Insurers Are Handling 'hundreds' Of Breach Claims

 

Insurance claims for data breaches are being made at a rate of more than one a day, figures from CFC Underwriting suggest.

The London firm said that in 2016 it had handled more than 400 claims on cyber-breach policies it had issued. The main types of attack being claimed for were privacy breaches and the theft of cash with the massive amount of stolen data shared online driving many attacks, said the firm.

No Recovery

Claims on CFC policies were up 78% on 2015, said Graeme Newman, chief innovation officer at the underwriter.

"About 90% of our claims by volume are from businesses with less than £50m in revenue," he said, adding that a "disproportionate" number of claims were being made by British firms.  

"This is largely down to the fact that on the whole, UK businesses have a lower level of security maturity than their US counterparts," he said.

Ransomware, in which data is encrypted unless victims pay cash to a hacker to unscramble it, was behind 16% of the claims filed with CFC, putting it third behind data breaches and theft, he added.

Mr Newman also pointed out that the major breaches seen in 2016, which have seen huge amounts of login details stolen and shared, was starting to be used much more frequently.

These "phantom breaches" and account takeovers were proving tempting for criminal hackers, said Mr Newman. "They are going after the low-hanging fruit," he said.

Cyber-insurance was becoming necessary to help firms cope with the volume of attacks they faced every day, he said. "It's now become more of an incident response service that pays all the costs associated with that," he said. "You ring up the insurer and they get people in to help."

Many insurance firms now had security, data forensics, incident response and PR firms on call to help respond when a claim is filed, he said. Some also employed experts who had experience negotiating with kidnappers and can advise about the best way to deal with ransom and extortion demands.

The insurance policies were proving popular, said Paul Delbridge, a partner at professional services network PWC, who has studied the market, because the costs associated with investigating and fixing a breach were potentially so high.

In the UK, most policies were for a few million pounds, said Mr Delbridge, and the highest cover that firms can buy is for £25m. In the US, the highest policies cover about $100m (£80m).

The cyber-breach policies were particularly attractive to smaller firms which cannot afford to staff and run a large internal security unit, he added.

"Not investing in your cyber-defences is very risky because if there's a material breach it becomes a very public event and often the PR fallout is such that the business never really recovers," he said.

BBC:           Cyber Liability Insurance’s Data Problems:


 

 

« Destructive Cyber Attack On Saudi Kingdom
Amazon Makes First Successful UK Drone Delivery »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

T-ISAC Japan coordinates information sharing and activities related to ISP/telecommunications network security in Japan.

Flexera

Flexera

Flexera is reimagining the way software is bought, sold, managed and secured.

DirectDefense

DirectDefense

DirectDefense is an information security services and managed services provider.

AimBrain

AimBrain

AimBrain tools detect and prevent fraud, faster and more accurately than ever before.

OcuCloud

OcuCloud

OcuCloud protects businesses' valuable information in the cloud, preventing security breaches caused by employees and remote vendors.

InFyra

InFyra

InFyra is an IoT & Telecoms specialist consultancy, with extensive global and local experience in business and technology strategy, networks and solutions development.

Panorays

Panorays

Panorays automates third-party security lifecycle management. It is a SaaS-based platform, with no installation needed.

GateKeeper Enterprise

GateKeeper Enterprise

The GateKeeper Enterprise software is an identity access management solution. Automated proximity-based authentication into computers and websites. Passwordless login and auto-lock PCs.

usecure

usecure

usecure is a global provider of computer-based cyber security awareness training, offering the market’s most time-efficient, cost-effective and admin-lite solution for reducing insider threats.

Wisetek

Wisetek

Wisetek is a global provider of end-to-end IT Asset Disposition (ITAD), reuse and secure data destruction management services to the world’s leading IT Corporations, data centres and manufacturers.

EdgeWatch

EdgeWatch

EdgeWatch is a platform that helps information accredited security practitioners discover, monitor, and analyze devices that are accessible from the Internet.

Emerge Digital

Emerge Digital

Emerge Digital is a technology and digital innovation business and Managed Services Provider providing solutions to SMEs.

Cysurance

Cysurance

Cysurance is a next-generation risk mitigation company that insures, warranties and certifies security solutions.

Zyber 365

Zyber 365

Zyber 365 are providing a robust, decentralized, and cyber-secured operating system which adheres to the fundamental principles of environmental sustainability.

Modern Networks

Modern Networks

Modern Networks is a leading provider of IT managed services to the UK’s commercial property sector and medium sized enterprises.

NeuroID

NeuroID

NeuroID combines the power of industry-leading behavioral analytics with advanced device and network intelligence to create your first line of defense against malicious bots, bad actors, and fraud.