article thumbnail

Insurance Coverage for NotPetya Losses

Schneier on Security

Tarah Wheeler and Josephine Wolff analyze a recent court decision that the NotPetya attacks are not considered an act of war under the wording of Merck’s insurance policy, and that the insurers must pay the $1B+ claim.

Insurance 222
article thumbnail

Insurance and Ransomware

Schneier on Security

Here’s one more contribution to that issue: a research paper that the insurance industry is hurting more than it’s helping. Although it is a societal problem, cyber insurers have received considerable criticism for facilitating ransom payments to cybercriminals.

Insurance 233
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Insurance cover becoming impossible for Cyber Attacks

CyberSecurity Insiders

Insurance companies like Lloyd offer cyber insurance policies that cover a business from facing a business loss during a cyber-attack. However, in coming days, cyber attacks will become uninsurable, as per Mario Greco, the Chief of Zurich Insurance. Insurance cyber insurance

Insurance 108
article thumbnail

CyberSecurity Is Not Enough: Businesses Must Insure Against Cyber Losses

Joseph Steinberg

Ironically, while many larger enterprises purchase insurance to protect themselves against catastrophic levels of hacker-inflicted damages, smaller businesses – whose cyber-risks are far greater than those of their larger counterparts – rarely have adequate (or even any) coverage.

Insurance 279
article thumbnail

13 Important Considerations When Obtaining Cyber Liability Insurance

Joseph Steinberg

Likewise, the complexity of cybersecurity and of evaluating related risks has also translated into many insurance companies seeking to insure only large enterprises – the cost of doing business with small and medium sized business is simply not worth their time.

Insurance 218
article thumbnail

On Cybersecurity Insurance

Schneier on Security

Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Cyber insurance appears to be a weak form of governance at present. However, the cost of external response services is covered, which suggests insurers believe ex-post responses to be more effective than ex-ante mitigation.

Insurance 171
article thumbnail

Merck Wins Insurance Lawsuit re NotPetya Attack

Schneier on Security

The insurance company Ace American has to pay for the losses: On 6th December 2021, the New Jersey Superior Court granted partial summary judgment (attached) in favour of Merck and International Indemnity, declaring that the War or Hostile Acts exclusion was inapplicable to the dispute.

Insurance 159
article thumbnail

Top 8 Cyber Insurance Companies for 2022

eSecurity Planet

That’s where cyber insurance may be able to help. But there’s a catch: Insurers are going to carefully assess your cybersecurity controls before writing any policy, and there are limits to coverage. Cyber Insurance is Booming. Selecting a Cyber Insurer.

article thumbnail

Cyber Insurance and the Attribution Conundrum

Cisco CSR

Most insurance policies already include provisions that exclude the consequences of armed conflict. This forensic capability, how evidence will be gathered and preserved, should be agreed with the insurer. Security attribution cyber insurance state backed threat intelligence

article thumbnail

Cyber-Liability Insurance 101: First Party Vs. Third Party Risks

Joseph Steinberg

Understanding the difference between the two is also essential when seeking to obtain – and when acquiring – cyber-liability insurance. First-party insurance, therefore, typically covers the costs of actions needed after a data breach, extortion, ransomware attack, or other hacker malfeasance.

Insurance 141
article thumbnail

Cybersecurity Insurance

Schneier on Security

Good article about how difficult it is to insure an organization against Internet attacks, and how expensive the insurance is. Typically in insurance we use the past as prediction for the future, and in cyber that's very difficult to do because no two incidents are alike," said Lori Bailey, global head of cyberrisk for the Zurich Insurance Group. In my new book -- out in September -- I write: There are challenges to creating these new insurance products.

Insurance 115
article thumbnail

Cyber War now excluded from Cyber Insurance

CyberSecurity Insiders

For all those companies who are planning to renew their cyber insurance policy or are in a procedure to take one, here’s a piece of information that might interest you. Most of the Cyber Insurance companies have excluded ‘Cyber War’ consequences from their policies.

article thumbnail

Major Israeli Insurance Company Hacked

Adam Levin

The personal information of thousands of Israeli citizens has been compromised as the result of a cyberattack on Shirbit, a leading insurance company. . The post Major Israeli Insurance Company Hacked appeared first on Adam Levin.

