- News & Events
July 31, 2013
If Jerry Seinfeld were doing a routine on cyberinsurance, it might go something like this:
What’s the deal with cyberinsurance?
But cyberinsurance only protects an enterprise if an enterprise is not protected.
(Okay, so we won’t give up our day job.)
Anyway, cyberinsurance may not say as much about the creation of a new industry as it does about the burgeoning growth in cybercrime.
An article on the Canadian website, cbc.ca details how cyberinsurance went from a hard sell to beating off customers with a stick. “When Brian Rosebaum started pitching cyberinsurance to companies in 2006, he was met with blank stares from risk managers and resistance from information technology experts, who insisted their networks were impenetrable.
“All of that has changed in the past year and a half,” said Rosebaum, who heads the cyberinsurance division of Aon Corp.’s Canadian brokerage arm. “We’ve reached a threshold where people are now coming to us instead of us going to them.”
This sea change in attitude has come as a result of the high frequency of high-profile breaches. One reported in a recent ThreatMetrix blog involved five Russians and Ukrainians being charged with stealing 160 million credit and debit card numbers from companies that included 7-Eleven Inc. and JC Penney. This was, incidentally, the biggest data breach in the U.S. — to date.
The financial cost of a successful breach is the reason companies are looking at cyberinsurance. