Expert insights. Personalized for you.
Coverage Required Because Attack Caused 'Physical Loss or Damage' A federal judge has ruled that an insurer providing a "business owner's insurance policy" to a company that sustained a ransomware attack and was forced to replace most of its IT infrastructure must pay for the damages the security incident caused MORE
Purchasing life insurance once meant going to an insurer’s office or booking an appointment with an insurance agent. Today’s generation is used to getting everything done fast and easy, so life insurance providers had to get with the times and cover all customers’ needs and requirements. Now everyone has the possibility to purchase life insurance from the comfort of their home by simply going online and looking for the policies that will fit their needs. MORE
Dominion National Says Recently Discovered Incident Dates Back to 2010 A dental and vision insurer's revelation that it recently discovered a 9-year-old data security incident offers an extreme example of the difficulty some organizations have in detecting data breaches MORE
More businesses are recognizing the need for cyber insurance as part of an overall security strategy. Here are some key points to consider when evaluating, purchasing, and relying on a policy MORE
On August 2, 2019, New Hampshire Governor Chris Sununu signed into law SB 194 (the “Bill”), which requires insurers licensed in the state (“licensees”) to put in place data security programs and report cybersecurity events. Key provisions of the Bill include: Information Security Program. The information security program must “mitigate. The state insurance commissioner may take “necessary or appropriate” action to enforce the new law. MORE
Four out of five carriers don't have a plan for collecting, analyzing or securing the flood of data from connected devices, according to LexisNexis survey. Telematics Internet of things Connected cars Connected home Growth strategies Big data Claims Property and casualty insurance Life insurance LexisNexis MORE
Security Experts Express Skepticism That Criminals Would Bother Do criminal organizations prefer to target organizations that hold cyber insurance policies? A ProPublica report suggests that because cyber insurance policyholders are more likely to pay ransoms, they're a more frequent target. But some cybersecurity experts have expressed skepticism MORE
Policies Offer Incentives for Good Information Security Practices Apple and Cisco say they've partnered with insurers Aon and Allianz to offer cyber insurance policies for organizations that meet best security practices and use products from the technology companies. The partnership follows increasing interest in cyber insurance as a hedge against hacking risks MORE
In this InfoSec Insider cyber insurance expert Nick Sanna discusses how to balance threat exposures and protecting assets with insurance against hacking, breaches and vulnerabilities. Hacks Vulnerabilities Web Security Cyber Insurance Factor Analysis of Information Risk Maersk NotPetya MORE
has created a jubilant atmosphere, as the rates are generally expected to boost earnings and investments for many insurers. We are investing in their future and strengthening their long-term financial security with structural improvements that will endure. — To learn what else is driving growth, productivity, and efficiency, download our new guide: 2018 State of the Insurance Industry. MORE
To help mitigate the risk of financial losses, more companies are turning to cyber insurance. Related: Bots attack business logic Cyber insurance, like other forms of business insurance, is a way for companies to transfer some of numerous potential liability hits associated specifically with IT infrastructure and IT activities. In other words, you are just about as likely to suffer from a security or data breach as you are to experience a hurricane or earthquake. MORE
The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. The insurance firm is notifying the impacted customers, but it did not disclose the number of affected users. MORE
Professor Daneil Solove interviews Kimberly Horn about Cyber Insurance and Ransomeware here. The post Ransomware and the Role of Cyber Insurance via Teach Privacy appeared first on IG GURU. Business IG News Information Governance information privacy information security Privacy Risk News Security Daniel Solove Insurance Kimberly Horn Ransomware Teach Privacy MORE
Report: Blue Cross and Blue Shield Minnesota Had Thousands of Old 'Critical' Vulnerabilities Blue Cross and Blue Shield Minnesota is reportedly racing to address tens of thousands of security vulnerabilities after a whistleblower on the health insurer's security team alerted the company's board of trustees about the problems. Why do some companies lag on addressing security issues MORE
