On Cybersecurity Insurance

Schneier on Security

Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Cyber insurance appears to be a weak form of governance at present. However, the cost of external response services is covered, which suggests insurers believe ex-post responses to be more effective than ex-ante mitigation.

Cybersecurity Insurance

Schneier on Security

Good article about how difficult it is to insure an organization against Internet attacks, and how expensive the insurance is. Typically in insurance we use the past as prediction for the future, and in cyber that's very difficult to do because no two incidents are alike," said Lori Bailey, global head of cyberrisk for the Zurich Insurance Group. In my new book -- out in September -- I write: There are challenges to creating these new insurance products.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Cybersecurity Insurance Not Paying for NotPetya Losses

Schneier on Security

This will complicate things: To complicate matters, having cyber insurance might not cover everyone's losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S. I get that $100 million is real money, but the insurance industry needs to figure out how to properly insure commercial networks against this sort of thing. cybersecurity hacking insurance malware ransomware russia war

Cybersecurity Insurance: How Underwriting Is Changing

Data Breach Today

Cybersecurity insurers, faced with growing demand, are looking for new ways to better measure their risks, says Aleksandr Yampolskiy, CEO of SecurityScorecard. So some are moving toward more carefully scrutinizing the cybersecurity postures of their potential clients

SMBs and Cyber Insurance – Third Certainty #27

Adam Levin

With the average cost of a data breach exceeding three million dollars, cyber insurance has become a necessity for SMBs. The post SMBs and Cyber Insurance – Third Certainty #27 appeared first on Adam Levin.

Two Years on from GDPR: Has It Driven Growth in Cybersecurity Insurance?

Dark Reading

Whilst GDPR has put the spotlight on data privacy and cyber issues, there are other more prominent trends that are driving a greater take-up of cyber insurance, says Ben Maidment, Class Underwriter - Cyber, Physical & Technology at Brit Insurance

Cyber Insurance: Benefits and Pitfalls

Data Breach Today

Martin Overton on What to Look for in an Effective Cyber Policy Martin Overton has worked both in cybersecurity and insurance, so he has a unique perspective on cyber insurance - the genuine benefits as well as the potential pitfalls. He shares tips on what to seek in an effective policy

Do Ransomware Attackers Single Out Cyber Insurance Holders?

Data Breach Today

Security Experts Express Skepticism That Criminals Would Bother Do criminal organizations prefer to target organizations that hold cyber insurance policies? A ProPublica report suggests that because cyber insurance policyholders are more likely to pay ransoms, they're a more frequent target. But some cybersecurity experts have expressed skepticism

8 Top Cyber Insurance Vendors

eSecurity Planet

Cyber insurance is one more way to manage cybersecurity risk. Here are the top cyber insurance vendors that can help

Insurers Collaborate on Cybersecurity Ratings

Dark Reading

A group of insurers will base rates and terms on whether customers purchase technology that has earned a stamp of approval

Cyber Insurance: The Myths and Realities

Data Breach Today

Beazley's Mark Singer Demystifies the Growing Industry It's one thing to plan for a cybersecurity incident, but quite another to have proper insurance coverage to prepare for such an event. Mark Singer of Beazley shares an overview of the cyber insurance myths and realities

17 Cybersecurity Products the Cyber Insurance Industry Says Are Worthwhile via Claims Journal

IG Guru

Insurance broker Marsh has unveiled the inaugural class of cybersecurity products and services receiving a Cyber Catalyst designation that is part of an evaluation program its backers hope will bring greater clarity in the crowded cybersecurity marketplace. Cyber Catalyst by Marsh, launched earlier this year, convened cyber insurers Allianz, AXIS, AXA XL, Beazley, CFC, Munich […].

GUEST ESSAY: Cyber insurance 101 — for any business operating in today’s digital environment

The Last Watchdog

To help mitigate the risk of financial losses, more companies are turning to cyber insurance. Related: Bots attack business logic Cyber insurance, like other forms of business insurance, is a way for companies to transfer some of numerous potential liability hits associated specifically with IT infrastructure and IT activities. Some coverage is inherently added to any cyber insurance policy.

A Lawyer's Guide to Cyber Insurance: 4 Basic Tips

Dark Reading

The time to read the fine print in your cybersecurity insurance policy is before you sign on the dotted line

Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

Hunton Privacy

New cybersecurity rules for insurance companies licensed in South Carolina are set to take effect in part on January 1, 2019. The new law is the first in the United States to be enacted based on the data security model law drafted by the National Association of Insurance Commissioners. Separately, effective July 1, 2019, the law requires insurance companies licensed in South Carolina to develop and implement a comprehensive, written cybersecurity program.

