#CyberFLASH: One in five risk managers surveyed not sure whether their cyber insurance policy covers data in cloud servers

keyboard

Four in five risk managers surveyed said their company has a stand-alone cyber insurance policy, though only three in four reported their policy covers network/business interruption, Risk and Insurance Management Society Inc. said in the 2016 RIMS Cyber Survey, released Monday.

There were 272 respondents to the survey, which was distributed to RIMS members via an Internet link, and was “in field between August 8 and September 9, 2016.”

When asked whether their company has a “stand-alone cyber insurance policy,” 80% of respondents said yes, 19.5% said no and 0.5% said they were not sure.

Respondents were asked whether their organization’s cyber insurance extends to data stored in cloud servers. More than two-thirds (69%) said yes, 9% said no and 22% said they were not sure.

RIMS also asked members which losses were included in their cyber insurance policies. More than nine in 10 (91%) said breach notification costs. About one in four (27%) said theft of trade secrets; 80% said data recovery; 50% said professional liability; 76% said network/business interruption; 78% cyber extortion and 63% said fines and penalties.

Read more here

#CyberFLASH: University of Calgary calls cyber insurance invaluable

computer-laptop-keyboard-852The University of Calgary is urging other institutions to purchase cyber insurance, saying in their case, it has paid off.

Officials dissected a recent malware attack, the school’s response — and the changes they’ve made — at a well-attended campus town hall Friday afternoon.

Linda Dalgetty, vice president of finance and services, says the school bought cyber insurance last year and although it didn’t cover the $20,000 ransom the school paid, it was invaluable in other ways.

“In fact one of my messages coming out of this to my peers, both in Alberta and across Canada, is this is a good thing for you to have,” Dalgetty said.

“And again not just becasue it’s that monetary recovery, it’s the value that we had from helping us going through a difficult time with this malware crisis.”

She says the insurance came in handy hours after the school bought it.

“It was quite interesting, we made the decision to buy it, it went live on I think a Friday morning at 12:01 a.m., and our first phishing attack was at 2 a.m. that day, so it was very coincidental,” she explained.

Read more here

#CyberFLASH: Cybersecurity and M&A – Part Three: Cyber Insurance

10712553Cyber Insurance Coverage

An important preliminary note on cyber insurance is that cyber insurance is often confused with technology errors and omissions insurance (commonly called “Tech E&O” insurance). Tech E&O insurance protects providers of technology services or products, such as software designers and manufacturers, whereas cyber insurance protects consumers of those products and services.4

Generally, cyber insurance is divided into first party coverage protecting the policyholder, and third party coverage protecting from third party claims against the policyholder.

First party policies may cover:

  • the costs associated with investigating the scope of the breach and taking steps to mitigate against the damage caused by the breach;
  • the costs of providing notice to individuals whose identifying information was compromised;
  • public relations services to counteract the negative publicity that can be associated with a data investigation;
  • the costs of responding to government investigations;
  • the costs of replacing damaged hardware or software, or remediating existing systems;
  • legal costs and other related expenses, such as regulatory fines;
  • the costs of responding to parties vandalizing the company’s electronic data; and
  • business interruption costs

On the other hand, third party policies may cover claims:

  • for permitting access to identifying information of customers;
  • emanating from the impacts which a security breach may have on a third-party system;
  • for transmitting a computer virus or malware to a third-party customer or business partner;
  • for failing to notify a third party of their rights under the relevant regulations in the event of a security breach; and
  • for potential “advertising injury,” i.e., harms through the use of electronic media, such as unauthorized use or infringement of copyrighted material, as well as libel, slander, and defamation claims.

Read more here

#CyberFLASH: Security predictions 2016: More ransomware, tougher cyber insurance

image-2Twelve months ago when I became ITWorldCanada.com’s contributing writer on cybersecurity the state of things was pretty bleak: 2014 marked another record year of data breaches, there was no miracle technology that would seal the cracks in an enterprise and every expert was predicting attackers would find new ways to get around defences.

As I look ahead to 2016 every expert I talk to says attacks will continue to find new ways of getting around defences, there’s no miracle technology coming that will seal the cracks in an enterprise and it will probably be another record year of data breaches.

In the face of that what’s a CISO to do?

For one thing, continue sealing the cracks in the enterprise the old-fashioned way: Security awareness training, using two-factor authentication wherever possible, network segmentation, limiting the number of people with administration privileges and access to sensitive data, patching, increase spending on intrusion detection and prevention (including analytics), be part of a threat intelligence (either formally by buying a service, or informally with colleagues) and solid backup and restore. On top of that, have a tested disaster recovery plan.

In addition, be aware of certain trends experts say will mark 2016 as different from the year before. Here’s some of them:

–The evolution of technology means IT departments more than ever have to understand what business units want, and then propose secure ways of doing it, says Bob Hansmann, director of security analysis and strategy Ratheon Websense security labs.

Read more here

#CyberFLASH: Canadian companies turning to cyber insurance in wake of high-profile hacks

typing-image-genericTORONTO – In the wake of the Ashley Madison hack and other high-profile data breaches, Canadian companies are turning to so-called cyber insurance to protect themselves from the fallout of data leaks.

In July, adultery website Ashley Madison made headlines after hackers broke in to the company’s network and leaked customers’ personal information, including their messages to other members and sensitive financial data.

The ensuing class-action lawsuit – and founder and CEO Noel Biderman’s decision to step down in late August – were the latest in a series of incidents that experts say represent a wake-up call for executives about the real-world consequences of digital vulnerabilities.

Duncan Stewart, director of technology research at Deloitte, said the past year has seen a surge in awareness about cyberattacks, and companies are turning to insurers to prepare for what seems an inevitability in an increasingly interconnected world.

“The number of attacks are rising, the severity is rising, and when they come, they’re more difficult to deal with,” he said.

There is no legal requirement for companies to report a hack in Canada, making the true number difficult to determine, but security company Websense said in August 2014 that 36 per cent of Canadian businesses had observed a breach in their IT security last 12 months.

In a KPMG survey of Canadian property insurance executives, data security even beat out unexpected catastrophic events as the third-biggest risk facing Canadian companies in 2015 after regulatory burdens and low interest rates.

Read more here

Demand soars for insurance against cyber attacks in Canada

2013-04-28T030116Z_1_CDEE93R08E600_RTROPTP_3_DUTCH-INTERNET-CYBER-ATTACK-ARREST_original

Insurance brokers say the frequency of high-profile data breaches is causing a surge in demand for insurance products that protect against losses stemming from cyber attacks.

A breach can be costly. Companies face notifying clients that their personal information has been compromised, offering credit protection services, hiring a crisis management firm and defending against lawsuits.

“This is the fastest growing area of commercial insurance in the world right now,” said Michael Peterson, a managing director at Marsh Canada Limited.

“Organizations are realizing that the risk is real, that they’re not quite as secure as they thought and, therefore, they’re taking steps to transfer that exposure to insurance companies.”

Brokers, like Aon and Marsh, estimate there are about two dozen Canadian insurers who provide stand-alone cyber network policies. Most of these underwriters provide cafeteria-style policies, in which clients can pick which losses they want to protect against.

Read more on CityNews

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.