Insurer Chubb Investigating 'Security Incident'

Data Breach Today

Maze Gang Claims Insurer Is a Victim, Emsisoft Reports Switzerland-based global insurance firm Chubb acknowledges that it's investigating a "security incident."

Insurance and Ransomware

Schneier on Security

Here’s one more contribution to that issue: a research paper that the insurance industry is hurting more than it’s helping. Although it is a societal problem, cyber insurers have received considerable criticism for facilitating ransom payments to cybercriminals.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

ISMG Editors’ Panel: Cyber Insurance; Ransomware Update

Data Breach Today

Also: Debating the Issue of Banning Ransom Payments In this week's panel discussion, four editors at Information Security Media Group discuss cyber insurance, persistent ransomware attacks and whether ransom payments should be banned

Insurer Races to Fix Security Flaws After Whistleblower Alert

Data Breach Today

Why do some companies lag on addressing security issues

Insurer AXA to Stop Paying for Ransomware Crime Payments in France via Insurance Journal

IG Guru

The post Insurer AXA to Stop Paying for Ransomware Crime Payments in France via Insurance Journal appeared first on IG GURU. “The word to get out today is that, regarding ransomware, we don’t pay and we won’t pay,” cybercrime prosecutor Johanna Brousse said at the hearing. Only the U.S.

On Cybersecurity Insurance

Schneier on Security

Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Cyber insurance appears to be a weak form of governance at present. However, the cost of external response services is covered, which suggests insurers believe ex-post responses to be more effective than ex-ante mitigation.

Cyber Insurers Pull Back Amid Increase in Cyber Attacks, Costs

eSecurity Planet

The explosion of ransomware and similar cyber incidents along with rising associated costs is convincing a growing number of insurance companies to raise the premiums on their cyber insurance policies or reduce coverage, moves that could further squeeze organizations under siege from hackers.

GUEST ESSAY: Skeptical about buying life insurance online? Here’s how to do it — securely

The Last Watchdog

Purchasing life insurance once meant going to an insurer’s office or booking an appointment with an insurance agent. Today’s generation is used to getting everything done fast and easy, so life insurance providers had to get with the times and cover all customers’ needs and requirements. Now everyone has the possibility to purchase life insurance from the comfort of their home by simply going online and looking for the policies that will fit their needs.

Insurance firm CNA discloses data breach after March ransomware attack

Security Affairs

Insurance giant CNA notifies customers of a data breach after the Phoenix CryptoLocker ransomware attack suffered in March. US insurance giant CNA is notifying customers of a data breach after the ransomware attack that it suffered in March.

Do Ransomware Attackers Single Out Cyber Insurance Holders?

Data Breach Today

Security Experts Express Skepticism That Criminals Would Bother Do criminal organizations prefer to target organizations that hold cyber insurance policies? A ProPublica report suggests that because cyber insurance policyholders are more likely to pay ransoms, they're a more frequent target. But some cybersecurity experts have expressed skepticism

SMBs and Cyber Insurance – Third Certainty #27

Adam Levin

With the average cost of a data breach exceeding three million dollars, cyber insurance has become a necessity for SMBs. The post SMBs and Cyber Insurance – Third Certainty #27 appeared first on Adam Levin.

Judge Rules Insurer Must Pay for Ransomware Damage

Data Breach Today

Coverage Required Because Attack Caused 'Physical Loss or Damage' A federal judge has ruled that an insurer providing a "business owner's insurance policy" to a company that sustained a ransomware attack and was forced to replace most of its IT infrastructure must pay for the damages the security incident caused.

Cyber insurance: A guide for businesses

IT Governance

Cyber threats are so numerous that it’s impossible to prevent security incidents altogether. That’s why they organisations increasingly relying on cyber insurance policies to cover the costs when data breaches and cyber attacks occur. But just how helpful is cyber insurance?

Major Israeli Insurance Company Hacked

Adam Levin

The personal information of thousands of Israeli citizens has been compromised as the result of a cyberattack on Shirbit, a leading insurance company. . The post Major Israeli Insurance Company Hacked appeared first on Adam Levin.

Crooks stole driver’s license numbers from Geico auto insurer

Security Affairs

Car insurance provider Geico has suffered a data breach, attackers have stolen the driver’s licenses for policyholders for several weeks. Geico, the second-largest auto insurer in the U.S., If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Insurer: Breach Undetected for Nine Years

Data Breach Today

Dominion National Says Recently Discovered Incident Dates Back to 2010 A dental and vision insurer's revelation that it recently discovered a 9-year-old data security incident offers an extreme example of the difficulty some organizations have in detecting data breaches

Ransomware and the Role of Cyber Insurance via Teach Privacy

IG Guru

Professor Daneil Solove interviews Kimberly Horn about Cyber Insurance and Ransomeware here. The post Ransomware and the Role of Cyber Insurance via Teach Privacy appeared first on IG GURU.

Apple, Cisco Strike Partnerships for Cyber Insurance

Data Breach Today

Policies Offer Incentives for Good Information Security Practices Apple and Cisco say they've partnered with insurers Aon and Allianz to offer cyber insurance policies for organizations that meet best security practices and use products from the technology companies. The partnership follows increasing interest in cyber insurance as a hedge against hacking risks

NAIC Insurance Data Security Law Annual Certifications: Is Yours Due By February 15?

Data Matters

Most cybersecurity professionals are aware of the New York Department of Financial Service’s requirement imposed on DFS-licensed entities to certify their cybersecurity program’s compliance on an annual basis (by April 15th of each year), but less well known is that numerous other states impose similar requirements on regulated insurance entities and that deadline for many states is coming up on February 15, 2021.

