Escolar Documentos
Profissional Documentos
Cultura Documentos
Cyberinsurance
3/27/17
By: Tim Latimer
Overview
Cyberbreaches threaten any individual or company with internet access on any device.
Cyberinsurance is available to mitigate the risk and loses associated with a cyberbreach.
Employee Records, customer information, trademarks, patents and private financial records can
be compromised by a hacker or employee error. These records can include social security
numbers, banking information, credit card numbers, addresses, credit scores and even medical
records. Any private, competitive information or trade secrets that your company has can also be
compromised. These records can be very expensive to recover, especially when financial
information is stolen. Cyberinsurance covers most of the costs associated with a cyberbreach.
Cyberinsurance covers loses due to a cyber or data breach, whether it is done by an employee or
an outside individual.
Cyberbreaches
viewed by an unauthorized person. Cyberbreaches most commonly occur over the internet due to
poor security on a companys server or individual computers. However, there are countless ways
1
Email servers and accounts are commonly used by hackers to reach private information.
It has become very easy for hackers to breach servers via email. Hackers can send a fake link
employee opens the link, the hacker has successfully breached the system and has most likely
broken past any firewalls designed to keep intruders out. It is very difficult to tell whether an
email is real or fake, therefore proper spam filters and firewalls must be in place to prevent such
attacks.
employees or a simple error made by an employee with access to a companys system can be
very dangerous. It is much harder to stop a breach from inside the company, especially if the
employee has unlimited access. Internal passwords and extensive server protection is vital to
prevent such a breach. Unfortunately, this has become a common form of a systems breach.
Cyberbreaches are usually criminal related, meaning the records are breached for the sole
purpose of sale or trade. Credit card information, social security numbers, and even medical
records are very valuable to criminals on the black market, also known as the dark web.
The deep web, also known as the dark web, is a part of the internet that is not
accessible by common search engines such as Google or Mozilla Firefox. Many times, stolen
records are traded or sold via use of the dark web. Much of the activity of the deep web is illegal
or used to share proprietary information between two parties. The total activity on the dark web
is unknown, but it is predicted that the dark web is 100 times larger than the surface web, even
though there are significantly fewer users. Algorithms and automated systems allow these skilled
computer users to transfer massive amounts of data with very little effort.
2
Some countries, including the USA and China, have engaged in cyberwarfare, where one
government breaches the other, sometimes without that government even knowing. The
Pentagon reports handling roughly 10 Million attempted breaches a day, from other governments
and individual hackers or groups. An executive order was signed on January 31, 2017 that
addressed the current cyberwarfare between foreign governments. The order instructed an audit
of several federal agencies cyber capabilities. It also seeks private sector input to help protect
the US government infrastructure and reviews the current methods to prevent attacks and
mitigate damage. The order also provides incentives to the private sector to help adopt stronger
Who is at risk?
weak. Skilled hackers can easily navigate around commonly used firewalls and reach nearly any
document on a companys network or server. Startup companies with low budget security are at
extreme risk of being breached. Poor security allows hackers to get valuable information with
very little effort. Startups are a target for hackers when trade secrets are involved in the
foundation of the company. Companies with less than $1 million in annual revenue accounted for
a majority of the breaches in 2016. Large companies account for only 20% of cyber breaches
worldwide. Larger companies tend to have IT departments that use very complex methods of
internet security. Some of these methods include Cloud Flare or Bitdefender. Cloud Flare creates
a maze like structure on a network or server that forces hackers in the wrong direction in order to
software that can be installed to protect proprietary information from hackers or even employees.
3
There are very few personal or private breaches reported, annually. Many times, this is
due to a lack of awareness. It is difficult to know if you have been hacked without the proper
software and knowledge of computer systems. Private individuals are also less of a target for
hackers because they will only get records for that individual, whereas companies hold large
quantities of data for employees and customers. However, it is extremely easy for hackers to
breach individuals, therefore, high profile individuals may become a target for hackers.
There have been many high-profile breaches. In 2012, hackers across the globe secured
$11.5 Billion, cumulative. In 2013 alone hackers stole $40 million from ATMs from many
different banks, located across the country. Adobe was breached in 2013 and lost nearly 3 million
records. Sony was breached in 2015 and millions of personal customer documents were
compromised, costing Sony roughly $200 Million. In 2016, the average cost of a lost record
In 2013, it was estimated that 24,800 American health records were exposed, per day. In
2014, Community Health Systems (CHS) lost 4.5 million social security numbers and addresses.
CHS operates 206 hospitals across 29 states. In 2014 alone, 6 million Americans had patient
records breached. The average cost of a health record was $355 in 2015.
Cyberbreaches have become increasingly common and have led to millions of dollars of
loses for publicly and privately held companies alike. The Securities and Exchange Commission
(SEC) has increased regulation to force publicly traded companies to notify the public of any
breach that occurs and what information was lost. However, privately held companies have no
legal obligation to disclose that a breach occurred, unless specific customer information has been
stolen or compromised. In this case, the company is only responsible for notifying and
indemnifying that customer or customers. Notification, credit monitoring and recovering lost
4
documents can be extremely costly. Cyberinsurance is a way to mitigate the large losses that can
Cyberinsurance
protect them from crippling costs, post cyberbreach. One major breach can cost a company
millions of dollars, and for smaller companies, this may mean closing shop. Cyberinsurance is
activated when a hacker or employee takes proprietary information from the insured company.
There are many types of losses that cyberinsurance covers. This broad and important coverage
has already saved numerous companies millions of dollars. A breach can be costly to an
insurance company, but the structure of their business allows insurance companies to sustain
loss, computer fraud, notification, credit monitoring, funds transfer fraud and cyber extortion.
Business interruption covers any losses associated with normal business functions being slowed
or halted after a breach. Data loss covers the cost to recover lost data or records. Computer fraud
covers any loss associated with the unauthorized use of a company computer. Notification cost
covers the cost to notify a customer or employee if their records are compromised and provides
credit monitoring for that client. Funds transfer covers any unauthorized fund transfer to or from
your business. Cyber extortion covers the cost to recover records that are being held for ransom
by a hacker.
In 2016, the average cost of a data breach for a medium sized company was between $3.8
Million and $4 Million. The likelihood of a breach of more than 10,000 records occurring is
5
roughly 26%, according the Ponemon Institute in 2015. It is estimated that the cost of a breach is
only reduced by $16 a record when a company employs response teams and utilizes proper
record encryption methods. On average, it takes companies 201 days to identify that a breach has
occurred. It takes an additional 70 days to contain the breach. This amount of time can cost a
In 2012, only 1/3 of global companies surveyed by a research group, Advisen, had
purchased cyber insurance. In 2013, $1.3 Billion of cyber insurance had been purchased, up 50%
from 2012. In 2013, cyber breaches cost insurers $7.5 million, on average. In 2014, the total
standardize cyber insurance on all their policies to ensure that their clients will be covered for
any loss related to a cyberbreach. In 2016, Advisen estimates that the cyberinsurance market
reached roughly $3 billion in premium. 79% of insurance companies in 2016 report that they
The risk of a cyberbreach occurring has nearly tripled since 2012 and the costs after a
breach have doubled in the same time. With increasing risk, companies and insurers, alike, have
begun investing more time and money in the cyberinsurance market. Premiums will continue to
increase and losses will continue to pile on. While protecting your clients information should
always be a companys priority, cyberinsurance has become an excellent way to reduce the losses