SoylentNews

AnonTechie writes:

A recent New York Times article ( http://www.nytimes.com/2014/06/09/business/cyberattack-insurance-a-challenge-for-business.html ) touted cyberinsurance as the "fastest-growing niche in the insurance industry today." Nicole Perlroth and Elizabeth Harris report: "After the breach at Target, its profit was cut nearly in half - down 46 percent over the same period the year before - in large part because the breach scared away its customers." These enormous costs to brand reputation make it difficult for companies to get as much cyber risk coverage as they want, and the demand is only growing. The Times cites statistics showing a 21 percent increase in demand for cyber-insurance policies from 2012 to 2013, with total premiums reaching $1.3 billion last year and individual companies able to acquire a maximum of roughly $300 million in coverage.

At the time of its breach, Target had only $100 million in coverage, with a $10 million deductible, and had been turned away by at least one insurer when it tried to acquire more cyberinsurance, Perlroth and Harris report. They suggest that this coverage may fall well short of the massive losses incurred by the company when it saw its profits nearly halved.

But their piece comes less than a month after Eric Chemi argued exactly the opposite about the impact of Target's security breach in a piece for Bloomberg Businessweek titled "Investors Couldn't Care Less About Data Breaches." He wrote:

Consider Target and its own well-publicized data breach that happened back in December. Target's stock didn't really move at all. Investors sent a clear message they didn't care. The stock fell several weeks later, in January, only after the company cut its earnings forecast. Even so, the stock rebounded in the next six weeks. Target shares have been falling since last year, for a lot of reasons unrelated to the data breach.

There is a good essay on cyber-insurance here.