Insurers Get Much More Cautious About Cyber Risk

Insurance giant Anthem has effectively scared off possible victims of a 2015 data breach by asking them to examine their personal computers for evidence that their own shoddy security was to blame for their information falling into the hands of criminals.

Some of the affected Anthem customers sued for damages which they say resulted from the breach, but then they withdrew their suits after Anthem got a court order allowing them to examine customer breaches.

The examiners would be looking only for evidence that their credentials or other personal data had been stolen even before the Anthem hack ever took place, according to a blog by Chad Mandell, an attorney at LeClairRyan.

“If that proved to be true, it would call into question whether the plaintiffs’ alleged injuries had truly been caused by the Anthem hack,” he writes. In other words, they failed to properly secure their personal devices, so the damages they suffered might have been their own fault, not Anthem’s.

After the forensic exams were ordered, several of those who filed suit asked the judge to drop their complaints, either because they suspected Anthem would find evidence the data was lost before the breach or because they didn’t want to submit to having their PCs snooped. Or perhaps they just didn’t want the inconvenience of giving up use of their machines for the duration of the search.

Regardless, it proved an effective legal strategy for Anthem. If just a few of those who sue walk away, it still means fewer possible payouts.

And it points out how difficult it is to prove that personal data used by criminals was stolen in a particular breach. Yes, the victim’s information was exploited, but how it got into the hands of the criminals is not so easily determined.

It might be argued that seeking forensic analysis of victim’s computers could help set a lower bar for corporate security. Why should a company offer stronger protection for their customers than the customers provide for themselves? Given that not all customers practice poor cyber defense of their own computers, that argument probably won’t fly.

But as Mandell notes, those customers who demanded perfect security from Anthem might have been asking too much. “As a result, one has to wonder whether they had reasonable expectations regarding their personal privacy to begin with,” he writes. “In suing Anthem, were the customers seeking to hold the company to an almost impossible standard?”

NetworkWorld

You Might Also Read:

Anthem failed to encrypt data prior to cyber-attack:

Cybersecurity Breaches Cost UK Businesses Close To £30bn Last Year:

Cyber Insurance: 7 Questions To Ask:

Why SMEs Need Cyber Insurance:

Insurance & Cyber Vulnerability - Get Your Report for 2016:

 


 

« Half Of All Canadian Businesses Hacked
French State Hackers Get Ready For Cyber Warfare »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Social-Engineer

Social-Engineer

Social-Engineer is a team of outside–the–box thinkers that share a common focus on human-to-human social engineering.

Gigamon

Gigamon

Gigamon provides intelligent Traffic Visability solutions that provide unmatched visbility into physical & birtual networks without affecting the performance or stability of production environments.

Fieldfisher

Fieldfisher

Fieldfisher's Technology, Outsourcing & Privacy Group has class-leading expertise in privacy, data & cybersecurity, digital media, big data, the cloud, mobile payments and mobile apps.

Nohau

Nohau

Nohau provide services for safe and secure embedded software development.

Adlink Technology

Adlink Technology

ADLINK is a leading provider of embedded computing products and services for applications including IoT and industrial automation.

Cybraics

Cybraics

Cybraics nLighten platform implements a unique and sophisticated artificial intelligence engine that rapidly learns your environment and alerts security teams to threats and vulnerabilities.

Seltek Technology Solutions

Seltek Technology Solutions

Seltek provides Digital Forensics, eDiscovery, Cybersecurity Assessments and IT Support services.

SOCOTEC Certification International

SOCOTEC Certification International

SOCOTEC Certification International has been providing management systems assessment and accredited ISO certification services to organisations around the world since 1995.

Connectitude

Connectitude

Connectitude IIoT Platform ™ is a complete solution for industrial IIoT.

HSB

HSB

HSB offers insurance for equipment breakdown, cyber risk, data breach, identity recovery & employment practices liability.

Intrinium

Intrinium

Intrinium is an Information Technology and Security Solutions company, providing comprehensive consulting and managed services to businesses of all sizes.

Identity Management Institute (IMI)

Identity Management Institute (IMI)

Identity Management Institute (IMI) provides professional training and certification in cyber security with a focus on identity and access management, identity theft, and data protection.

NetBlocks

NetBlocks

NetBlocks is a global internet monitor working at the intersection of digital rights, cyber-security and internet governance.

Bittnet Training

Bittnet Training

Bittnet Training is the leader in the IT Training market in Romania. We develop the IT skills of IT professionals as well as those who wish to start a career in IT.

SE Ventures

SE Ventures

SE Ventures provides capital to big ideas and bold entrepreneurs who can benefit from Schneider Electric's deep domain expertise, R&D assets, and global customer base.

SecurityStudio

SecurityStudio

SecurityStudio is a continuous cybersecurity risk management platform that allows decision-makers to quickly identify the most immediate threats and make confident risk informed decisions.