Posts

Ransomware, Data Theft, Hacking? Consider Cyber Insurance

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Cyber insurance is tricky because it focuses on intangible data. How do you value that and then insure potential risk? But in today’s world, it’s worth considering.

BOSTON – Most people have car insurance, life insurance, health insurance and even pet insurance. But how many people do you know that have cyber insurance?

I know, it sounds a bit like a scam, like flood insurance in the desert, but cyber insurance is a sound, practical concept that most, if not all, businesses should be investing in regardless of size.

Cyber insurance is a specialty insurance designed to protect businesses and their employees from internet-based risks and dangers. This can also include risks related to IT infrastructure, privacy and other tangential issues.

Considering how widespread the use of the internet is among businesses these days, and how much risk there is involved with doing business over the internet, it’s surprising that the cyber insurance market has stayed relatively small. I don’t know that I’ve ever seen a commercial or advertisement for it.

Cyber insurance can cover a host of dangers including lost or extorted data, thefts and hacking; it can also provide companies with liability in the event that their customers are adversely affected by a cyber-attack.

For larger companies, particularly companies that store their customers sensitive data, cyber insurance provides a sense of security in the event of a data breach. Insurance companies can provide a platform from which to recover from a massive loss. Of course, in an ideal world, such a loss would be prevented in the first place. But reality is much more complicated and having cyber insurance can come in handy when an attack inevitably does occur.

Of course, cyber insurance only exists because insurance companies have not caught up with the times. While a normal business insurer might protect against physical damage such as fires or loss from theft, they normally do not cover losses or destruction caused virtually. Cyber insurance companies arose to fill the gap.

One of the issues that arises is that it can be difficult to determine risk with the internet. And it’s the same for value. Is a customer’s name…

Source…

Cyber insurance market encounters ‘crisis moment’ as ransomware costs pile up

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Written by Tim Starks

It’s a sure sign of trouble when leading insurance industry executives are worried about their own prices going up.

Two separate CEOs of major insurance giants remarked in recent weeks about a considerable jump in cyber insurance premium prices: AIG’s chief executive said rates increased by 40% for its clients, while Chubb’s chief executive said that company was charging more, too.

Rather than welcoming the trend, Chubb CEO Evan Greenberg offered a warning. Those price increases, he said, still don’t reflect the grave risk that a catastrophic cyber event poses. “That is not addressing by itself the fundamental issue,” he said.

Those are just two data points about how, in the past year, the evolution of ransomware has radically altered the landscape of cyber insurance, according to analysts inside and outside the industry. Cyber insurance covers a range of ransomware-related costs, like extortion demands, remediation efforts and other losses.

Ransomware now accounts for 75% of all cyber insurance claims, up from 55% in 2016, according to the credit ratings agency AM Best. The percentage increase in claims is outpacing that of premiums, said a June report which concluded that “the prospects for the cyber insurance market are grim.” Fitch Ratings in April found that the ratio of losses to premiums earned was at 73% last year, jeopardizing the profitability of the industry.

A lack of profitability could lead to yet more premium increases, insurers fleeing the cyber insurance market or policyholders receiving more limited coverage. Problems in the cyber insurance marketplace stand to limit its ability to be a force for effective data protection techniques in the wider private sector, as clients look to insurers for guidance on specific security tools and measures.

“For the cyber insurance market, we are in the very first and most pivotal challenge that we’ve ever had,” said Michael Phillips, chief claims officer for Resilience. “This is our crisis moment.”

There’s less agreement about what could turn things around. Some changes are underway, with…

Source…

The cost of cyber insurance increased 32% last year and shows no signs of easing • The Register

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


The cost of insurance to protect businesses and organisations against the ever-increasing threat of cybercrimes has soared by a third in the last year, according to international insurance brokers Howden.

It found that global cyber insurance pricing has increased by an average of 32 per cent in the year to June.

Not only are premiums going through the roof, insurers are also attaching more strings to their policies, demanding ever more assurances that firms taking out cover have the necessary systems and processes in place to prevent a cyber mishap.

According to Howden’s Cyber Insurance: A Hard Reset the upward squeeze on premiums shows no sign of easing, which, in turn, is putting more strain on the sector.

Shay Simkin, Global Head of Cyber at Howden, said: “The cyber insurance market is currently driven by a demand and supply imbalance which shows no sign of relenting any time soon. Claims are up, capacity is down, and underwriting profitability is, at best, under pressure.

“The impact on insurance buyers is stark; the importance of being prepared for a cyber attack has never been clearer.”

Last week, a report by the Royal United Services Institute (RUSI) – Cyber Insurance and the Cyber Security Challenge – warned that the spike in ransomware attacks had led to some insurers wondering if they should pull out of the market.

There are also concerns that firms are relying too heavily on their insurers to pay out in the event of an attack to get their data back – an approach that makes insurers nervous, adding to the current squeeze.

Jason Nurse, a senior Lecturer in cybersecurity at the University of Kent and co-author of the report, told The Register: “I think, based on what we’ve found, cyber insurance is not that silver bullet that maybe people were hoping or thought it was.”

It seems no one is immune from cyber villains…

Source…

California city officials hid 2018 cyber attack, used insurance to pay $65K ransom to hackers – East Bay Times

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


In the aftermath of a disclosure that sensitive Azusa Police Department records had been hacked by criminals, city officials now acknowledge they experienced another costly ransomware attack that they hid from the public for nearly two years.

In the fall of 2018, the city, through its cybersecurity insurance carrier, paid $65,000 ransom to an unknown hacker organization to regain control of 10 data servers at the Police Department, Azusa City Manager Sergio Gonzalez said Thursday.

“We were able to unlock one server after the ransom was paid but immediately after found a free key to unlock all other locked servers,” Gonzalez said in an email. “No information was compromised. Our servers were just locked. We verified with forensic experts that no data was compromised. That’s essentially why we did not and were not required to report it (publicly).”

The 2018 breach apparently was caused by a virus unleashed after a city employee opened an email or link.

Forensic experts cleaned, wiped and restored the servers before putting them back online. Additionally, city employees received computer security training and updates to software and virus protections were provided.

History of hacks

However, those precautions didn’t prevent the most recent cyber attack at the Police Department, which was discovered March 9 and reported publicly May 27.

That attack was perpetrated by DoppelPaymer, a notorious and shadowy ransomware gang known for extorting victims and then posting their sensitive information on the dark web if the ransom isn’t paid. It is among several rogue hacker groups that have been blamed for recent attacks crippling industries in the U.S. and abroad, including Georgia-based Colonial Pipeline and JBS S.A., the largest meat producer in the world.

DoppelPaymer demanded 10.33 bitcoin, and then raised the ransom to 15.5 bitcoin, which at the time was about $800,000, Gonzalez said.

“In consultation with incident response partners, including federal law enforcement, the department ultimately declined to participate in any ransom payment,” said Gonzalez, adding he could not disclose the type of information that was compromised due to an ongoing criminal…

Source…