On Cybersecurity Insurance

Schneier on Security

Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Cyber insurance appears to be a weak form of governance at present.

Cybersecurity Insurance

Schneier on Security

Good article about how difficult it is to insure an organization against Internet attacks, and how expensive the insurance is. In my new book -- out in September -- I write: There are challenges to creating these new insurance products. There are two basic models for insurance.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Cybersecurity Insurance Not Paying for NotPetya Losses

Schneier on Security

This will complicate things: To complicate matters, having cyber insurance might not cover everyone's losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S.

Cybersecurity Insurance: How Underwriting Is Changing

Data Breach Today

Cybersecurity insurers, faced with growing demand, are looking for new ways to better measure their risks, says Aleksandr Yampolskiy, CEO of SecurityScorecard. So some are moving toward more carefully scrutinizing the cybersecurity postures of their potential clients

Cyber Insurance: Benefits and Pitfalls

Data Breach Today

Martin Overton on What to Look for in an Effective Cyber Policy Martin Overton has worked both in cybersecurity and insurance, so he has a unique perspective on cyber insurance - the genuine benefits as well as the potential pitfalls.

Cyber Insurance: The Myths and Realities

Data Breach Today

Beazley's Mark Singer Demystifies the Growing Industry It's one thing to plan for a cybersecurity incident, but quite another to have proper insurance coverage to prepare for such an event. Mark Singer of Beazley shares an overview of the cyber insurance myths and realities

Insurers Collaborate on Cybersecurity Ratings

Dark Reading

A group of insurers will base rates and terms on whether customers purchase technology that has earned a stamp of approval

17 Cybersecurity Products the Cyber Insurance Industry Says Are Worthwhile via Claims Journal

IG Guru

Insurance broker Marsh has unveiled the inaugural class of cybersecurity products and services receiving a Cyber Catalyst designation that is part of an evaluation program its backers hope will bring greater clarity in the crowded cybersecurity marketplace.

8 Top Cyber Insurance Vendors

eSecurity Planet

Cyber insurance is one more way to manage cybersecurity risk. Here are the top cyber insurance vendors that can help

GUEST ESSAY: Cyber insurance 101 — for any business operating in today’s digital environment

The Last Watchdog

To help mitigate the risk of financial losses, more companies are turning to cyber insurance. Related: Bots attack business logic Cyber insurance, like other forms of business insurance, is a way for companies to transfer some of numerous potential liability hits associated specifically with IT infrastructure and IT activities. Some coverage is inherently added to any cyber insurance policy.

A Lawyer's Guide to Cyber Insurance: 4 Basic Tips

Dark Reading

The time to read the fine print in your cybersecurity insurance policy is before you sign on the dotted line

Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

Hunton Privacy

New cybersecurity rules for insurance companies licensed in South Carolina are set to take effect in part on January 1, 2019. The new law is the first in the United States to be enacted based on the data security model law drafted by the National Association of Insurance Commissioners. Separately, effective July 1, 2019, the law requires insurance companies licensed in South Carolina to develop and implement a comprehensive, written cybersecurity program.

New Hampshire Governor Signs Insurance Data Security Law

Hunton Privacy

On August 2, 2019, New Hampshire Governor Chris Sununu signed into law SB 194 (the “Bill”), which requires insurers licensed in the state (“licensees”) to put in place data security programs and report cybersecurity events. Licensees must maintain records concerning all cybersecurity events for a period of at least five years from the date of the cybersecurity event. The state insurance commissioner may take “necessary or appropriate” action to enforce the new law.

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. By doing so, Ohio joins South Carolina as the second state to have adopted the Model Law and the fourth state – along with Connecticut and New York – to have enacted cybersecurity regulations for insurance companies. This means all insurers, agencies, and brokers doing business in Ohio are covered.

Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 28, 2018, Michigan adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the form of Michigan H.B. By doing so, Michigan joins Ohio and South Carolina as the third state to adopt the Model Law and the fifth state – along with Connecticut and New York – to have enacted cybersecurity regulations focused on insurance companies. Exclusive State Cybersecurity Standards.

Hunton Insurance Head Comments on Hotel Data Breach Coverage Dispute

Hunton Privacy

As reported on the Insurance Recovery Blog , Hunton Andrews Kurth insurance practice head Walter Andrews recently commented to the Global Data Review regarding the infirmities underlying an Orlando, Florida federal district court’s ruling that an insurer does not have to defend its insured for damage caused by a third-party data breach. To me, it’s clear that there were two reasonable interpretations of the insurance policy here.”.

