I attended a risk workshop at the Institute of Directors in London recently where we discussed cyber risk. At a high level, calculating risk is quite easy. Just look at probability x impact. For cyber the challenge is that many businesses don't understand either the impact of a breach, nor the likelihood of it occurring...: [...] For example, despite the enormous financial implications of data breaches and other security incidents, many organizations still have a poor unders
The insurance markets are prepared for a major loss from the Marriott breach...: As details continue to emerge from last week’s announcement of a major cyber hack and resulting data breach of one of the Marriott hotel chain’s reservation systems, expectations of a significant cyber insurance and possibly reinsurance market loss has prompted Property Claim Services (PCS) to designate the event. Reinsurance News was the first to reveal that the market had been bracing itsel
Think you're covered? Time to check with a specialist broker that your risks are actually covered by insurance...: A federal court in Florida recently adopted the now well-developed consensus that data breach losses are not covered under standard Commercial General Liability (CGL) policies. As the Department of Homeland Security’s officially designated 15th annual Cybersecurity Awareness Month comes to a close, the case stands as yet another stark warning that companies of a
Maybe we will eventually get to a situation like motor vehicles where (almost) everyone has insurance but you can reduce your premiums by becoming an 'advanced driver'...: [...] Zurich Insurance has released the eighth annual Advisen cyber survey revealing the current state of and trends in information security and cyber liability risk management. The findings indicate a growing reliance on cyber insurance. The percentage of companies that purchase cyber insurance, either vi
It's definitely a nasty place for small businesses without some form of cyber security expertise. Hiscox suggest outsourcing some of the risk via insurance...: “Cyber” is no longer just a buzzword, that much we know, but how clear of a picture do we have of the risk, especially for small businesses in the UK? Specialist global insurer Hiscox went ahead and examined the frequency of cyberattacks, and it turns out they take place by the thousand on a daily basis. The number
Worth reading before you get or renew your cyber risk cover...: New guidance to help businesses understand and discuss their cyber insurance needs with insurers and intermediaries has been published by a group of European industry bodies and insurers. The guide (28-page / 4.3MB PDF) has been described as "the first of its kind" by the authors, which include Insurance Europe, the Federation of European Risk Management Associations (FERMA) and the Europe...
Given the 'China' supply chain debate going on at the moment, it's time to remind ourselves that fourth-party risk isn't specifically covered by most cyber insurance...: One of the biggest risks to data security is lack of vendor (third party) and vendor subcontractor (fourth party) management. Companies can mitigate ever-increasing vendor data security risk through the purchase of appropriate cyber insurance coupled with well-thought-out due di...
Note the plea at the end to engage with advisors that understand the complexities and the insurance cover. Even better, why not engage with an insurance company that understands cyber risk?...: Cyber incidents can take many forms—phishing, insider theft, SQL injection, malware, denial of service, session hijacking, credential farming, or just old fashion “hacking.” Although many of these attack vectors employ technical knowledge, some utilize deception to manipulate individu
There are two strands to this story. First is the realisation in the U.S. that GDPR brings increased regulatory risk, the second is more interesting. It is to cover risks associated with events not directly under the control of the insured. Imagine getting 50% of your customers asking you to delete their data because of a breach at, say, Facebook...: COLORADO SPRINGS, Colorado — Zurich Insurance Group Ltd. is launching a cyber policy form that includes network security monit
Will it take 200 years before we have general protection from the state? My personal experience is that reporting a cybercrime to the authorities (through Action Fraud) is a record-keeping exercise, nothing else...: A quick history lesson for you. Earlier this month, we commemorated the 352nd anniversary of the Great Fire of London, which destroyed 13,200 homes, as well as St Paul’s Cathedral. The giant Monument is a stone’s throw from the City A.M. offices. The fire blaz