether they had reasonable expectations regarding their personal privacy to begin with,” he writes. “In suing Anthem, were the customers seeking to hold the company to an almost impossible standard?”

NetworkWorld

You Might Also Read:

Anthem failed to encrypt data prior to cyber-attack:

Cybersecurity Breaches Cost UK Businesses Close To £30bn Last Year:

Cyber Insurance: 7 Questions To Ask:

Why SMEs Need Cyber Insurance:

Insurance & Cyber Vulnerability - Get Your Report for 2016:

 


 

« Half Of All Canadian Businesses Hacked
French State Hackers Get Ready For Cyber Warfare »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Forcepoint

Forcepoint

Forcepoint provide a unified, cloud-centric platform that safeguards users, networks and data while eliminating the inefficiencies of managing multiple point security products.

Comiq

Comiq

Comiq provide software quality assurance, testing and project management services. Areas of expertise include cybersecurity.

bwtech@UMBC

bwtech@UMBC

The bwtech@UMBC Cyber Incubator is an innovative business incubation program that delivers business and technical support to start-up and early-stage cybersecurity/IT products and services companies.

Rewertz

Rewertz

Rewterz is a cyber security company based out of Dubai, serving customers in UAE, Oman, Qatar, Bahrain, Saudi Arabia, and Pakistan.

CyberDegrees.org

CyberDegrees.org

CyberDegrees.org aims to provide top-notch information for students seeking Cyber Security education and career guidance.

Hallam-ICS

Hallam-ICS

Hallam-ICS designs MEP systems for facilities and plants, control and automation solutions, and ensures safety and regulatory compliance.

PurpleSynapz

PurpleSynapz

PurpleSynapz provides hyper-realistic Cyber Security Training with a modern curriculum and Cyber Range.

Trustify

Trustify

Trustify is a Managed Security Service Provider offering a suite of world-class Cyber Risk Management services.

TekSek Cyber Security

TekSek Cyber Security

Preparing you for tomorrow's security threats.

Arkphire

Arkphire

Arkphire provide solutions across every aspect of IT to help your business perform better.

Cyber Range Solutions (CRS)

Cyber Range Solutions (CRS)

CRS provides cyber security training and improve security team performance by providing a hyper realistic, virtual training environment.

HLB Mann Judd (Fiji)

HLB Mann Judd (Fiji)

HLB Mann Judd (Fiji) (formerly known as HLB Crosbie & Associates) is a well-established firm of accountants and business advisers in Fiji.

Zluri

Zluri

Zluri is a cloud-native SaaSOps platform enabling modern enterprises with SaaS Management and Identity Governance.

Loccus AI

Loccus AI

Loccus are developers of AI solutions in the voice safety space. We build identity verification solutions, deepfake detection systems and fraud protection products for companies and end-users.

SecuLore

SecuLore

An innovator in public-safety-focused cybersecurity, SecuLore is dedicated to protecting critical infrastructure from cyber attacks.

When Group

When Group

World Health Energy Holdings, Inc. (d/b/a WHEN Group) is a High Tech Holding Company that specializes in the Cyber, Security and Telecom area.