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. The entering into effect of multiple state laws in this area may present challenges for insurance providers operating in states where such cybersecurity requirements are provided for.

South Carolina’s Insurance Cybersecurity Law Takes Effect in 2019

Adam Levin

South Carolina became the first state to pass a law requiring all insurance entities to create and maintain a cybersecurity and data breach response program. . Among the law’s provisions is a requirement to notify the state government within 72 hours in the event of a breach or cybersecurity event affecting 250 or more people, the protection of policyholder’s personally identifiable information, and an annual statement detailing their breach response plan. .

Insurers' innovations face cybersecurity threats

Information Management Resources

Security must be at the table when working on new initiatives in order to minimize risk and ensure trust, says Accenture. Cyber security

South Carolina Becomes the First State to Enact the National Association of Insurance Commissioners (NAIC) Insurance Data Security Model Law

Data Matters

In October 2017, the National Association of Insurance Commissioners (NAIC) adopted an Insurance Data Security Model Law. According to NAIC’s news release announcing this development, the Model Law was meant to build on the organization’s cybersecurity progress and create a “platform that enhances our mission of protecting consumers.” (For more information on the development of the Model Law, see our prior coverage.) .

Adventures in cyber litigation: Frozen crypto-assets and the role of cyber insurance

Data Protection Report

Given the level of interest in the case, we have prepared a deeper-dive into the facts and the implications of the decision, with a focus on the important role played in the case by cyber insurance. However, the involvement of the victim’s insurers has received less attention.

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

Security Affairs

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. Group-IB, an international company that specializes in preventing cyber attacks, and a Swiss insurance broker ASPIS SA that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges cybersecurity, allowing the exchanges’ clients to ensure their assets.

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

The Regulation and the Act both contain prescriptive cybersecurity requirements and new breach notification obligations for regulated organizations. In May 2019, NYDFS announced the creation of a Cybersecurity Division to enforce the Regulation.

HHS Releases Cybersecurity Guidance for Healthcare Organizations

Data Matters

Department of Health and Human Services (HHS) released a four-volume cybersecurity guidance document for healthcare organizations. The publication, “ Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients ” (HICP), is the result of a government and industry collaboration mandated by the Cybersecurity Act of 2015. The HICP next sets forth 10 cybersecurity practices designed to help mitigate these threats. On December 28, 2018, the U.S.

Insurance blockchain consortium RiskBlock adds 12 members, cybersecurity tools

Information Management Resources

The group now has 30 insurance carrier members working on distributed-ledger tech solutions for the industry. Blockchain Analytics Customer service Travelers

MY TAKE: NIST Cybersecurity Framework has become a cornerstone for securing networks

The Last Watchdog

If your company is participating in the global supply chain, either as a first-party purchaser of goods and services from other organizations, or as a third-party supplier, sooner or later you’ll encounter the NIST Cybersecurity Framework. That could be for insurance purposes. “As

Hunton Privacy and Insurance Leaders Address Prevention and Insurability of Cyber Attacks

Hunton Privacy

Whether the issue is prevention or risk mitigation, cybersecurity should be at the top of the corporate agenda. There is no question that cybersecurity is a top priority for C-suites and boards. Cyber Insurance Cybersecurity Events Federal Bureau of Investigation Liability Lisa Sotto Privacy

The Problem With the Small Business Cybersecurity Assistance Act

Security Affairs

The Small Business Cybersecurity Assistance Act may provide business owners with access to government-level tools to secure small business against attacks. Under the Small Business Cybersecurity Assistance Act, business owners could visit U.S.

New cybersecurity requirements challenge New York state’s insurers

Information Management Resources

Carriers that write policies in New York state are facing a key deadline to comply with the state’s strict new cybersecurity requirements. Cyber security

Cybersecurity Incident Highlights Questions about Cyber Insurance Coverage

Hunton Privacy

The incident raises some issues for cyber insurance. That the incident occurred over several months suggests that trigger dates for cyber insurance be examined. Further, corporate mergers and acquisitions can complicate not only network security but insurance coverage as well. Thus, corporate transactions may be a time not only for evaluating information security risks, but for determining whether existing insurance extends to those exposures.

