The Double-Edged Sword of Cybersecurity Insurance

Dark Reading

With ransomware on the rise, more organizations are opting to purchase cyber insurance -- tipping off criminals about how much to demand for access back to pilfered systems and data

Major Israeli Insurance Company Hacked

Adam Levin

The personal information of thousands of Israeli citizens has been compromised as the result of a cyberattack on Shirbit, a leading insurance company. . The post Major Israeli Insurance Company Hacked appeared first on Adam Levin.


Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: Skeptical about buying life insurance online? Here’s how to do it — securely

The Last Watchdog

Purchasing life insurance once meant going to an insurer’s office or booking an appointment with an insurance agent. Today’s generation is used to getting everything done fast and easy, so life insurance providers had to get with the times and cover all customers’ needs and requirements. Now everyone has the possibility to purchase life insurance from the comfort of their home by simply going online and looking for the policies that will fit their needs.

First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records

Krebs on Security

The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. based First American is a leading provider of title insurance and settlement services to the real estate and mortgage industries. “Closing agencies are supposed to be the only neutral party that doesn’t represent someone else’s interest, and you’re required to have title insurance if you have any kind of mortgage,” Shoval said.

Expanding Through M&A in the Insurance Industry

Perficient Data & Analytics

M&A is always on the table, as it can provide quicker access to more customers through geographic expansion, as well as new business lines and capabilities. Yet even as insurance companies lean on M&A for growth, every insurance company requires a more comprehensive program to achieve its growth targets. — To learn what else is driving growth, productivity, and efficiency, download our new guide: 2018 State of the Insurance Industry.

Arron Banks, the insurers and my strange data trail

The Guardian Data Protection

Carole Cadwalladr just wanted to insure her car. In fact, I had no idea about either the question or the answer when I submitted a “subject access request” to Eldon Insurance Services in December last year. And the subject access request – a legal mechanism I’d learned about from Paul-Olivier Dehaye, a Swiss mathematician and data expert – was a shot in the dark.

Attracting and Cultivating Customers in the Insurance Industry

Perficient Data & Analytics

In a digital and mobile era, insurance companies must cater to customers’ demands and expectations by providing fast and frequent communication, access to more digestible and transparent information, and, of course, convenience. — To learn what else is driving growth, productivity, and efficiency, download our new guide: 2018 State of the Insurance Industry.

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. By doing so, Ohio joins South Carolina as the second state to have adopted the Model Law and the fourth state – along with Connecticut and New York – to have enacted cybersecurity regulations for insurance companies. This means all insurers, agencies, and brokers doing business in Ohio are covered.

New Hampshire Governor Signs Insurance Data Security Law

Hunton Privacy

On August 2, 2019, New Hampshire Governor Chris Sununu signed into law SB 194 (the “Bill”), which requires insurers licensed in the state (“licensees”) to put in place data security programs and report cybersecurity events. In addition, each insurer domiciled in the state must submit an annual written statement by March 1 that certifies that the insurer is in compliance with the requirements set forth. Cyber Insurance Cybersecurity Information Security U.S.

Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 28, 2018, Michigan adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the form of Michigan H.B. By doing so, Michigan joins Ohio and South Carolina as the third state to adopt the Model Law and the fifth state – along with Connecticut and New York – to have enacted cybersecurity regulations focused on insurance companies. This means all insurers, agencies, and brokers doing business in Michigan are covered.

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

Security Affairs

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. Group-IB, an international company that specializes in preventing cyber attacks, and a Swiss insurance broker ASPIS SA that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges cybersecurity, allowing the exchanges’ clients to ensure their assets.

Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

Hunton Privacy

New cybersecurity rules for insurance companies licensed in South Carolina are set to take effect in part on January 1, 2019. The new law is the first in the United States to be enacted based on the data security model law drafted by the National Association of Insurance Commissioners. Separately, effective July 1, 2019, the law requires insurance companies licensed in South Carolina to develop and implement a comprehensive, written cybersecurity program.

[Podcast] Transforming How Mortgage Insurance Applications Are Processed


mortgage firm fundamentally transform the way mortgage insurance applications are processed, eliminating paper in favor of a completely digital workflow. Click here to access our full library of episodes. There may be no other industry that could benefit more from automation than the mortgage banking industry. This industry is full of time-consuming, error-prone, and paper and labor-intensive processes, all perfectly-suited for automation.