Insurance 130
article thumbnail

SMBs and Cyber Insurance – Third Certainty #27

Adam Levin

With the average cost of a data breach exceeding three million dollars, cyber insurance has become a necessity for SMBs. The post SMBs and Cyber Insurance – Third Certainty #27 appeared first on Adam Levin.

article thumbnail

Premium for Cyber Insurance has soared over the past few years

CyberSecurity Insiders

Cyber Insurance premiums are becoming dearer and the reason for such a rise is claimed to be sophistication in attacks that are making mitigation and recovery expensive. Lloyds insurance claims that companies witnessed losses on products between 2018 and 2019 because of ransomware attacks.

article thumbnail

Cybersecurity Insurance Not Paying for NotPetya Losses

Schneier on Security

This will complicate things: To complicate matters, having cyber insurance might not cover everyone's losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S. I get that $100 million is real money, but the insurance industry needs to figure out how to properly insure commercial networks against this sort of thing. cybersecurity hacking insurance malware ransomware russia war

Insurance 165
article thumbnail

Large Insurer Says Cyber Attacks Are Becoming 'Uninsurable'

SecureWorld News

Cyber is the risk to watch, according to a Financial Times article in which insurer Zurich's top executive is quoted. What will become uninsurable is going to be cyber,” said Mario Greco, CEO at Zurich, one of Europe's biggest insurance companies, in the Dec.

article thumbnail

What is not included in a Cyber Insurance Policy

CyberSecurity Insiders

Ever wondered what is covered and what is not in your Cyber Insurance Policy? If not, you better review the guidelines and inform all your C-level employees on strategies to cope with the losses that remain out of the cyber insurance cover. Education cyber insurance

article thumbnail

Lloyd’s excluding nation-state cyber attacks from Cyber Insurance

CyberSecurity Insiders

Lloyd’s London, one of the largest insurance services providers in the world, has disclosed that it is making amendments to its cyber insurance laws that will come into effect from March 2023. All insurance companies exclude the risks inferred from war like situations.

article thumbnail

Demystifying Cyber Insurance: 7 Key Security Controls Every Organization Should Have

Security Boulevard

The post Demystifying Cyber Insurance: 7 Key Security Controls Every Organization Should Have appeared first on Security Boulevard. 7 Key Security Controls Every Organization Should Have. .

article thumbnail

Cyber Insurance Prices Continue to Rise

SecureWorld News

Cyber insurance is a topic that many industry professionals have an opinion on. No matter what side of the debate you land on, one thing is certain: the cost of cyber insurance has been rising for years and will likely continue to do so. cyber insurance rate changes.

article thumbnail

Cyber-Insurance Firms Limit Payouts, Risk Obsolescence

Dark Reading

Businesses need to re-evaluate their cyber-insurance policies as firms like Lloyd's of London continue to add restrictions, including excluding losses related to state-backed cyberattackers

article thumbnail

What is Identity theft Insurance?

Identity IQ

Identity theft insurance is a type of insurance policy that can help victims recover from losses caused by identity theft. It may be offered as a standalone policy, or as a benefit with other types of insurance or identity protection plans.

article thumbnail

What Every MSSP Needs to Know About Cyber Insurance

Security Boulevard

The post What Every MSSP Needs to Know About Cyber Insurance appeared first on Security Boulevard. Cyberlaw Governance, Risk & Compliance Security Bloggers Network Audit Compliance cyber insurance cybersecurity management cybersecurity threats GRC MSSP SaaS

article thumbnail

The Future of Cyber Insurance

Dark Reading

Having cyber insurance is a good idea if the costs make sense — it could be the difference between going out of business and staying afloat. But it shouldn't be your first course of action

article thumbnail

Is it Time to Update Your Cyber Insurance Strategy?

Security Boulevard

In 2021, rethinking your cyber insurance strategy should be a top priority for CISOs and executive leadership. The elevated risk landscape is driving growing demand for cyber insurance: Nearly four out of five organizations. The post Is it Time to Update Your Cyber Insurance Strategy?

article thumbnail

What Is Cyber Liability Insurance?

