article thumbnail

Insurer Chubb Investigating 'Security Incident'

Data Breach Today

Maze Gang Claims Insurer Is a Victim, Emsisoft Reports Switzerland-based global insurance firm Chubb acknowledges that it's investigating a "security incident."

Insurance 256
article thumbnail

Changing Data Quantification in Security Insurance

Data Breach Today

Lynn Peachey, the director of business development at Arete Incident Response, says that insurance companies have made "a pretty quick turnaround in terms of trying to respond to the ransomware epidemic."

Insurance 219
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Insurance Coverage for NotPetya Losses

Schneier on Security

Tarah Wheeler and Josephine Wolff analyze a recent court decision that the NotPetya attacks are not considered an act of war under the wording of Merck’s insurance policy, and that the insurers must pay the $1B+ claim.

article thumbnail

Two States Enact Insurance Data Security Laws

Hunton Privacy

In April 2022, two states enacted insurance data security legislation based on the National Association of Insurance Commissioners (“NAIC”) Insurance Data Security Model Law (MDL-668). Cyber Insurance Cybersecurity Information Security U.S.

article thumbnail

Insurance and Ransomware

Schneier on Security

Here’s one more contribution to that issue: a research paper that the insurance industry is hurting more than it’s helping. Although it is a societal problem, cyber insurers have received considerable criticism for facilitating ransom payments to cybercriminals.

article thumbnail

ISMG Editors’ Panel: Cyber Insurance; Ransomware Update

Data Breach Today

Also: Debating the Issue of Banning Ransom Payments In this week's panel discussion, four editors at Information Security Media Group discuss cyber insurance, persistent ransomware attacks and whether ransom payments should be banned

Insurance 226
article thumbnail

Report: Health Insurance Exchange Suffered Dozens of Breaches

Data Breach Today

Insurance 213
article thumbnail

Insurer Races to Fix Security Flaws After Whistleblower Alert

Data Breach Today

Why do some companies lag on addressing security issues

Insurance 206
article thumbnail

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

Krebs on Security

A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S.

Insurance 285
article thumbnail

Get security right on the road to technology modernization in insurance

DXC

With the top 10 insurers worldwide currently still relying on mainframes, legacy systems continue to be the heartbeat of insurance processing. Increasingly, insurers are looking to modernize existing infrastructure, move to cloud, or both, to support business transformation initiatives.

article thumbnail

Cyber Insurance and the Changing Global Risk Environment

Security Affairs

When security fails, cyber insurance can become crucial for ensuring continuity. Our reliance on digital technology and the inherited risk is a key driving factor for buying cyber risk insurance. When security fails, cyber insurance can become crucial for ensuring continuity.

article thumbnail

Vermont Enacts Insurance Data Security Law

Hunton Privacy

On May 27, 2022, Vermont Governor Phil Scott signed H.515 , making Vermont the twenty-first state to enact legislation based on the National Association of Insurance Commissioners Insurance Data Security Model Law (“MDL-668”). Information Security Program Requirements.

article thumbnail

On Cybersecurity Insurance

Schneier on Security

Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Cyber insurance appears to be a weak form of governance at present. However, the cost of external response services is covered, which suggests insurers believe ex-post responses to be more effective than ex-ante mitigation.

article thumbnail

Why Cyber Insurance is Essential in 2022

IT Governance

Organisations must always look for cost-effective ways to address the cyber security risks they face. One of the most common ways to mitigate the risk of a cyber security incident is cyber insurance. Despite the benefits of cyber insurance, it is surprisingly undervalued.

article thumbnail

Cyber Insurance Rates Begin to Stabilize as Insurers Gain Better Insight into Cyberattacks