Gallagher (AJG) insurance giant disclosed a ransomware attack, the security breach took place on Saturday. Gallagher (AJG) global insurance brokerage firm confirmed that it was his with a ransomware attack on Saturday, September 26. US-based Arthur J. MORE
Homeowners insurance Analytics Internet of things Big data Data security Allstate State Farm Nationwide Progressive Farmers Insurance Liberty MutualA look at how leading property carriers are leveraging connected devices to improve the customer experience. MORE
With the average cost of a data breach exceeding three million dollars, cyber insurance has become a necessity for SMBs. The post SMBs and Cyber Insurance – Third Certainty #27 appeared first on Adam Levin. MORE
New cybersecurity rules for insurance companies licensed in South Carolina are set to take effect in part on January 1, 2019. The new law is the first in the United States to be enacted based on the data security model law drafted by the National Association of Insurance Commissioners. Separately, effective July 1, 2019, the law requires insurance companies licensed in South Carolina to develop and implement a comprehensive, written cybersecurity program. MORE
On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. By doing so, Ohio joins South Carolina as the second state to have adopted the Model Law and the fourth state – along with Connecticut and New York – to have enacted cybersecurity regulations for insurance companies. This means all insurers, agencies, and brokers doing business in Ohio are covered. MORE
Insurance broker Marsh has unveiled the inaugural class of cybersecurity products and services receiving a Cyber Catalyst designation that is part of an evaluation program its backers hope will bring greater clarity in the crowded cybersecurity marketplace. Cyber Catalyst by Marsh, launched earlier this year, convened cyber insurers Allianz, AXIS, AXA XL, Beazley, CFC, Munich […]. MORE
Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. Group-IB, an international company that specializes in preventing cyber attacks, and a Swiss insurance broker ASPIS SA that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges cybersecurity, allowing the exchanges’ clients to ensure their assets. MORE
A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. The investigator said in some states fraudsters need only to submit someone’s name, Social Security number and other basic information for their claims to be processed. MORE
The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser. based First American is a leading provider of title insurance and settlement services to the real estate and mortgage industries. MORE
Eddie Chang, Travelers Insurance, cyber insurance, Quest Diagnostics, Optum360, breach, Labcorp, BioReference, AMCA, American Medical Collections Agency, vendor risk management, application security MORE
Government Privacy Web Security arrested BEC big wizza Business Email Compromise CARES Act EDD Fontrell Antonio Baines Fraud Identity theft Nuke Bizzle Pandemic Unemployment insurance Phishing phishing scam PUA scattered canary tax data Tax Fraud MORE
Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Cyber insurance appears to be a weak form of governance at present. However, the cost of external response services is covered, which suggests insurers believe ex-post responses to be more effective than ex-ante mitigation. MORE
Recent headlines underscore the security challenges faced by public-facing businesses. Those exposed to these threats, including providers of security services and products, face the potential of bodily injury to customers and employees, serious damage to facilities and operations, extended business disruption, and significant reputational harm as well as years of costly litigation – notwithstanding best efforts to protect against dangerous persons and events. MORE
Cyber threats are so numerous that it’s impossible to prevent security incidents altogether. That’s why they organisations increasingly relying on cyber insurance policies to cover the costs when data breaches and cyber attacks occur. But just how helpful is cyber insurance? MORE
On December 28, 2018, Michigan adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the form of Michigan H.B. By doing so, Michigan joins Ohio and South Carolina as the third state to adopt the Model Law and the fifth state – along with Connecticut and New York – to have enacted cybersecurity regulations focused on insurance companies. MORE
In October 2017, the National Association of Insurance Commissioners (NAIC) adopted an Insurance Data Security Model Law. On May 3, 2018, South Carolina became the first state to enact this Model Law, in the form of the South Carolina Insurance Data Security Act (H.B. By doing so, South Carolina joined Connecticut and New York as states with cybersecurity regulations for insurance companies. MORE
