Cyber Insurance: Higher Premiums, Limited Coverage

Data Breach Today

GAO Report Summarizes Market Trends The increasing number of cyberthreats, especially ransomware attacks, is leading some cyber insurers to raise premiums and limit some coverage in hard-hit sectors, such as healthcare and education, according to a report from the Government Accountability Office

Insurance and Ransomware

Schneier on Security

Here’s one more contribution to that issue: a research paper that the insurance industry is hurting more than it’s helping. Although it is a societal problem, cyber insurers have received considerable criticism for facilitating ransom payments to cybercriminals.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Merck Wins Insurance Lawsuit re NotPetya Attack

Schneier on Security

The insurance company Ace American has to pay for the losses: On 6th December 2021, the New Jersey Superior Court granted partial summary judgment (attached) in favour of Merck and International Indemnity, declaring that the War or Hostile Acts exclusion was inapplicable to the dispute.

Ransomware: Should Governments Hack Cybercrime Cartels?

Data Breach Today

Banning Ransom Payments and Unleashing Offensive Hacking Teams Being Mooted With ransomware continuing to fuel a massive surge in illicit profits, some experts have been calling on governments to launch offensive hacking teams to target cybercrime cartels.

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

Krebs on Security

A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S.

Insurer AXA to Stop Paying for Ransomware Crime Payments in France via Insurance Journal

IG Guru

surpassed France last year in damage from ransomware to businesses, hospitals, schools and local governments, according to the cybersecurity firm Emsisoft, estimating France’s related overall losses at more than $5.5

Cyber Insurers Pull Back Amid Increase in Cyber Attacks, Costs

eSecurity Planet

The explosion of ransomware and similar cyber incidents along with rising associated costs is convincing a growing number of insurance companies to raise the premiums on their cyber insurance policies or reduce coverage, moves that could further squeeze organizations under siege from hackers.

On Cybersecurity Insurance

Schneier on Security

Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Cyber insurance appears to be a weak form of governance at present. However, the cost of external response services is covered, which suggests insurers believe ex-post responses to be more effective than ex-ante mitigation.

Lloyd’s Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks

Threatpost

The insurer won’t pay for 'acts of cyber-war' or nation-state retaliation attacks. . Breach Cloud Security Government Hacks Malware Vulnerabilities Web Security

Major Israeli Insurance Company Hacked

Adam Levin

The personal information of thousands of Israeli citizens has been compromised as the result of a cyberattack on Shirbit, a leading insurance company. . The post Major Israeli Insurance Company Hacked appeared first on Adam Levin.

Cyber insurance: A guide for businesses

IT Governance

That’s why they organisations increasingly relying on cyber insurance policies to cover the costs when data breaches and cyber attacks occur. But just how helpful is cyber insurance? What is cyber insurance? How does cyber insurance work? Who needs cyber insurance?

Ransomware and the Role of Cyber Insurance via Teach Privacy

IG Guru

Professor Daneil Solove interviews Kimberly Horn about Cyber Insurance and Ransomeware here. The post Ransomware and the Role of Cyber Insurance via Teach Privacy appeared first on IG GURU.

Cybersecurity Insurance Not Paying for NotPetya Losses

Schneier on Security

This will complicate things: To complicate matters, having cyber insurance might not cover everyone's losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S. and other governments labeled the NotPetya attack as an action by the Russian military their claim was excluded under the "hostile or warlike action in time of peace or war" exemption. cybersecurity hacking insurance malware ransomware russia war

Delivering business value for insurance companies

Collibra

Recapping a discussion moderated by Stijn Christiaens and featuring insurance data experts from Deloitte UK . Insurance is a data-intensive business. Insurance companies need data to better assess risks and price policies competitively, but also profitably.

Ransomware Increasingly Targeting Small Governments

Dark Reading

To get back up and running quickly, and because it's cheaper, city and county governments often pay the ransom, especially if insurance companies are footing the bill. The result: More ransomware

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

2 announcing a Cyber Insurance Risk Framework (the Framework) that describes industry best practices for New York-regulated property/casualty insurers. Lacewell stated that cybersecurity is the biggest risk for government and private organizations and described how the Framework is based on “extensive dialogue with industry and experts.”. Insurers should: Establish a Formal Cyber Insurance Risk Strategy. Rigorously Measure Insured Risk.