KnowBe4

The latest data shows that historically massive rate increases seen over the last few years are beginning to come down, primarily due to insurers having a solid understanding of the risk. Security Awareness Training Cybercrime

article thumbnail

Cyber Insurers Clamp Down on Clients' Self-Attestation of Security Controls

Dark Reading

After one company suffered a breach that could have been headed off by the MFA it claimed to have, insurers are looking to confirm claimed cybersecurity measures

article thumbnail

Merck Wins Insurance Lawsuit re NotPetya Attack

Schneier on Security

The insurance company Ace American has to pay for the losses: On 6th December 2021, the New Jersey Superior Court granted partial summary judgment (attached) in favour of Merck and International Indemnity, declaring that the War or Hostile Acts exclusion was inapplicable to the dispute.

article thumbnail

Resilience CEO on White House Meeting, Cyber Insurance

Data Breach Today

Vishaal Hariprasad Also Address How Ransomware Is Changing Security On Aug. 25, President Joe Biden invited about 25 technology, insurance, finance and education executives to the White House to discuss pressing cybersecurity issues such as supply chain and critical infrastructure.

Insurance 158
article thumbnail

U.S. Treasury Department Seeks Public Comment On Potential Federal Cyber Insurance Program

Data Matters

Treasury Department is seeking public comment on the need and scope for a potential federal insurance response to catastrophic cyber incidents, akin to the one put in place for terrorism insurance after the attacks of September 11, 2001. The U.S.

article thumbnail

Cyber Insurers Pull Back Amid Increase in Cyber Attacks, Costs

eSecurity Planet

The explosion of ransomware and similar cyber incidents along with rising associated costs is convincing a growing number of insurance companies to raise the premiums on their cyber insurance policies or reduce coverage, moves that could further squeeze organizations under siege from hackers.

article thumbnail

U.S. Treasury Department Seeks Public Comment On Potential Federal Cyber Insurance Program

Data Matters

Treasury Department is seeking public comment on the need and scope for a potential federal insurance response to catastrophic cyber incidents, akin to the one put in place for terrorism insurance after the attacks of September 11, 2001. The U.S.

article thumbnail

Insurer: Breach Undetected for Nine Years

Data Breach Today

Dominion National Says Recently Discovered Incident Dates Back to 2010 A dental and vision insurer's revelation that it recently discovered a 9-year-old data security incident offers an extreme example of the difficulty some organizations have in detecting data breaches

Insurance 149
article thumbnail

Cyber Insurers Focus on Catastrophic Attacks and Required Minimum Defenses as Premiums Double

KnowBe4

Recent attacks are helping cyber insurers better understand what security strategies need to be in place and how to price policies based on the risk those policies cover. Security Awareness Training

article thumbnail

Insurer AXA to Stop Paying for Ransomware Crime Payments in France via Insurance Journal

IG Guru

The post Insurer AXA to Stop Paying for Ransomware Crime Payments in France via Insurance Journal appeared first on IG GURU. “The word to get out today is that, regarding ransomware, we don’t pay and we won’t pay,” cybercrime prosecutor Johanna Brousse said at the hearing. Only the U.S.

article thumbnail

Cyber Insurance and War Exclusions

Dark Reading

Here's what a cybersecurity lawyer thinks security pros need to know in light of Russia's invasion of Ukraine

article thumbnail

What We Mean When We Talk About Cyber Insurance

Dark Reading

Cyber insurance is more than a policy for paying off ransomware gangs. It's designed to be something you transfer risk to when security controls fail

article thumbnail

Do Ransomware Attackers Single Out Cyber Insurance Holders?

Data Breach Today

Security Experts Express Skepticism That Criminals Would Bother Do criminal organizations prefer to target organizations that hold cyber insurance policies? A ProPublica report suggests that because cyber insurance policyholders are more likely to pay ransoms, they're a more frequent target. But some cybersecurity experts have expressed skepticism

Insurance 175
article thumbnail

How Much Cyber Liability Insurance Do You Need?