NYDFS Cybersecurity Regulation: Additional Cybersecurity Program Safeguards Due September 4, 2018

Data Matters

Companies subject to New York’s Cybersecurity Regulation are acting quickly to finalize their compliance obligations as the fifth “due date,” September 4, 2018, quickly approaches. The NYDFS Cybersecurity Regulation (published at 23 NYCRR 500.01) sets forth the minimum requirements for NYDFS-regulated entities to address cybersecurity risks. They also became obligated to report cybersecurity events to the NYDFS.

Cyber Insurance: Addressing Your Risks and Liabilities

Hunton Privacy

After a number of high-profile data breaches, corporate cybersecurity is facing increased scrutiny and attention from consumers, the government and the public. In a webinar, entitled Cyber Insurance: Addressing Your Risks and Liabilities , hosted by Hunton & Williams LLP and CT , Hunton & Williams partners Lon A. Cyber Insurance Cybersecurity Multimedia Resources Security Breach Consumer Protection Lisa Sotto

WEBINAR – COVID-19 – European and U.S. Cybersecurity Issues: Preventing and Responding to Cyber Incidents

Data Matters

cybersecurity and cyber risk insurance issues. The COVID-19 global pandemic presents unique legal and practical challenges for companies across all industries, including with respect to cybersecurity risks and protections. Key topics to include: Key cybersecurity risks arising from remote and home working, weakening of information governance controls, and phishing/scams focused on COVID-19 anxieties.

Tesco Bank Hack Illustrates Need for Robust Cyber Insurance

Hunton Privacy

As reported on the Insurance Recovery blog , earlier this week, retailer Tesco Plc’s (“Tesco”) banking branch reported that £2.5 Even that very substantial expenditure was not enough, however, to prevent the recent hack, illustrating the need for robust cyber insurance as a component of any comprehensive cyber protection program. Cyber Insurance Cybersecurity Financial Privacy Security Breach Consumer Protection Insurance Provider United Kingdom

Webinar on the SAFETY Act, Security and Insurance

Hunton Privacy

A SAFETY Act designation or certification complements a company’s traditional insurance policies to mitigate the potential liabilities from a cyber or physical attack. We also will provide key suggestions on how to structure an insurance program to avoid gaps and pitfalls in today’s interconnected economy. Cybersecurity Events Anti-terrorism Congress Department of Homeland SecurityRecent headlines underscore the security challenges faced by public-facing businesses.

Insurers’ role will be critical in improving cybersecurity standards


Insurers’ role will be critical in improving cybersecurity standards. The rise in the cost of cyber breaches and the increase in reported incidents are driving greater demand for cybersecurity insurance, as is the growing number of cyber-related exclusions being put into Directors and Officers (D&O) liability insurance and Professional Indemnity (PI) insurance. Other insurers are accepting the risks and aggressively entering the market to become dominant.

Risk 40

Cyberinsurance and Acts of War

Schneier on Security

Zurich Insurance has refused to pay Mondelez International's claim of $100 million in damages from NotPetya. Those turning to cyber insurance to manage their exposure presently face significant uncertainties about its promise. Yet no cyber insurance policies cover this entire spectrum.

Risk 89

Cyber Insurance: Not Just for Data Protection

Hunton Privacy

President Obama’s Executive Order 13636 on Improving Critical Infrastructure Cybersecurity identified “insurance liability considerations” as an incentive that might improve security. Over the course of the year since the Executive Order was issued, there has been an increase in the marketing of cyber insurance products. Cyber Insurance Cybersecurity Liability Obama Administration

NYDFS Cybersecurity Regulations: First Annual Compliance Certification Due February 15, 2018

Data Matters

Companies that are subject to New York’s Cybersecurity Regulation are moving quickly to finalize their compliance obligations under the Cybersecurity Regulation, as the second “due date” quickly approaches – February 15, 2018. By August 28, 2017, Covered Entities were required to have a cybersecurity program in place, as well as a board (or senior officer) approved written cybersecurity policy and Chief Information Security Officer to help protect data and systems.

Zurich Insurance takes lead in developing insurtech cybersecurity regs

Information Management Resources

Carrier joins Citi, Kabbage, DTCC and HP in consortium to help fintech startups get better at data protection. Insurtech Cyber security Data security Customer data Kabbage Citigroup