SoylentNews is people
SoylentNews
from the I-thought-insurance-was-always-a-mess dept.
A recent New York Times article ( http://www.nytimes.com/2014/06/09/business/cyberattack-insurance-a-challenge-for-business.html ) touted cyberinsurance as the "fastest-growing niche in the insurance industry today." Nicole Perlroth and Elizabeth Harris report: "After the breach at Target, its profit was cut nearly in half - down 46 percent over the same period the year before - in large part because the breach scared away its customers." These enormous costs to brand reputation make it difficult for companies to get as much cyber risk coverage as they want, and the demand is only growing. The Times cites statistics showing a 21 percent increase in demand for cyber-insurance policies from 2012 to 2013, with total premiums reaching $1.3 billion last year and individual companies able to acquire a maximum of roughly $300 million in coverage.
At the time of its breach, Target had only $100 million in coverage, with a $10 million deductible, and had been turned away by at least one insurer when it tried to acquire more cyberinsurance, Perlroth and Harris report. They suggest that this coverage may fall well short of the massive losses incurred by the company when it saw its profits nearly halved.
But their piece comes less than a month after Eric Chemi argued exactly the opposite about the impact of Target's security breach in a piece for Bloomberg Businessweek titled "Investors Couldn't Care Less About Data Breaches." He wrote:
Consider Target and its own well-publicized data breach that happened back in December. Target's stock didn't really move at all. Investors sent a clear message they didn't care. The stock fell several weeks later, in January, only after the company cut its earnings forecast. Even so, the stock rebounded in the next six weeks. Target shares have been falling since last year, for a lot of reasons unrelated to the data breach.
There is a good essay on cyber-insurance here.
(Score: 2, Interesting) by Horse With Stripes on Wednesday June 18 2014, @07:07PM
They need to spend money on both, and my clients do.
One of my clients, who has $ millions worth of PII & PHI (at current market prices), needs cyber insurance to protect against any lawsuits just in case they have some type of breach. It could be external, internal, physical break in, etc. They still spend good money on security assessments, pen tests, software, me, training, etc as well as securing their facility.
All it takes is one failure by an employee (opening an attachment, clicking on a link, stumbling upon an infected ad, etc). On our end of things we need to stop each and every possibility and/or attempt. The bad guys only need to get it right once. Just once. The cyber insurance is there if any one of the humans involved in all of this actually turns out to be human.
(Score: 2) by VLM on Wednesday June 18 2014, @08:28PM
I am not a crook, but just sayin, that if I was, like the day after I get my 5 figures of bitcoin from my Russian friends or my 31 mail order brides arrive in the UPS truck or whatever deal I've worked out with them, I'd probably go to great effort to cover up my freelancing by
"(opening an attachment, clicking on a link, stumbling upon an infected ad, etc)."
And I'm guessing if the firewall is too tight, well, I might have to plug a HVAC system into the secured LAN, or something like that.
"Geeze boss really sorry the entire credit card collection got stolen when my car window was smashed, what terrible luck" That sort of thing.
Just sayin. I suspect when you hear a story about someone behaving in a way too stupid to imagine, they're probably not stupid at all. And now they're probably rich, even if no one knows it publicly. So be nice to them.
(Score: 2) by EvilJim on Thursday June 19 2014, @02:38AM
Those russian brides are a scam, I ordered one, found her dead in the crate with a stack of heroin addressed to someone else and the cops want to charge ME with importing a controlled substance... bah, never again.