Cybersecurity Insurance: Has It's Time Come?

Data Breach Today

As the cyberthreat landscape grows exponentially more complicated, the insurance industry is trying to keep pace. Yet, many organizations still lack cybersecurity insurance.

Insurer CNA Disconnects Systems After 'Cybersecurity Attack'

Data Breach Today

Investigation Continues; Law Enforcement Notified Insurance provider CNA reported Tuesday it was victimized over the weekend by a "cybersecurity attack" that caused a network disruption and impacted certain systems, including corporate email

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Insurance and Ransomware

Schneier on Security

Here’s one more contribution to that issue: a research paper that the insurance industry is hurting more than it’s helping. Although it is a societal problem, cyber insurers have received considerable criticism for facilitating ransom payments to cybercriminals.

On Cybersecurity Insurance

Schneier on Security

Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Cyber insurance appears to be a weak form of governance at present. However, the cost of external response services is covered, which suggests insurers believe ex-post responses to be more effective than ex-ante mitigation.

Resilience CEO on White House Meeting, Cyber Insurance

Data Breach Today

25, President Joe Biden invited about 25 technology, insurance, finance and education executives to the White House to discuss pressing cybersecurity issues such as supply chain and critical infrastructure. Vishaal Hariprasad Also Address How Ransomware Is Changing Security On Aug.

Cybersecurity Insurance

Schneier on Security

Good article about how difficult it is to insure an organization against Internet attacks, and how expensive the insurance is. Typically in insurance we use the past as prediction for the future, and in cyber that's very difficult to do because no two incidents are alike," said Lori Bailey, global head of cyberrisk for the Zurich Insurance Group. In my new book -- out in September -- I write: There are challenges to creating these new insurance products.

The Double-Edged Sword of Cybersecurity Insurance

Dark Reading

With ransomware on the rise, more organizations are opting to purchase cyber insurance -- tipping off criminals about how much to demand for access back to pilfered systems and data

Cybersecurity Insurance Not Paying for NotPetya Losses

Schneier on Security

This will complicate things: To complicate matters, having cyber insurance might not cover everyone's losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S. I get that $100 million is real money, but the insurance industry needs to figure out how to properly insure commercial networks against this sort of thing. cybersecurity hacking insurance malware ransomware russia war

Cyber Insurers Pull Back Amid Increase in Cyber Attacks, Costs

eSecurity Planet

The explosion of ransomware and similar cyber incidents along with rising associated costs is convincing a growing number of insurance companies to raise the premiums on their cyber insurance policies or reduce coverage, moves that could further squeeze organizations under siege from hackers.

Insurance firm CNA discloses data breach after March ransomware attack

Security Affairs

Insurance giant CNA notifies customers of a data breach after the Phoenix CryptoLocker ransomware attack suffered in March. US insurance giant CNA is notifying customers of a data breach after the ransomware attack that it suffered in March.

First American Title Insurance Co. Faces Charges in NY

Data Breach Today

Company Could Be Fined $1,000 for Each Violation of State Cybersecurity Law The New York State Department of Financial Services has filed civil charges against First American Title Insurance Co.,

Insurer AXA to Stop Paying for Ransomware Crime Payments in France via Insurance Journal

IG Guru

surpassed France last year in damage from ransomware to businesses, hospitals, schools and local governments, according to the cybersecurity firm Emsisoft, estimating France’s related overall losses at more than $5.5

Cyber Insurance: Benefits and Pitfalls

Data Breach Today

Martin Overton on What to Look for in an Effective Cyber Policy Martin Overton has worked both in cybersecurity and insurance, so he has a unique perspective on cyber insurance - the genuine benefits as well as the potential pitfalls. He shares tips on what to seek in an effective policy

Do Ransomware Attackers Single Out Cyber Insurance Holders?

Data Breach Today

Security Experts Express Skepticism That Criminals Would Bother Do criminal organizations prefer to target organizations that hold cyber insurance policies? A ProPublica report suggests that because cyber insurance policyholders are more likely to pay ransoms, they're a more frequent target. But some cybersecurity experts have expressed skepticism

Major Israeli Insurance Company Hacked

Adam Levin

The personal information of thousands of Israeli citizens has been compromised as the result of a cyberattack on Shirbit, a leading insurance company. . The post Major Israeli Insurance Company Hacked appeared first on Adam Levin.