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. By doing so, Ohio joins South Carolina as the second state to have adopted the Model Law and the fourth state – along with Connecticut and New York – to have enacted cybersecurity regulations for insurance companies. This means all insurers, agencies, and brokers doing business in Ohio are covered.

New Hampshire Governor Signs Insurance Data Security Law

Hunton Privacy

On August 2, 2019, New Hampshire Governor Chris Sununu signed into law SB 194 (the “Bill”), which requires insurers licensed in the state (“licensees”) to put in place data security programs and report cybersecurity events. Licensees must maintain records concerning all cybersecurity events for a period of at least five years from the date of the cybersecurity event. The state insurance commissioner may take “necessary or appropriate” action to enforce the new law.

Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 28, 2018, Michigan adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the form of Michigan H.B. By doing so, Michigan joins Ohio and South Carolina as the third state to adopt the Model Law and the fifth state – along with Connecticut and New York – to have enacted cybersecurity regulations focused on insurance companies. Exclusive State Cybersecurity Standards.

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. The entering into effect of multiple state laws in this area may present challenges for insurance providers operating in states where such cybersecurity requirements are provided for.

Hunton Insurance Head Comments on Hotel Data Breach Coverage Dispute

Hunton Privacy

As reported on the Insurance Recovery Blog , Hunton Andrews Kurth insurance practice head Walter Andrews recently commented to the Global Data Review regarding the infirmities underlying an Orlando, Florida federal district court’s ruling that an insurer does not have to defend its insured for damage caused by a third-party data breach. To me, it’s clear that there were two reasonable interpretations of the insurance policy here.”.

South Carolina’s Insurance Cybersecurity Law Takes Effect in 2019

Adam Levin

South Carolina became the first state to pass a law requiring all insurance entities to create and maintain a cybersecurity and data breach response program. . Among the law’s provisions is a requirement to notify the state government within 72 hours in the event of a breach or cybersecurity event affecting 250 or more people, the protection of policyholder’s personally identifiable information, and an annual statement detailing their breach response plan. .

South Carolina Becomes the First State to Enact the National Association of Insurance Commissioners (NAIC) Insurance Data Security Model Law

Data Matters

In October 2017, the National Association of Insurance Commissioners (NAIC) adopted an Insurance Data Security Model Law. According to NAIC’s news release announcing this development, the Model Law was meant to build on the organization’s cybersecurity progress and create a “platform that enhances our mission of protecting consumers.” (For more information on the development of the Model Law, see our prior coverage.) .

Insurers' innovations face cybersecurity threats

Information Management Resources

Security must be at the table when working on new initiatives in order to minimize risk and ensure trust, says Accenture. Cyber security

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

Security Affairs

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. Group-IB, an international company that specializes in preventing cyber attacks, and a Swiss insurance broker ASPIS SA that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges cybersecurity, allowing the exchanges’ clients to ensure their assets.

HHS Releases Cybersecurity Guidance for Healthcare Organizations

Data Matters

Department of Health and Human Services (HHS) released a four-volume cybersecurity guidance document for healthcare organizations. The publication, “ Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients ” (HICP), is the result of a government and industry collaboration mandated by the Cybersecurity Act of 2015. The HICP next sets forth 10 cybersecurity practices designed to help mitigate these threats. On December 28, 2018, the U.S.

Adventures in cyber litigation: Frozen crypto-assets and the role of cyber insurance

Data Protection Report

Given the level of interest in the case, we have prepared a deeper-dive into the facts and the implications of the decision, with a focus on the important role played in the case by cyber insurance. To protect against this exposure and mitigate the impact of adverse cyber incidents, insurance companies have developed cyber cover – a modular insurance product covering a range of losses such as liability for damages, legal and PR costs, and ransom payments.

NYDFS Files First Cybersecurity Enforcement Action

Hunton Privacy

On Wednesday, July 22, the New York Department of Financial Services (the “NYDFS”) announced that it had filed administrative charges against First American Title Insurance Co. under the NYDFS Cybersecurity Regulation , marking the agency’s first enforcement action since the rules went into effect in March 2017. follow the recommendations of First American’s internal cybersecurity team to conduct further investigation into the vulnerability. Cybersecurity Security Breach U.S.

