Insurer Races to Fix Security Flaws After Whistleblower Alert

Data Breach Today

Why do some companies lag on addressing security issues

On Cybersecurity Insurance

Schneier on Security

Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Cyber insurance appears to be a weak form of governance at present.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Insurer: Breach Undetected for Nine Years

Data Breach Today

Dominion National Says Recently Discovered Incident Dates Back to 2010 A dental and vision insurer's revelation that it recently discovered a 9-year-old data security incident offers an extreme example of the difficulty some organizations have in detecting data breaches

Judge Rules Insurer Must Pay for Ransomware Damage

Data Breach Today

Coverage Required Because Attack Caused 'Physical Loss or Damage' A federal judge has ruled that an insurer providing a "business owner's insurance policy" to a company that sustained a ransomware attack and was forced to replace most of its IT infrastructure must pay for the damages the security incident caused.

Do Ransomware Attackers Single Out Cyber Insurance Holders?

Data Breach Today

Security Experts Express Skepticism That Criminals Would Bother Do criminal organizations prefer to target organizations that hold cyber insurance policies? A ProPublica report suggests that because cyber insurance policyholders are more likely to pay ransoms, they're a more frequent target. But some cybersecurity experts have expressed skepticism

Apple, Cisco Strike Partnerships for Cyber Insurance

Data Breach Today

Policies Offer Incentives for Good Information Security Practices Apple and Cisco say they've partnered with insurers Aon and Allianz to offer cyber insurance policies for organizations that meet best security practices and use products from the technology companies.

GUEST ESSAY: Cyber insurance 101 — for any business operating in today’s digital environment

The Last Watchdog

To help mitigate the risk of financial losses, more companies are turning to cyber insurance. Related: Bots attack business logic Cyber insurance, like other forms of business insurance, is a way for companies to transfer some of numerous potential liability hits associated specifically with IT infrastructure and IT activities. In other words, you are just about as likely to suffer from a security or data breach as you are to experience a hurricane or earthquake.

First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records

Krebs on Security

The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. based First American is a leading provider of title insurance and settlement services to the real estate and mortgage industries.

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The insurance firm is notifying the impacted customers, but it did not disclose the number of affected users.

New Hampshire Governor Signs Insurance Data Security Law

Hunton Privacy

On August 2, 2019, New Hampshire Governor Chris Sununu signed into law SB 194 (the “Bill”), which requires insurers licensed in the state (“licensees”) to put in place data security programs and report cybersecurity events. Key provisions of the Bill include: Information Security Program. The information security program must “mitigate. The state insurance commissioner may take “necessary or appropriate” action to enforce the new law.

17 Cybersecurity Products the Cyber Insurance Industry Says Are Worthwhile via Claims Journal

IG Guru

Insurance broker Marsh has unveiled the inaugural class of cybersecurity products and services receiving a Cyber Catalyst designation that is part of an evaluation program its backers hope will bring greater clarity in the crowded cybersecurity marketplace.

Boosting Secure Coding Practices

Data Breach Today

Carlos Pero of Zurich Insurance on Gaining Buy-In Carlos Pero, who heads cyber application security at Zurich Insurance, discusses how to get developers to buy in to secure coding practices

Insurance Occurrence Assurance?

Andrew Hay

Though the breaches are concerning, the real story is that the financial institution suing its insurance provider for refusing to fully cover the losses. This, unfortunately, is the nature of insurance. News ciso cyber insurance cyber security insurance security security program

Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 28, 2018, Michigan adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the form of Michigan H.B. By doing so, Michigan joins Ohio and South Carolina as the third state to adopt the Model Law and the fifth state – along with Connecticut and New York – to have enacted cybersecurity regulations focused on insurance companies.

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. By doing so, Ohio joins South Carolina as the second state to have adopted the Model Law and the fourth state – along with Connecticut and New York – to have enacted cybersecurity regulations for insurance companies. This means all insurers, agencies, and brokers doing business in Ohio are covered.

Security Ratings Answer Big Questions in Cyber Insurance

Dark Reading

More insurers are teaming up with security ratings firms to learn more about their clients, define policies, and determine coverage

Episode 158: How NotPetya has Insurers grappling with Systemic Cyber Risk

The Security Ledger

We talk to Bruce McDonnell of the East West Institute about how insurers are responding. We talk to Bruce McConnell of the East West Institute about how insurers are responding. Read Security Ledger coverage of NotPetya here.

Vendor Security Risk Management: A Growing Concern

Data Breach Today

Eddie Chang, Travelers Insurance, cyber insurance, Quest Diagnostics, Optum360, breach, Labcorp, BioReference, AMCA, American Medical Collections Agency, vendor risk management, application security

Arron Banks, the insurers and my strange data trail

The Guardian Data Protection

Carole Cadwalladr just wanted to insure her car. In fact, I had no idea about either the question or the answer when I submitted a “subject access request” to Eldon Insurance Services in December last year. Data protection Data and computer security Brexit Cambridge Analytica Insurance industry Insurance Twitter InternetSix months later, she found a mass of personal details held by a firm she had never contacted that is run by Leave.EU’s

How to make sure your cyber insurance policy pays out

IT Governance

Cyber insurance is big business these days. Find out how a ransomware victim used cyber insurance to guide its response effort >> A cyber insurance policy doesn’t necessarily guarantee that you will receive aid following a data breach.