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

So why hasn’t the corporate sector been more effective at locking down access for users? based supplier of identity access management (IAM) systems, which recently announced a partnership with Omada, a Copenhagen-based provider of identity governance administration (IGA) solutions. Here are takeaways from our fascinating discussion: Access pain points.

Access 143

Hackers access healthcare, personal info from Toyota entity

Information Management Resources

Hackers accessed information systems at Toyota Industries North America, compromising personal and protected health information. Data breaches Cyber security Hacking Protected health information Insurance HIPAA regulations

Unemployment Insurance Fraud and Identity Theft: Up Close and Personal

Lenny Zeltser

The most likely way in which you’ll learn that you’ve fallen victim to the identity theft-based unemployment insurance scam is by receiving an unsolicited debit card in the mail. The only anomaly I noticed in my account was that when attempted to access the unemployment area, the system presented an error, stating that I used a different username to file a claim.

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

Iran-linked APT group Pioneer Kitten is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers. According to a report published by Crowdstrike, the group is now trying to sell access to some to compromised companies on a cybercrime forum.

The Evolution of Health IT is Affecting How People Think of Benefits and Insurance


The healthcare industry has increased access to health services and patient data with advances in health IT. These advances are impacting insurance benefit offerings. News Amazon healthcare industry insurance benefit offeringsOne example is with recent Amazon Alexa updates where PHI can be communicated through Alexa in a HIPAA compliant way. Read more here.

Off-Site Storage for Insurance Companies

Armstrong Archives

Your insurance company has been collecting and storing consumer data for as long as it’s been in business. If you provide medical insurance, the documents you collect are high-value targets for criminals. If you provide other types of insurance like auto and property protection, you might have documentation of your clients’ credit history, driving record and financial assets in addition to their personal identification data.

Data of 75,000 at risk after breach of federal insurance exchanges

Information Management Resources

The Centers for Medicare and Medicaid Services is reporting unauthorized access to consumer data in systems that support federal insurance exchanges. Data breaches Cyber security Data security Federal health insurance exchanges

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. The entering into effect of multiple state laws in this area may present challenges for insurance providers operating in states where such cybersecurity requirements are provided for.

Access to over 3,000 compromised sites sold on Russian black marketplace MagBo

Security Affairs

Security experts at Flashpoint discovered the availability of the access to over 3,000 compromised sites sold on Russian black marketplace MagBo. A new report published by researchers at Flashpoint revealed the availability on an underground hacking forum for Russian-speaking users of access to over 3,000 breached websites. “Access to approximately 3,000 breached websites has been discovered for sale on a Russian-speaking underground marketplace called MagBo.

How Cyber Essentials can help secure your access controls

IT Governance

This blog covers access controls. Deficient access controls result in security breaches. Any organisation whose employees connect to the Internet needs some level of access control in place. Access controls authenticate and authorise individuals to obtain information that they are permitted to see and use. Secure your access controls. Put simply, access control is a selective restriction of access to data. Reduce cyber insurance premiums.

Adventures in cyber litigation: Frozen crypto-assets and the role of cyber insurance

Data Protection Report

Given the level of interest in the case, we have prepared a deeper-dive into the facts and the implications of the decision, with a focus on the important role played in the case by cyber insurance. To protect against this exposure and mitigate the impact of adverse cyber incidents, insurance companies have developed cyber cover – a modular insurance product covering a range of losses such as liability for damages, legal and PR costs, and ransom payments.

Hackers access patient data at Oklahoma State facility

Information Management Resources

Hacking Protected health information Data breaches Cyber security InsuranceInformation of 279,865 individuals may have been exposed during the November 2017 attack.

Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M

Krebs on Security

Now the financial institution is suing its insurance provider for refusing to fully cover the losses. The email allowed the intruders to install malware on the victim’s PC and to compromise a second computer at the bank that had access to the STAR Network , a system run by financial industry giant First Data that the bank uses to handle debit card transactions for customers. Everest National Insurance Company did not respond to requests for comment.

If a Data Breach Occurs and Nobody Accesses Customer Data, Does it Constitute “Publication”?

Hunton Privacy

As reported on the Hunton Insurance Recovery Blog , data breach claims involving customer data can present an ever-increasing risk for companies across all industries. A panel of the Fourth Circuit confirmed that general liability policies can afford coverage for cyber-related liabilities, and ruled that an insurer had to pay attorneys’ fees to defend the policyholder in class action litigation in Travelers Indemnity Company v.

