Insurers Get Much More Cautious About Cyber Risk

Insurance giant Anthem has effectively scared off possible victims of a 2015 data breach by asking them to examine their personal computers for evidence that their own shoddy security was to blame for their information falling into the hands of criminals.

Some of the affected Anthem customers sued for damages which they say resulted from the breach, but then they withdrew their suits after Anthem got a court order allowing them to examine customer breaches.

The examiners would be looking only for evidence that their credentials or other personal data had been stolen even before the Anthem hack ever took place, according to a blog by Chad Mandell, an attorney at LeClairRyan.

“If that proved to be true, it would call into question whether the plaintiffs’ alleged injuries had truly been caused by the Anthem hack,” he writes. In other words, they failed to properly secure their personal devices, so the damages they suffered might have been their own fault, not Anthem’s.

After the forensic exams were ordered, several of those who filed suit asked the judge to drop their complaints, either because they suspected Anthem would find evidence the data was lost before the breach or because they didn’t want to submit to having their PCs snooped. Or perhaps they just didn’t want the inconvenience of giving up use of their machines for the duration of the search.

Regardless, it proved an effective legal strategy for Anthem. If just a few of those who sue walk away, it still means fewer possible payouts.

And it points out how difficult it is to prove that personal data used by criminals was stolen in a particular breach. Yes, the victim’s information was exploited, but how it got into the hands of the criminals is not so easily determined.

It might be argued that seeking forensic analysis of victim’s computers could help set a lower bar for corporate security. Why should a company offer stronger protection for their customers than the customers provide for themselves? Given that not all customers practice poor cyber defense of their own computers, that argument probably won’t fly.

But as Mandell notes, those customers who demanded perfect security from Anthem might have been asking too much. “As a result, one has to wonder whether they had reasonable expectations regarding their personal privacy to begin with,” he writes. “In suing Anthem, were the customers seeking to hold the company to an almost impossible standard?”

NetworkWorld

You Might Also Read:

Anthem failed to encrypt data prior to cyber-attack:

Cybersecurity Breaches Cost UK Businesses Close To £30bn Last Year:

Cyber Insurance: 7 Questions To Ask:

Why SMEs Need Cyber Insurance:

Insurance & Cyber Vulnerability - Get Your Report for 2016:

 


 

« Half Of All Canadian Businesses Hacked
French State Hackers Get Ready For Cyber Warfare »

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Borwell

Borwell

Borwell delivers secure software and IT solutions, including cyber security, to UK Government departments as well as UK corporations and many SMEs.

Vera Security

Vera Security

Vera is a data security platform that provides 360-degree visibility and control over critical business data, anywhere it's shared or stored.

Dionach

Dionach

Dionach are a certified information security specialists who provide Penetration Testing, IT Security Auditing and Information Security Consultancy.

inBay Technologies

inBay Technologies

inBay Technologies' idQ Trust as a Service (TaaS) is a unique and innovative SaaS that eliminates the need for user names and passwords.

GeoLang

GeoLang

GeoLang’s Ascema platform protects sensitive information at the content level by identifying, classifying and tracking data across the corporate infrastructure.

Dreamlab Technologies

Dreamlab Technologies

Dreamlab specialises in securing critical IT infrastructures. We offer qualitative support and advice for managing your infrastructure and cyber security needs.

Greenetics Solutions

Greenetics Solutions

Greenetics Solutions is a company focused on providing solutions for information security.

Loki Labs

Loki Labs

Loki Labs provides expert cyber security solutions and services, including vulnerability assessments & penetration testing, emergency incident response, and managed security.