IT Governance

Cyber liability insurance helps organisations cover the financial costs of a data breach. Without insurance, organisations spend £3.6 million on average recovering from security incidents. What does cyber insurance include? First-party vs third-party insurance.

article thumbnail

Finance and Insurance Is the Sector Most Impacted by Data Breaches In 2022

KnowBe4

Analysis of the year’s breaches shows Finance and Insurance businesses are the most targeted and have lost a material count of records as a result. Social Engineering Security Awareness Training

article thumbnail

Judge Rules Insurer Must Pay for Ransomware Damage

Data Breach Today

Coverage Required Because Attack Caused 'Physical Loss or Damage' A federal judge has ruled that an insurer providing a "business owner's insurance policy" to a company that sustained a ransomware attack and was forced to replace most of its IT infrastructure must pay for the damages the security incident caused.

Insurance 151
article thumbnail

GUEST ESSAY: Skeptical about buying life insurance online? Here’s how to do it — securely

The Last Watchdog

Purchasing life insurance once meant going to an insurer’s office or booking an appointment with an insurance agent. Today’s generation is used to getting everything done fast and easy, so life insurance providers had to get with the times and cover all customers’ needs and requirements. Now everyone has the possibility to purchase life insurance from the comfort of their home by simply going online and looking for the policies that will fit their needs.

Insurance 132
article thumbnail

Cybersecurity Insurance

Schneier on Security

Good article about how difficult it is to insure an organization against Internet attacks, and how expensive the insurance is. Typically in insurance we use the past as prediction for the future, and in cyber that's very difficult to do because no two incidents are alike," said Lori Bailey, global head of cyberrisk for the Zurich Insurance Group. In my new book -- out in September -- I write: There are challenges to creating these new insurance products.

article thumbnail

NAIC Insurance Data Security Law Annual Certifications: Is Yours Due By February 15?

Data Matters

Most cybersecurity professionals are aware of the New York Department of Financial Service’s requirement imposed on DFS-licensed entities to certify their cybersecurity program’s compliance on an annual basis (by April 15th of each year), but less well known is that numerous other states impose similar requirements on regulated insurance entities and that deadline for many states is coming up on February 15, 2021.

article thumbnail

Insurance firm CNA discloses data breach after March ransomware attack

Security Affairs

Insurance giant CNA notifies customers of a data breach after the Phoenix CryptoLocker ransomware attack suffered in March. US insurance giant CNA is notifying customers of a data breach after the ransomware attack that it suffered in March.

article thumbnail

Crooks stole driver’s license numbers from Geico auto insurer

Security Affairs

Car insurance provider Geico has suffered a data breach, attackers have stolen the driver’s licenses for policyholders for several weeks. Geico, the second-largest auto insurer in the U.S., If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Insurance 107
article thumbnail

Apple, Cisco Strike Partnerships for Cyber Insurance

Data Breach Today

Policies Offer Incentives for Good Information Security Practices Apple and Cisco say they've partnered with insurers Aon and Allianz to offer cyber insurance policies for organizations that meet best security practices and use products from the technology companies. The partnership follows increasing interest in cyber insurance as a hedge against hacking risks

Insurance 126
article thumbnail

Major Israeli Insurance Company Hacked

Adam Levin

The personal information of thousands of Israeli citizens has been compromised as the result of a cyberattack on Shirbit, a leading insurance company. . The post Major Israeli Insurance Company Hacked appeared first on Adam Levin.

article thumbnail

SMBs and Cyber Insurance – Third Certainty #27

Adam Levin

With the average cost of a data breach exceeding three million dollars, cyber insurance has become a necessity for SMBs. The post SMBs and Cyber Insurance – Third Certainty #27 appeared first on Adam Levin.

article thumbnail

Cyber insurance: A guide for businesses

IT Governance

Cyber threats are so numerous that it’s impossible to prevent security incidents altogether. That’s why they organisations increasingly relying on cyber insurance policies to cover the costs when data breaches and cyber attacks occur. But just how helpful is cyber insurance?

article thumbnail

Cybersecurity Insurance Not Paying for NotPetya Losses

Schneier on Security

This will complicate things: To complicate matters, having cyber insurance might not cover everyone's losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S. I get that $100 million is real money, but the insurance industry needs to figure out how to properly insure commercial networks against this sort of thing. cybersecurity hacking insurance malware ransomware russia war