Home' LAPTOP Magazine : October 2011 Contents CyberinsuranCe:
What you need to KnoW
Are you protected from hackers and data breaches?
by Joann Fan
Imagine: Your company’s security fails. You’ve
been hacked. Credit cards, bank account num-
bers, addresses, and employee names are now
in the hands of strangers, ready to be spread to the
rest of the Internet or be sold to spambots.
What do you do?
Unless you have planned ahead, you’re panick-
ing and gearing up for expensive damage control.
But if you’ve properly prepared, your first step is to
call your cyberinsurance provider.
What Is Cyberinsurance?
Cyberinsurance is a growing segment of the insur-
ance market, and it helps companies avoid huge
losses incurred from database security breaches.
With so much money and personal information
exchanged through and stored on the Internet
every day, cybercrime cannot be ignored. Small
businesses especially are considered by many
organized criminal groups to be easy targets with
low risk and high payoffs.
Wrap your head around these numbers: The
median cost of managing cybercrime for companies
per year has gone from $3.8 million in 2010 to
$5.9 million this year, according to a recent study
by the Ponemon Institute. Those costs included
money spent on security investigations, loss of
productivity, software upgrades, and the value of
stolen intellectual property.
Individual information security is available from
such providers as Chubb & Son and InsureTrust,
potentially protecting you from such crimes as
identity theft. However, the most high-profile and
expensive cases of cyber attacks are directed toward
companies, such as those recently perpetrated
against Citigroup, Google, and Sony.
The PlayStation Effect
Following the well-publicized breaches of Sony’s
PlayStation Network earlier this year, insurance
carriers had a field day. Interest in information
security skyrocketed, and for good reason. The
attack on Sony revealed the information of more
than 70 million user accounts and cost the company
more than $2 billion.
Even your bank is a target. When the hacker group
LulzSec broke into Citibank’s system, about 1 percent
(200,000 accounts) of the company’s clients had
account numbers and addresses exposed.
AON, an insurance brokerage company that works
for both Citigroup and Sony, offers coverage to many
other global corporations as well. In 2008, only about
1.5 out of every 10 of AON’s clients was interested
in or in the process of buying cyberinsurance, said
Kevin Kalinich, national managing director for cyber
liability. This year, that number has jumped to 4.2
out of every 10. Interest spikes drastically after every
major incident, Kalinich explains.
Most small businesses don’t have the resources
to recover from a data security breach alone, and
that’s where cyberinsurance kicks in.
What Is Covered
Many insurance companies have a good grasp on
how to provide protection, but trying to figure out
how to quantify losses incurred from a breach is
an inexact science. Downtime, informing users
of a security risk, protection against libel, and
slander accusations all cost money, and not all
companies—especially small businesses—
have the income to cover it. Depending on the
policy, most cyberinsurance should cover the
following key areas.
• Privacy and security liability relates to writing
notices and paying clients for any losses that might
have been incurred.
• Companies are required to notify their custom-
ers of a data security breach in most states.
• Because of these regulations, every major
security breach is a PR disaster. But by working
closely with the company as well as its custom-
ers, an insurance provider can help to mitigate
the damage. Spinning the news, containing the
damage, and trying to repair it fall under crisis
• Data loss and network system damage cover-
age kicks in when systems have been compromised
or damaged. Replacing hardware and recovering
files and data can be expensive. Insurance would
• After a security breach, a database may be
out of commission for a few days, and service to
consumers will also be affected. Coverage for
business interruption, including DDoS attacks, is
Laptop | october 2011
Links Archive September 2011 November 2011 Navigation Previous Page Next Page