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

Security Affairs

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. Group-IB, an international company that specializes in preventing cyber attacks, and a Swiss insurance broker ASPIS SA that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges cybersecurity, allowing the exchanges’ clients to ensure their assets.

How Cyber Insurance Changes the Conversation Around Risk

Threatpost

In this InfoSec Insider cyber insurance expert Nick Sanna discusses how to balance threat exposures and protecting assets with insurance against hacking, breaches and vulnerabilities. Hacks Vulnerabilities Web Security Cyber Insurance Factor Analysis of Information Risk Maersk NotPetya

South Carolina Becomes the First State to Enact the National Association of Insurance Commissioners (NAIC) Insurance Data Security Model Law

Data Matters

In October 2017, the National Association of Insurance Commissioners (NAIC) adopted an Insurance Data Security Model Law. On May 3, 2018, South Carolina became the first state to enact this Model Law, in the form of the South Carolina Insurance Data Security Act (H.B. By doing so, South Carolina joined Connecticut and New York as states with cybersecurity regulations for insurance companies.

Hunton Insurance Head Comments on Hotel Data Breach Coverage Dispute

Hunton Privacy

As reported on the Insurance Recovery Blog , Hunton Andrews Kurth insurance practice head Walter Andrews recently commented to the Global Data Review regarding the infirmities underlying an Orlando, Florida federal district court’s ruling that an insurer does not have to defend its insured for damage caused by a third-party data breach. To me, it’s clear that there were two reasonable interpretations of the insurance policy here.”.

Amazon Exposes Emails, Insurance Company Surveillance, and More Security News This Week

WIRED Threat Level

A USPS data leak, Windows passwords go bye-bye, and more security news this week. Security

Spurring Growth Initiatives Through Tax Reform in Insurance

Perficient Data & Analytics

has created a jubilant atmosphere, as the rates are generally expected to boost earnings and investments for many insurers. We are investing in their future and strengthening their long-term financial security with structural improvements that will endure. — To learn what else is driving growth, productivity, and efficiency, download our new guide: 2018 State of the Insurance Industry.

Insurers need to formalize IoT strategy

Information Management Resources

Four out of five carriers don't have a plan for collecting, analyzing or securing the flood of data from connected devices, according to LexisNexis survey. Telematics Internet of things Connected cars Connected home Growth strategies Big data Claims Property and casualty insurance Life insurance LexisNexis

The App Creeping on Your IG Location, Jakarta’s Insurance Crisis, and More News

WIRED Threat Level

Security Security / PrivacyCatch up on the most important news from today in two minutes or less.

Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

Hunton Privacy

New cybersecurity rules for insurance companies licensed in South Carolina are set to take effect in part on January 1, 2019. The new law is the first in the United States to be enacted based on the data security model law drafted by the National Association of Insurance Commissioners. Separately, effective July 1, 2019, the law requires insurance companies licensed in South Carolina to develop and implement a comprehensive, written cybersecurity program.

Podcast Episode 117: Insurance Industry Confronts Silent Cyber Risk, Converged Threats

The Security Ledger

In this episode of the podcast (#117), we go deep on one of the hottest sectors around: cyber insurance. In this episode of the podcast (#117), we go deep on one of the hottest sectors around: cyber insurance. The insurance was dirt cheap. Are insurers ready?

Webinar on the SAFETY Act, Security and Insurance

Hunton Privacy

Recent headlines underscore the security challenges faced by public-facing businesses. Those exposed to these threats, including providers of security services and products, face the potential of bodily injury to customers and employees, serious damage to facilities and operations, extended business disruption, and significant reputational harm as well as years of costly litigation – notwithstanding best efforts to protect against dangerous persons and events.

Insurance firm and two senior figures handed record data breach fines

The Guardian Data Protection

Fines totalling more than £150,000 handed down over use of private detectives to illegally obtain private banking records An insurance firm and two senior figures connected with the company have been given record fines for using private detectives to illegally obtain the private banking records of a businessman they were investigating. Data protection Data and computer security Technology Insurance industry Information commissioner Business UK news

U.S. Treasury Expresses National Perspective In Response to NAIC Insurance Data Security Model Law

Data Matters

Department of Treasury released a 176-page Report examining the current regulatory framework for asset management and insurance industries. The Report, titled A Financial System That Creates Economic Opportunities: Asset Management and Insurance , identifies laws and regulations that are inconsistent with the Trump Administration’s Core Principles for financial regulation as set forth in Executive Order 13772 (Feb. On October 26, 2017, the U.S.

14 top home insurance companies' smart-tech initiatives

Information Management Resources

Homeowners insurance Analytics Internet of things Big data Data security Allstate State Farm Nationwide Progressive Farmers Insurance Liberty MutualA look at how leading property carriers are leveraging connected devices to improve the customer experience.

How Website Security Must Evolve

Data Breach Today

Carlos Pero of Zurich Insurance on Protecting the 'Castle' As a result of cloud computing and the internet of things, the approaches to security for websites must change, says Carlos Pero of Zurich Insurance

Critical Steps in Managing Vendor Security Risk

Data Breach Today

a provider of cyber insurance In light of recent ransomware and other cyberattacks against vendors serving numerous healthcare organizations, it's critical to develop and deploy comprehensive vendor risk management programs, says John Farley of Arthur J. Gallagher & Co.,

Big data security guidelines that insurance organizations need to know

Information Management Resources

Big data offers ample opportunities, but also increases security concerns because online data is so much more vulnerable to cyber attacks. Data security Cyber security Cyber attacks