Insurance blockchain consortium RiskBlock adds 12 members, cybersecurity tools

Information Management Resources

The group now has 30 insurance carrier members working on distributed-ledger tech solutions for the industry. Blockchain Analytics Customer service Travelers

Hunton Privacy and Insurance Leaders Address Prevention and Insurability of Cyber Attacks

Hunton Privacy

Whether the issue is prevention or risk mitigation, cybersecurity should be at the top of the corporate agenda. There is no question that cybersecurity is a top priority for C-suites and boards. Cyber Insurance Cybersecurity Events Federal Bureau of Investigation Liability Lisa Sotto Privacy

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act). The Regulation and the Act both contain prescriptive cybersecurity requirements and new breach notification obligations for regulated organizations.

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (Cybersecurity Regulation or Regulation). The NYDFS Cybersecurity Regulation. Cybersecurity Data Breaches DFS Enforcement U.S.

Cybersecurity Incident Highlights Questions about Cyber Insurance Coverage

Hunton Privacy

The incident raises some issues for cyber insurance. That the incident occurred over several months suggests that trigger dates for cyber insurance be examined. Further, corporate mergers and acquisitions can complicate not only network security but insurance coverage as well. Thus, corporate transactions may be a time not only for evaluating information security risks, but for determining whether existing insurance extends to those exposures.

New cybersecurity requirements challenge New York state’s insurers

Information Management Resources

Carriers that write policies in New York state are facing a key deadline to comply with the state’s strict new cybersecurity requirements. Cyber security

Cyber Insurance: Addressing Your Risks and Liabilities

Hunton Privacy

After a number of high-profile data breaches, corporate cybersecurity is facing increased scrutiny and attention from consumers, the government and the public. In a webinar, entitled Cyber Insurance: Addressing Your Risks and Liabilities , hosted by Hunton & Williams LLP and CT , Hunton & Williams partners Lon A. Cyber Insurance Cybersecurity Multimedia Resources Security Breach Consumer Protection Lisa Sotto

NYDFS Cybersecurity Regulation: Additional Cybersecurity Program Safeguards Due September 4, 2018

Data Matters

Companies subject to New York’s Cybersecurity Regulation are acting quickly to finalize their compliance obligations as the fifth “due date,” September 4, 2018, quickly approaches. The NYDFS Cybersecurity Regulation (published at 23 NYCRR 500.01) sets forth the minimum requirements for NYDFS-regulated entities to address cybersecurity risks. They also became obligated to report cybersecurity events to the NYDFS.

Tesco Bank Hack Illustrates Need for Robust Cyber Insurance

Hunton Privacy

As reported on the Insurance Recovery blog , earlier this week, retailer Tesco Plc’s (“Tesco”) banking branch reported that £2.5 Even that very substantial expenditure was not enough, however, to prevent the recent hack, illustrating the need for robust cyber insurance as a component of any comprehensive cyber protection program. Cyber Insurance Cybersecurity Financial Privacy Security Breach Consumer Protection Insurance Provider United Kingdom

Webinar on the SAFETY Act, Security and Insurance

Hunton Privacy

A SAFETY Act designation or certification complements a company’s traditional insurance policies to mitigate the potential liabilities from a cyber or physical attack. We also will provide key suggestions on how to structure an insurance program to avoid gaps and pitfalls in today’s interconnected economy. Cybersecurity Events Anti-terrorism Congress Department of Homeland SecurityRecent headlines underscore the security challenges faced by public-facing businesses.

WEBINAR – COVID-19 – European and U.S. Cybersecurity Issues: Preventing and Responding to Cyber Incidents

Data Matters

cybersecurity and cyber risk insurance issues. The COVID-19 global pandemic presents unique legal and practical challenges for companies across all industries, including with respect to cybersecurity risks and protections. Key topics to include: Key cybersecurity risks arising from remote and home working, weakening of information governance controls, and phishing/scams focused on COVID-19 anxieties.

Insurers’ role will be critical in improving cybersecurity standards

CGI

Insurers’ role will be critical in improving cybersecurity standards. The rise in the cost of cyber breaches and the increase in reported incidents are driving greater demand for cybersecurity insurance, as is the growing number of cyber-related exclusions being put into Directors and Officers (D&O) liability insurance and Professional Indemnity (PI) insurance. Other insurers are accepting the risks and aggressively entering the market to become dominant.

Risk 40

MY TAKE: NIST Cybersecurity Framework has become a cornerstone for securing networks

The Last Watchdog

If your company is participating in the global supply chain, either as a first-party purchaser of goods and services from other organizations, or as a third-party supplier, sooner or later you’ll encounter the NIST Cybersecurity Framework. I had the chance at RSA 2019 to visit with George Wrenn, founder and CEO of CyberSaint Security , a cybersecurity software firm that plays directly in this space. That could be for insurance purposes. “As