17 Cybersecurity Products the Cyber Insurance Industry Says Are Worthwhile via Claims Journal

IG Guru

Insurance broker Marsh has unveiled the inaugural class of cybersecurity products and services receiving a Cyber Catalyst designation that is part of an evaluation program its backers hope will bring greater clarity in the crowded cybersecurity marketplace. Cyber Catalyst by Marsh, launched earlier this year, convened cyber insurers Allianz, AXIS, AXA XL, Beazley, CFC, Munich […].

Data Governance Tools: What Are They? Are They Optional?

erwin

Data governance tools used to occupy a niche in an organization’s tech stack, but those days are gone. The rise of data-driven business and the complexities that come with it ushered in a soft mandate for data governance and data governance tools. Data governance refers to the strategic and ongoing efforts by an organization to ensure that data is discoverable and its quality is good. Research indicates business leaders recognize the need for data governance tools.

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Hunton Privacy

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. 2 (2021) regarding “Cyber Insurance Risk Framework” (the “Guidelines”), calling on insurers to take more stringent measures in underwriting cyber risks. sought coverage for expenses under its property insurance policy.

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. By doing so, Ohio joins South Carolina as the second state to have adopted the Model Law and the fourth state – along with Connecticut and New York – to have enacted cybersecurity regulations for insurance companies. This means all insurers, agencies, and brokers doing business in Ohio are covered.

Unemployment Insurance Fraud and Identity Theft: Up Close and Personal

Lenny Zeltser

The most likely way in which you’ll learn that you’ve fallen victim to the identity theft-based unemployment insurance scam is by receiving an unsolicited debit card in the mail. People in New York, where I live, use ny.gov for many interactions with the state government.

Digital Preservation -- High Stakes for Finance and Insurance Companies

AIIM

In a recent AIIM survey, 85% of finance and insurance executives said that digital preservation was “important” or “very important” to their organizations – even higher than the 77% reported in other industries. Despite this declared importance – 62% say that “Archiving and long-term digital preservation is a key part of our enterprise information governance and management strategy” -- the reality in most financial organizations is very different.

Incentives, Insurance and Root Cause

Adam Shostack

In that context, I am very excited to see a proposal from Rob Knake on “ Creating a Federally Sponsored Cyber Insurance Program.” ” He suggests that a full root cause analysis would be a condition of Federal insurance backstop: The federally backstopped cyber insurance program should mandate that companies allow full breach investigations, which include on-site gathering of data on why the attack succeeded, to help other companies prevent similar attacks.

How to Get Executive Support for Your Next Information Governance Initiative

AIIM

Back in 2017, I called up a few of the information governance friends I’d made through the AIIM Community to better understand the challenges they were up against. Four years later, we're finally seeing this shift in governance mindsets in nearly every AIIM member organization we speak with.

The benefits of a flexible operating model in data governance

Collibra

Data governance is the essential foundation for organizations looking to create business value from data. Setting up effective data governance, however, can be quite challenging. What is an operating model in data governance? What needs to be governed? Who governs it?

Top 6 Best Practices for Data Governance

Collibra

Data governance is a very intricate field, so implementing and sustaining data governance comes with a suite of challenges. Luckily, thousands, if not millions, of organizations use data governance to improve their operations, so you can learn from others’ mistakes and successes.

Podcast Episode 117: Insurance Industry Confronts Silent Cyber Risk, Converged Threats

The Security Ledger

In this episode of the podcast (#117), we go deep on one of the hottest sectors around: cyber insurance. In the first segment, we talk with Thomas Harvey of the firm RMS about the problem of “silent cyber” risk to insurers and how better modeling of cyber incidents is helping to address that threat. In this episode of the podcast (#117), we go deep on one of the hottest sectors around: cyber insurance. The insurance was dirt cheap. Are insurers ready?

How to make sure your cyber insurance policy pays out

IT Governance

Cyber insurance is big business these days. Damages incurred by information security incidents generally aren’t covered in commercial insurance policies, so a specific policy is necessary to help cover the costs of things like forensic investigation, incident response and notification procedures. The most common reasons that insurers reject cyber insurance claims are organisations’ failure to.

Governance, Technology, and Capitalism.