China Insurance Regulatory Agency Promulgates New Rule Protecting Personal Data of Life Insurance Customers

Hunton Privacy

On November 4, 2013, the China Insurance Regulatory Commission, which is the Chinese regulatory and administrative authority for the insurance sector, issued the Interim Measures for the Management of the Authenticity of Information of Life Insurance Customers (the “Measures”). The Measures require life insurance companies and their agents to ensure the authenticity of personal data of life insurance policy holders.

Traditional Insurance Policies May Cover Cyber Risks

Hunton Privacy

Hunton & Williams Insurance Litigation & Counseling partner Lon Berk reports: Insurers often contend that traditional policies do not cover cyber risks, such as malware attacks and data breach events. Indeed, injecting malware generally requires physical access to a device, whether over a wireless or wired network or through actual contact, and a physical rearrangement of memory. Those polices may offer protection, even without a separate cyber insurance policy.

Auto claims leans into AI, automation

Information Management Resources

Farmers and other carriers are engaging and empowering their customers’ self-service lifestyle and thirst for real-time access to information. Claims Auto insurance Telematics Farmers Insurance

Legendary Help: Helping Travelers Stay Safe

Rocket Software

Travel insurance can give travelers some assurance that, if something does go wrong, they have resources that can help them receive medical attention, stay safe, and return home. . They also needed to maintain access to relevant documents in the legacy system after migration. .

“An act of war”: Zurich American refuses to pay out on cyber insurance policy following NotPetya attack

IT Governance

US food giant Mondelez is suing insurance company Zurich American for denying a $100 million (£76 million) claim filed after the NotPetya attack. In that regard, it was a job well done, with one report estimating that insurers could expect to pay out more than $80 billion (£61 billion) as a result of the attack. However, the insurer soon changed its mind, claiming an exclusion for “hostile and warlike action in time of peace and war [by] a government or sovereign power”.

New Payment Technologies Should Reduce Demand for Cyber Insurance

Hunton Privacy

Hunton & Williams Insurance Litigation & Counseling partner Lon Berk reports: As the demand for cyber insurance has skyrocketed, so too has the cost. New payment technologies, however, will change the need for this type of cyber insurance. the need for cyber insurance protecting retailers against point-of-sale malware should sharply drop. Cyber Insurance Cybersecurity Payment Card

Sales 40

Data analytics – how should insurers look to the future?


Data analytics – how should insurers look to the future? With a plethora of new data sources across the property and casualty (P&C) general insurance lifecycle now becoming available, how do insurers create an all-encompassing data analytics policy for the future? The opportunity for insurer intervention in policyholder’s day to day activities to prevent or mitigate a risk occurring is a reality. Tue, 09/12/2017 - 03:00.

Nationwide partners with Verisk Analytics on insurance fraud

Information Management Resources

Vendor’s technology searches for indicators as first notice of loss information comes in, giving users access to a business intelligence dashboard. Fraud prevention Claims Fraud losses Fraud detection Business intelligence Nationwide Verisk Analytics

Connecticut Insurance Department Issues Five-Day Breach Reporting Requirement

Hunton Privacy

On August 18, 2010, the Connecticut Insurance Department (the “Department”) issued Bulletin IC-25 , which requires entities subject to its jurisdiction to notify the Department in writing of any “information security incident” within five calendar days after an incident is identified. State Law Connecticut Consumer Protection Credit Monitoring Insurance Provider

State Farm Investigates Credential-Stuffing Attack

Data Breach Today

Not Yet Clear How Many Customers May Have Been Affected Insurer State Farm has been hit by a credential-stuffing attack designed to gain access to U.S. customers' online accounts, a company spokesperson confirms

Telstra warns public trust will crumble unless access to data is limited

The Guardian Data Protection

Telco says diverse agencies accessing data through legal loophole need to follow the same process as law enforcement bodies Telstra has warned that public trust in the security of their data will be eroded if government agencies continue to be allowed access to it without appropriate authorisation.

Maryland Court Finds Coverage for Lost Data and Slow Computers After Ransomware Attack

Hunton Privacy

As previously posted on our Hunton Insurance Recovery blog , a Maryland federal court awarded summary judgment to policyholder National Ink in National Ink and Stitch, LLC v. State Auto Property and Casualty Insurance Company , finding coverage for a cyber attack under a non-cyber insurance policy after the insured’s server and networked computer system were damaged as a result of a ransomware attack.

MassMutual Taps Into the Power of Data Science

Data Breach Today

Ariel Weintraub on Putting Data to Work in the SOC and IAM Ariel Weintraub joined MassMutual last fall to focus on putting data science to work to help improve the insurance company's security operations and identity and access management programs.