Cyber insurance is big business these days. Damages incurred by information security incidents generally aren’t covered in commercial insurance policies, so a specific policy is necessary to help cover the costs of things like forensic investigation, incident response and notification procedures. Most policies include provisions requiring organisations to follow certain information security best practices. Inspect the security practices of third parties. MORE
Hardly a day goes by that we don’t hear about large-scale security incidents and breaches in the headlines. Other organizations are doing all the right things with security. One thing that can mitigate this risk is cyber insurance. Benefits of Cyber Insurance. MORE
As reported on the Insurance Recovery Blog , Hunton Andrews Kurth insurance practice head Walter Andrews recently commented to the Global Data Review regarding the infirmities underlying an Orlando, Florida federal district court’s ruling that an insurer does not have to defend its insured for damage caused by a third-party data breach. To me, it’s clear that there were two reasonable interpretations of the insurance policy here.”. MORE
To achieve this, the scammer: Obtains the victim’s personal information , including name, date of birth, social security number, address, and probably employment history. The most likely way in which you’ll learn that you’ve fallen victim to the identity theft-based unemployment insurance scam is by receiving an unsolicited debit card in the mail. I wrote this article to help other victims of this unemployment insurance fraud and identity theft scam. MORE
Carlos Pero of Zurich Insurance on Gaining Buy-In Carlos Pero, who heads cyber application security at Zurich Insurance, discusses how to get developers to buy in to secure coding practices MORE
Though the breaches are concerning, the real story is that the financial institution suing its insurance provider for refusing to fully cover the losses. From the article: In its lawsuit (PDF), National Bank says it had an insurance policy with Everest National Insurance Company for two types of coverage or “riders” to protect it against cybercrime losses. This, unfortunately, is the nature of insurance. MORE
More insurers are teaming up with security ratings firms to learn more about their clients, define policies, and determine coverage MORE
We talk to Bruce McDonnell of the East West Institute about how insurers are responding. Related Stories Episode 155: Disinformation is a Cyber Weapon and APTs warm to Mobile Malware Podcast Episode 117: Insurance Industry Confronts Silent Cyber Risk, Converged Threats NotPetya Horror Story Highlights Need for Holistic Security. We talk to Bruce McConnell of the East West Institute about how insurers are responding. Read Security Ledger coverage of NotPetya here. MORE
Carole Cadwalladr just wanted to insure her car. In fact, I had no idea about either the question or the answer when I submitted a “subject access request” to Eldon Insurance Services in December last year. Data protection Data and computer security Brexit Cambridge Analytica Insurance industry Insurance Twitter InternetSix months later, she found a mass of personal details held by a firm she had never contacted that is run by Leave.EU’s MORE
A USPS data leak, Windows passwords go bye-bye, and more security news this week. Security MORE
Maze Gang Claims Insurer Is a Victim, Emsisoft Reports Switzerland-based global insurance firm Chubb acknowledges that it's investigating a "security incident." Meanwhile, the Maze ransomware gang is claiming Chubb is its latest victim, according to researchers at the security firm Emsisoft MORE
Data Breach Today
MARCH 27, 2020
Maze Gang Claims Insurer Is a Victim, Emsisoft Reports Switzerland-based global insurance firm Chubb acknowledges that it's investigating a "security incident." Meanwhile, the Maze ransomware gang is claiming Chubb is its latest victim, according to researchers at the security firm Emsisoft
Data Breach Today
DECEMBER 16, 2019
Report: Blue Cross and Blue Shield Minnesota Had Thousands of Old 'Critical' Vulnerabilities Blue Cross and Blue Shield Minnesota is reportedly racing to address tens of thousands of security vulnerabilities after a whistleblower on the health insurer's security team alerted the company's board of trustees about the problems. Why do some companies lag on addressing security issues
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
IT Governance
OCTOBER 15, 2020
Cyber threats are so numerous that it’s impossible to prevent security incidents altogether. That’s why they organisations increasingly relying on cyber insurance policies to cover the costs when data breaches and cyber attacks occur. But just how helpful is cyber insurance?