John Battelle's Searchblog

Our lives are now driven in large part by data, code, and processing, and by the governance of algorithms. Synonymous with progress, asking not for permission, fearless of breaking things – in particular stupid, worthy-of-being-broken things like government, sclerotic corporations, and fetid social norms – the technology industry reveled for decades as a kind of benighted warrior for societal good. Do they think that means there’s no governance ?

Predictive data quality + adaptive data governance = robust compliance by design

Collibra

HIPAA (Health Insurance Portability and Accountability Act), as an example, requires protecting sensitive patient health information from being disclosed without the patient’s consent or knowledge. This is where data governance comes into the picture.

Using Information Governance to Manage the Commingling of Minors’ Claim Files

InfoGoTo

As these and other statutes evolve and legal holds are lifted, insurers need to be prepared to address their legacy records. For P&C insurers, the handling of retention and disposition of minor claims files have historically been challenging due to poor information governance (IG) practices. Insurers’ real-world experiences. One insurer stated that, “digital files and paper files are indexed the same. What insurance companies can do.

What’s Next for Ransomware in 2021?

Threatpost

Breach Featured Government Hacks Malware Vulnerabilities Web Security Webinars 2020 business plan Cyber Insurance Cybereason data stolent DDoS Digital Shadows double extortion IBM Incident response payouts ransomware trends what's next

What is data governance in healthcare?

Collibra

As a result, data governance in healthcare is non-negotiable. Data governance is about managing data and processes so data can be used as a consistent, secure and organized asset that meets policies and standards. Why is data governance important for a healthcare organization?

Rapper Scams $1.2M in COVID-19 Relief, Gloats with ‘EDD’ Video

Threatpost

Government Privacy Web Security arrested BEC big wizza Business Email Compromise CARES Act EDD Fontrell Antonio Baines Fraud Identity theft Nuke Bizzle Pandemic Unemployment insurance Phishing phishing scam PUA scattered canary tax data Tax Fraud

Cyberattack shuts down La Porte County government systems

Security Affairs

Government computer systems at La Porte County, Indiana, were shut down after a cyber attack hit them on July 6. On July 6, a cyber attack brought down government computer systems atLa Porte County, Indiana. At the time of writing, there were only a few details about the attack, according to LaPorte County Commission President Dr. Vidya Kora, county employees were no able to access to any government email or website.

Data Governance Tools: What Are They? Are They Optional?

erwin

Data governance tools used to occupy a niche in an organization’s tech stack, but those days are gone. The rise of data-driven business and the complexities that come with it ushered in a soft mandate for data governance and data governance tools. Data governance refers to the strategic and ongoing efforts by an organization to ensure that data is discoverable and its quality is good. Research indicates business leaders recognize the need for data governance tools.

Cyber Insurance: Addressing Your Risks and Liabilities

Hunton Privacy

After a number of high-profile data breaches, corporate cybersecurity is facing increased scrutiny and attention from consumers, the government and the public. In a webinar, entitled Cyber Insurance: Addressing Your Risks and Liabilities , hosted by Hunton & Williams LLP and CT , Hunton & Williams partners Lon A. Cyber Insurance Cybersecurity Multimedia Resources Security Breach Consumer Protection Lisa Sotto

South Carolina’s Insurance Cybersecurity Law Takes Effect in 2019

Adam Levin

South Carolina became the first state to pass a law requiring all insurance entities to create and maintain a cybersecurity and data breach response program. . Among the law’s provisions is a requirement to notify the state government within 72 hours in the event of a breach or cybersecurity event affecting 250 or more people, the protection of policyholder’s personally identifiable information, and an annual statement detailing their breach response plan. .

Data governance use cases – 3 ways to implement

Collibra

However, once you have a system of record in place for your data, your organization can implement many valuable data governance use cases more easily. . In this post, we’ll highlight the top three most valuable data governance use cases. Make it a data governance use case.

SilverTerrier gang uses COVID-19 lures in BEC attacks against healthcare, government organizations

Security Affairs

Nigerian cyber gang SilverTerrier, specialized in BEC attacks, used COVID-19 lures in recent attacks on healthcare and government organizations. The post SilverTerrier gang uses COVID-19 lures in BEC attacks against healthcare, government organizations appeared first on Security Affairs.