SMBs and Cyber Insurance – Third Certainty #27

Adam Levin

With the average cost of a data breach exceeding three million dollars, cyber insurance has become a necessity for SMBs. The post SMBs and Cyber Insurance – Third Certainty #27 appeared first on Adam Levin.

Insurers Collaborate on Cybersecurity Ratings

Dark Reading

A group of insurers will base rates and terms on whether customers purchase technology that has earned a stamp of approval

Cyber Insurance: The Myths and Realities

Data Breach Today

Beazley's Mark Singer Demystifies the Growing Industry It's one thing to plan for a cybersecurity incident, but quite another to have proper insurance coverage to prepare for such an event. Mark Singer of Beazley shares an overview of the cyber insurance myths and realities

NAIC Insurance Data Security Law Annual Certifications: Is Yours Due By February 15?

Data Matters

Most cybersecurity professionals are aware of the New York Department of Financial Service’s requirement imposed on DFS-licensed entities to certify their cybersecurity program’s compliance on an annual basis (by April 15th of each year), but less well known is that numerous other states impose similar requirements on regulated insurance entities and that deadline for many states is coming up on February 15, 2021.

Two Years on from GDPR: Has It Driven Growth in Cybersecurity Insurance?

Dark Reading

Whilst GDPR has put the spotlight on data privacy and cyber issues, there are other more prominent trends that are driving a greater take-up of cyber insurance, says Ben Maidment, Class Underwriter - Cyber, Physical & Technology at Brit Insurance

17 Cybersecurity Products the Cyber Insurance Industry Says Are Worthwhile via Claims Journal

IG Guru

Insurance broker Marsh has unveiled the inaugural class of cybersecurity products and services receiving a Cyber Catalyst designation that is part of an evaluation program its backers hope will bring greater clarity in the crowded cybersecurity marketplace. Cyber Catalyst by Marsh, launched earlier this year, convened cyber insurers Allianz, AXIS, AXA XL, Beazley, CFC, Munich […].

8 Top Cyber Insurance Vendors

eSecurity Planet

Cyber insurance is one more way to manage cybersecurity risk. Here are the top cyber insurance vendors that can help

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

2 announcing a Cyber Insurance Risk Framework (the Framework) that describes industry best practices for New York-regulated property/casualty insurers. Lacewell stated that cybersecurity is the biggest risk for government and private organizations and described how the Framework is based on “extensive dialogue with industry and experts.”. Insurers should: Establish a Formal Cyber Insurance Risk Strategy. Rigorously Measure Insured Risk.

Arthur J. Gallagher (AJG) insurance giant discloses ransomware attack

Security Affairs

Gallagher (AJG) insurance giant disclosed a ransomware attack, the security breach took place on Saturday. Gallagher (AJG) global insurance brokerage firm confirmed that it was his with a ransomware attack on Saturday, September 26. US-based Arthur J.

GUEST ESSAY: Cyber insurance 101 — for any business operating in today’s digital environment

The Last Watchdog

To help mitigate the risk of financial losses, more companies are turning to cyber insurance. Related: Bots attack business logic Cyber insurance, like other forms of business insurance, is a way for companies to transfer some of numerous potential liability hits associated specifically with IT infrastructure and IT activities. Some coverage is inherently added to any cyber insurance policy.

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Hunton Privacy

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. 2 (2021) regarding “Cyber Insurance Risk Framework” (the “Guidelines”), calling on insurers to take more stringent measures in underwriting cyber risks. sought coverage for expenses under its property insurance policy.

Microsoft, Google Among Tech Giants Pledging Big Money to Cybersecurity

eSecurity Planet

The president also launched a 100-day effort to improve cybersecurity in the electrical industry and ordered a framework be developed to improve software security. The post Microsoft, Google Among Tech Giants Pledging Big Money to Cybersecurity appeared first on eSecurityPlanet.

Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

Hunton Privacy

New cybersecurity rules for insurance companies licensed in South Carolina are set to take effect in part on January 1, 2019. The new law is the first in the United States to be enacted based on the data security model law drafted by the National Association of Insurance Commissioners. Separately, effective July 1, 2019, the law requires insurance companies licensed in South Carolina to develop and implement a comprehensive, written cybersecurity program.

A Lawyer's Guide to Cyber Insurance: 4 Basic Tips

Dark Reading

The time to read the fine print in your cybersecurity insurance policy is before you sign on the dotted line

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. By doing so, Ohio joins South Carolina as the second state to have adopted the Model Law and the fourth state – along with Connecticut and New York – to have enacted cybersecurity regulations for insurance companies. This means all insurers, agencies, and brokers doing business in Ohio are covered.

Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 28, 2018, Michigan adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the form of Michigan H.B. By doing so, Michigan joins Ohio and South Carolina as the third state to adopt the Model Law and the fifth state – along with Connecticut and New York – to have enacted cybersecurity regulations focused on insurance companies. Exclusive State Cybersecurity Standards.

New Hampshire Governor Signs Insurance Data Security Law

Hunton Privacy

On August 2, 2019, New Hampshire Governor Chris Sununu signed into law SB 194 (the “Bill”), which requires insurers licensed in the state (“licensees”) to put in place data security programs and report cybersecurity events. Licensees must maintain records concerning all cybersecurity events for a period of at least five years from the date of the cybersecurity event. The state insurance commissioner may take “necessary or appropriate” action to enforce the new law.

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. The entering into effect of multiple state laws in this area may present challenges for insurance providers operating in states where such cybersecurity requirements are provided for.

South Carolina’s Insurance Cybersecurity Law Takes Effect in 2019

Adam Levin

South Carolina became the first state to pass a law requiring all insurance entities to create and maintain a cybersecurity and data breach response program. . Among the law’s provisions is a requirement to notify the state government within 72 hours in the event of a breach or cybersecurity event affecting 250 or more people, the protection of policyholder’s personally identifiable information, and an annual statement detailing their breach response plan. .

South Carolina Becomes the First State to Enact the National Association of Insurance Commissioners (NAIC) Insurance Data Security Model Law

Data Matters

In October 2017, the National Association of Insurance Commissioners (NAIC) adopted an Insurance Data Security Model Law. According to NAIC’s news release announcing this development, the Model Law was meant to build on the organization’s cybersecurity progress and create a “platform that enhances our mission of protecting consumers.” (For more information on the development of the Model Law, see our prior coverage.) .

Hunton Insurance Head Comments on Hotel Data Breach Coverage Dispute

Hunton Privacy

As reported on the Insurance Recovery Blog , Hunton Andrews Kurth insurance practice head Walter Andrews recently commented to the Global Data Review regarding the infirmities underlying an Orlando, Florida federal district court’s ruling that an insurer does not have to defend its insured for damage caused by a third-party data breach. To me, it’s clear that there were two reasonable interpretations of the insurance policy here.”.

Insurers' innovations face cybersecurity threats

Information Management Resources

Security must be at the table when working on new initiatives in order to minimize risk and ensure trust, says Accenture. Cyber security

Could digital fax be a secret weapon for cybersecurity in financial services?

OpenText Information Management

In fact, research shows that financial services firms are over 300 times more … The post Could digital fax be a secret weapon for cybersecurity in financial services? Fax Banking & Insurance financial services fax RightFax fax2mail XM Fax

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

Security Affairs

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. Group-IB, an international company that specializes in preventing cyber attacks, and a Swiss insurance broker ASPIS SA that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges cybersecurity, allowing the exchanges’ clients to ensure their assets.

SEC Continues Focus on Cybersecurity Disclosure Failures, Announces Settled Charges Against Pearson plc

Data Matters

2 The SEC’s Pearson Order follows its June 2021 announcement that it had settled charges against First American Title Insurance Company (First American) for cybersecurity disclosure control failures. Cybersecurity Enforcement SEC