Arthur J. Gallagher (AJG) insurance giant discloses ransomware attack

Security Affairs

Gallagher (AJG) insurance giant disclosed a ransomware attack, the security breach took place on Saturday. Gallagher (AJG) global insurance brokerage firm confirmed that it was his with a ransomware attack on Saturday, September 26. US-based Arthur J.

GUEST ESSAY: Cyber insurance 101 — for any business operating in today’s digital environment

The Last Watchdog

To help mitigate the risk of financial losses, more companies are turning to cyber insurance. Related: Bots attack business logic Cyber insurance, like other forms of business insurance, is a way for companies to transfer some of numerous potential liability hits associated specifically with IT infrastructure and IT activities. In other words, you are just about as likely to suffer from a security or data breach as you are to experience a hurricane or earthquake.

Delivering business value for insurance companies

Collibra

Recapping a discussion moderated by Stijn Christiaens and featuring insurance data experts from Deloitte UK . Insurance is a data-intensive business. Insurance companies need data to better assess risks and price policies competitively, but also profitably.

As Ransomware Demands Boom, Insurance Keeps Paying Out

WIRED Threat Level

Security Security / Security NewsWhile major carriers like AXA have backed away from covering ransoms, don't expect the industry at large to break the vicious cycle.

What You Need to Know About Cyber Insurance Coverage

InfoGoTo

Hardly a day goes by that we don’t hear about large-scale security incidents and breaches in the headlines. Other organizations are doing all the right things with security. One thing that can mitigate this risk is cyber insurance. Benefits of Cyber Insurance.

Insurance giant CNA Financial paid a $40 million ransom

Security Affairs

The US insurance giant CNA Financial reportedly paid a $40 million ransom to restore access to its files following a ransomware attack. According to Bloomberg , CNA Financial opted to pay the ransom two weeks after the security breach because it was not able to restore its operations.

5 Things to Know About Cyber Insurance

Dark Reading

More businesses are recognizing the need for cyber insurance as part of an overall security strategy. Here are some key points to consider when evaluating, purchasing, and relying on a policy

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

2 announcing a Cyber Insurance Risk Framework (the Framework) that describes industry best practices for New York-regulated property/casualty insurers. While acknowledging that “[e]ach insurer’s cyber insurance risk will vary based [on] many factors,” the Framework nonetheless describes seven practices that authorized property/casualty insurers should use to manage their cyber insurance risk. Manage and Eliminate Exposure to Silent Cyber Insurance Risk.

New Hampshire Governor Signs Insurance Data Security Law

Hunton Privacy

On August 2, 2019, New Hampshire Governor Chris Sununu signed into law SB 194 (the “Bill”), which requires insurers licensed in the state (“licensees”) to put in place data security programs and report cybersecurity events. Key provisions of the Bill include: Information Security Program. The information security program must “mitigate. The state insurance commissioner may take “necessary or appropriate” action to enforce the new law.

First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records

Krebs on Security

The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser. based First American is a leading provider of title insurance and settlement services to the real estate and mortgage industries.

Insurance Giant CNA Hit with Novel Ransomware Attack

Threatpost

Malware Web SecurityThe incident, which forced the company to disconnect its systems, caused significant business disruption.

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. By doing so, Ohio joins South Carolina as the second state to have adopted the Model Law and the fourth state – along with Connecticut and New York – to have enacted cybersecurity regulations for insurance companies. This means all insurers, agencies, and brokers doing business in Ohio are covered.

Security Ratings Answer Big Questions in Cyber Insurance

Dark Reading

More insurers are teaming up with security ratings firms to learn more about their clients, define policies, and determine coverage

Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 28, 2018, Michigan adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the form of Michigan H.B. By doing so, Michigan joins Ohio and South Carolina as the third state to adopt the Model Law and the fifth state – along with Connecticut and New York – to have enacted cybersecurity regulations focused on insurance companies.

Threatpost Poll: Weigh in on Ransomware Security

Threatpost

Breach Cloud Security Malware Vulnerabilities Cyber Insurance Cybersecurity Healthcare poll ransomwareProvide your views on ransomware and how to deal with it in our anonymous Threatpost poll.

Insurance Occurrence Assurance?

Andrew Hay

Though the breaches are concerning, the real story is that the financial institution suing its insurance provider for refusing to fully cover the losses. From the article: In its lawsuit (PDF), National Bank says it had an insurance policy with Everest National Insurance Company for two types of coverage or “riders” to protect it against cybercrime losses. This, unfortunately, is the nature of insurance.

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

Security Affairs

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. Group-IB, an international company that specializes in preventing cyber attacks, and a Swiss insurance broker ASPIS SA that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges cybersecurity, allowing the exchanges’ clients to ensure their assets.

Arron Banks, the insurers and my strange data trail

The Guardian Data Protection

Carole Cadwalladr just wanted to insure her car. In fact, I had no idea about either the question or the answer when I submitted a “subject access request” to Eldon Insurance Services in December last year. Data protection Data and computer security Brexit Cambridge Analytica Insurance industry Insurance Twitter InternetSix months later, she found a mass of personal details held by a firm she had never contacted that is run by Leave.EU’s

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Hunton Privacy

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. 2 (2021) regarding “Cyber Insurance Risk Framework” (the “Guidelines”), calling on insurers to take more stringent measures in underwriting cyber risks. sought coverage for expenses under its property insurance policy.

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. The insurance firm is notifying the impacted customers, but it did not disclose the number of affected users.

How Cyber Insurance Changes the Conversation Around Risk

Threatpost

In this InfoSec Insider cyber insurance expert Nick Sanna discusses how to balance threat exposures and protecting assets with insurance against hacking, breaches and vulnerabilities. Hacks Vulnerabilities Web Security Cyber Insurance Factor Analysis of Information Risk Maersk NotPetya