Schneier on Security
SEPTEMBER 10, 2019
Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Cyber insurance appears to be a weak form of governance at present. However, the cost of external response services is covered, which suggests insurers believe ex-post responses to be more effective than ex-ante mitigation.
The Last Watchdog
AUGUST 24, 2020
Purchasing life insurance once meant going to an insurer’s office or booking an appointment with an insurance agent. Today’s generation is used to getting everything done fast and easy, so life insurance providers had to get with the times and cover all customers’ needs and requirements. Now everyone has the possibility to purchase life insurance from the comfort of their home by simply going online and looking for the policies that will fit their needs.
Adam Levin
SEPTEMBER 7, 2020
With the average cost of a data breach exceeding three million dollars, cyber insurance has become a necessity for SMBs. The post SMBs and Cyber Insurance – Third Certainty #27 appeared first on Adam Levin.
|
Krebs on Security
MAY 15, 2020
A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. The investigator said in some states fraudsters need only to submit someone’s name, Social Security number and other basic information for their claims to be processed.
Data Breach Today
JUNE 26, 2019
Dominion National Says Recently Discovered Incident Dates Back to 2010 A dental and vision insurer's revelation that it recently discovered a 9-year-old data security incident offers an extreme example of the difficulty some organizations have in detecting data breaches
Data Breach Today
SEPTEMBER 3, 2019
Security Experts Express Skepticism That Criminals Would Bother Do criminal organizations prefer to target organizations that hold cyber insurance policies? A ProPublica report suggests that because cyber insurance policyholders are more likely to pay ransoms, they're a more frequent target. But some cybersecurity experts have expressed skepticism
Security Affairs
SEPTEMBER 29, 2020
Gallagher (AJG) insurance giant disclosed a ransomware attack, the security breach took place on Saturday. Gallagher (AJG) global insurance brokerage firm confirmed that it was his with a ransomware attack on Saturday, September 26. US-based Arthur J.
Data Breach Today
JANUARY 31, 2020
Coverage Required Because Attack Caused 'Physical Loss or Damage' A federal judge has ruled that an insurer providing a "business owner's insurance policy" to a company that sustained a ransomware attack and was forced to replace most of its IT infrastructure must pay for the damages the security incident caused
|
Data Breach Today
FEBRUARY 6, 2018
Policies Offer Incentives for Good Information Security Practices Apple and Cisco say they've partnered with insurers Aon and Allianz to offer cyber insurance policies for organizations that meet best security practices and use products from the technology companies. The partnership follows increasing interest in cyber insurance as a hedge against hacking risks
The Last Watchdog
JANUARY 20, 2020
To help mitigate the risk of financial losses, more companies are turning to cyber insurance. Related: Bots attack business logic Cyber insurance, like other forms of business insurance, is a way for companies to transfer some of numerous potential liability hits associated specifically with IT infrastructure and IT activities. In other words, you are just about as likely to suffer from a security or data breach as you are to experience a hurricane or earthquake.
IG Guru
APRIL 16, 2020
Professor Daneil Solove interviews Kimberly Horn about Cyber Insurance and Ransomeware here. The post Ransomware and the Role of Cyber Insurance via Teach Privacy appeared first on IG GURU. Business IG News Information Governance information privacy information security Privacy Risk News Security Daniel Solove Insurance Kimberly Horn Ransomware Teach Privacy
Dark Reading
AUGUST 15, 2019
More businesses are recognizing the need for cyber insurance as part of an overall security strategy. Here are some key points to consider when evaluating, purchasing, and relying on a policy
Hunton Privacy
AUGUST 6, 2019
On August 2, 2019, New Hampshire Governor Chris Sununu signed into law SB 194 (the “Bill”), which requires insurers licensed in the state (“licensees”) to put in place data security programs and report cybersecurity events. Key provisions of the Bill include: Information Security Program. The information security program must “mitigate. The state insurance commissioner may take “necessary or appropriate” action to enforce the new law.