Security Boulevard

In the face of mounting cyber attacks, many organizations look to mitigate their risk through insurance. But what is cyber liability insurance exactly? The post What Is Cyber Liability Insurance? The post What Is Cyber Liability Insurance?

article thumbnail

MFA Will Not Save the Insurance Industry

IT Security Guru

Most cybersecurity experts and the cyber insurance industry are telling everyone to get MFA. Unfortunately, the insurance industry and their customers are going to learn that using ANY MFA is not going to be as helpful in reducing risk as they thought.

article thumbnail

Software provider denied insurance payout after ransomware attack

Malwarebytes

The Supreme Court of Ohio issued a ruling days before the New Year that a software and service provider shouldn't be covered by insurance against a ransomware attack as it didn't cause direct or physical harm to tangible components of software, as it doesn’t have any.

article thumbnail

Cyber-Insurance Fail: Most Businesses Lack Ransomware Coverage

Dark Reading

Even among businesses with cyber insurance, they lack coverage for basic costs of many cyberattacks, according to a BlackBerry survey

article thumbnail

Re-Focusing Cyber Insurance with Security Validation

The Hacker News

The rise in the costs of data breaches, ransomware, and other cyber attacks leads to rising cyber insurance premiums and more limited cyber insurance coverage. This cyber insurance situation increases risks for organizations struggling to find coverage or facing steep increases.

article thumbnail

NY Department of Financial Services Issues Cyber Fraud Alert to Auto Insurers

Hot for Security

The New York Department of Financial Services (NYDFS) has issued an alert to instant-quote websites, particularly car insurers, warning of a growing campaign to steal nonpublic information (NPI).

article thumbnail

Insurance company says it will no longer cover state funded Cyber Attacks

CyberSecurity Insiders

Lloyd’s of London Insurance, simply known as Lloyd’s Insurance, has released a media update that it will no longer cover losses that were incurred because of cyber wars among nations. Cyber Attack Lloyds cyber insurance

Insurance 114
article thumbnail

How Cyber Insurance Drives DevSecOps

Security Boulevard

The costs and impacts of the SolarWinds breach were a wakeup call for third-party software vendors and their insurers. Insurers are aware that third-party software is being targeted, which is driving up insurance rates, says Rob Beeler, CTO and cofounder of Trava Security.

article thumbnail

Identity Verification in Insurance: ID checks & Face Match

Security Boulevard

According to a recent study, 44% of those between the ages of 18 and 29 who had insurance […]. The post Identity Verification in Insurance: ID checks & Face Match appeared first on Security Boulevard. Policyholders prefer a digital style of interaction over a physical one.

article thumbnail

Next CISO headache: Vendor cyber insurance

CyberSecurity Insiders

Cyber insurance coverage? The many breaches and the dollar judgements handed down make cyber insurance another costly operating investment. Typically, a corporation’s top tier of vendors has some form of cyber insurance. Through the roof these days.

article thumbnail

Action Fraud Warns of Ongoing UK National Insurance Scam

Hot for Security

The UK’s National Fraud & Cyber Crime Reporting Center (Action Fraud) is warning citizens about a National Insurance scam targeting their personally identifiable information (PII).

article thumbnail

BazarCall Ransomware warning to all insurance firms

CyberSecurity Insiders

A Ransomware called BazarCall seems to target Insurance agents and clients and so Insurance specialist CFC has issued a warning to the companies into similar business and operating across the globe to step-up their defense-line against malware attacks, by proactively taking adequate measures.

article thumbnail

Lloyd’s to end insurance coverage for state cyber attacks

Javvad Malik

Lloyds of London has told its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels or risk. Knowing how most other forms of insurance works, the burden of proof may lie on the victim to prove that the attack wasn’t a nation state attacker. Hmm so where do we begin to unpack this one? Attribution is never easy, even in the best of times.

Insurance 130
article thumbnail

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

Krebs on Security

A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S.

Insurance 285
article thumbnail

Why cybersecurity insurance may be worth the cost

Tech Republic Security

Cybersecurity insurance can compensate you in the event of a cyberattack. But how do you determine the right policy for your needs

Insurance 169
article thumbnail

The Role of Security Frameworks in Determining Cyber Insurance Risks | Apptega

Security Boulevard

Will NYDFS’s Cyber Insurance Framework Set a Precedent for the Cyber Insurance Industry? The post The Role of Security Frameworks in Determining Cyber Insurance Risks | Apptega appeared first on Security Boulevard.

article thumbnail

What to consider when shopping for cyber insurance

Tech Republic Security

Cyber insurance is gaining favor in the business world. An expert offers tips on how to get what's needed for the best price