Krebs on Security
MAY 24, 2019
The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser. based First American is a leading provider of title insurance and settlement services to the real estate and mortgage industries.
Data Matters
JANUARY 14, 2019
On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. By doing so, Ohio joins South Carolina as the second state to have adopted the Model Law and the fourth state – along with Connecticut and New York – to have enacted cybersecurity regulations for insurance companies. This means all insurers, agencies, and brokers doing business in Ohio are covered.
Data Matters
FEBRUARY 11, 2019
On December 28, 2018, Michigan adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the form of Michigan H.B. By doing so, Michigan joins Ohio and South Carolina as the third state to adopt the Model Law and the fifth state – along with Connecticut and New York – to have enacted cybersecurity regulations focused on insurance companies.
Andrew Hay
JULY 26, 2018
Though the breaches are concerning, the real story is that the financial institution suing its insurance provider for refusing to fully cover the losses. From the article: In its lawsuit (PDF), National Bank says it had an insurance policy with Everest National Insurance Company for two types of coverage or “riders” to protect it against cybercrime losses. This, unfortunately, is the nature of insurance.
The Guardian Data Protection
APRIL 21, 2018
Carole Cadwalladr just wanted to insure her car. In fact, I had no idea about either the question or the answer when I submitted a “subject access request” to Eldon Insurance Services in December last year. Data protection Data and computer security Brexit Cambridge Analytica Insurance industry Insurance Twitter InternetSix months later, she found a mass of personal details held by a firm she had never contacted that is run by Leave.EU’s
Dark Reading
JUNE 11, 2018
More insurers are teaming up with security ratings firms to learn more about their clients, define policies, and determine coverage
Security Affairs
AUGUST 7, 2019
The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. The insurance firm is notifying the impacted customers, but it did not disclose the number of affected users.
IG Guru
OCTOBER 11, 2019
Insurance broker Marsh has unveiled the inaugural class of cybersecurity products and services receiving a Cyber Catalyst designation that is part of an evaluation program its backers hope will bring greater clarity in the crowded cybersecurity marketplace. Cyber Catalyst by Marsh, launched earlier this year, convened cyber insurers Allianz, AXIS, AXA XL, Beazley, CFC, Munich […].
Data Breach Today
JUNE 11, 2019
Carlos Pero of Zurich Insurance on Gaining Buy-In Carlos Pero, who heads cyber application security at Zurich Insurance, discusses how to get developers to buy in to secure coding practices
Data Matters
JULY 30, 2018
In October 2017, the National Association of Insurance Commissioners (NAIC) adopted an Insurance Data Security Model Law. On May 3, 2018, South Carolina became the first state to enact this Model Law, in the form of the South Carolina Insurance Data Security Act (H.B. By doing so, South Carolina joined Connecticut and New York as states with cybersecurity regulations for insurance companies.
Data Breach Today
JUNE 7, 2019
Eddie Chang, Travelers Insurance, cyber insurance, Quest Diagnostics, Optum360, breach, Labcorp, BioReference, AMCA, American Medical Collections Agency, vendor risk management, application security
Threatpost
JULY 19, 2018
In this InfoSec Insider cyber insurance expert Nick Sanna discusses how to balance threat exposures and protecting assets with insurance against hacking, breaches and vulnerabilities. Hacks Vulnerabilities Web Security Cyber Insurance Factor Analysis of Information Risk Maersk NotPetya
Security Affairs
NOVEMBER 6, 2018
Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. Group-IB, an international company that specializes in preventing cyber attacks, and a Swiss insurance broker ASPIS SA that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges cybersecurity, allowing the exchanges’ clients to ensure their assets.
Hunton Privacy
OCTOBER 10, 2018
As reported on the Insurance Recovery Blog , Hunton Andrews Kurth insurance practice head Walter Andrews recently commented to the Global Data Review regarding the infirmities underlying an Orlando, Florida federal district court’s ruling that an insurer does not have to defend its insured for damage caused by a third-party data breach. To me, it’s clear that there were two reasonable interpretations of the insurance policy here.”.
Perficient Data & Analytics
JUNE 12, 2018
has created a jubilant atmosphere, as the rates are generally expected to boost earnings and investments for many insurers. We are investing in their future and strengthening their long-term financial security with structural improvements that will endure. — To learn what else is driving growth, productivity, and efficiency, download our new guide: 2018 State of the Insurance Industry.
The Security Ledger
AUGUST 20, 2019
We talk to Bruce McDonnell of the East West Institute about how insurers are responding. Related Stories Episode 155: Disinformation is a Cyber Weapon and APTs warm to Mobile Malware Podcast Episode 117: Insurance Industry Confronts Silent Cyber Risk, Converged Threats NotPetya Horror Story Highlights Need for Holistic Security. We talk to Bruce McConnell of the East West Institute about how insurers are responding. Read Security Ledger coverage of NotPetya here.
Hunton Privacy
JANUARY 2, 2019
New cybersecurity rules for insurance companies licensed in South Carolina are set to take effect in part on January 1, 2019. The new law is the first in the United States to be enacted based on the data security model law drafted by the National Association of Insurance Commissioners. Separately, effective July 1, 2019, the law requires insurance companies licensed in South Carolina to develop and implement a comprehensive, written cybersecurity program.
Information Management Resources
MARCH 21, 2018
Four out of five carriers don't have a plan for collecting, analyzing or securing the flood of data from connected devices, according to LexisNexis survey. Telematics Internet of things Connected cars Connected home Growth strategies Big data Claims Property and casualty insurance Life insurance LexisNexis
IT Governance
JULY 15, 2019
Cyber insurance is big business these days. Damages incurred by information security incidents generally aren’t covered in commercial insurance policies, so a specific policy is necessary to help cover the costs of things like forensic investigation, incident response and notification procedures. Most policies include provisions requiring organisations to follow certain information security best practices. Inspect the security practices of third parties.
Lenny Zeltser
JULY 1, 2020
To achieve this, the scammer: Obtains the victim’s personal information , including name, date of birth, social security number, address, and probably employment history. The most likely way in which you’ll learn that you’ve fallen victim to the identity theft-based unemployment insurance scam is by receiving an unsolicited debit card in the mail. I wrote this article to help other victims of this unemployment insurance fraud and identity theft scam.
Information Management Resources
APRIL 24, 2018
Homeowners insurance Analytics Internet of things Big data Data security Allstate State Farm Nationwide Progressive Farmers Insurance Liberty MutualA look at how leading property carriers are leveraging connected devices to improve the customer experience.
WIRED Threat Level
NOVEMBER 24, 2018
A USPS data leak, Windows passwords go bye-bye, and more security news this week. Security
Hunton Privacy
OCTOBER 14, 2019
Recent headlines underscore the security challenges faced by public-facing businesses. Those exposed to these threats, including providers of security services and products, face the potential of bodily injury to customers and employees, serious damage to facilities and operations, extended business disruption, and significant reputational harm as well as years of costly litigation – notwithstanding best efforts to protect against dangerous persons and events.
Threatpost
OCTOBER 19, 2020
Government Privacy Web Security arrested BEC big wizza Business Email Compromise CARES Act EDD Fontrell Antonio Baines Fraud Identity theft Nuke Bizzle Pandemic Unemployment insurance Phishing phishing scam PUA scattered canary tax data Tax Fraud
116 
Let's personalize your content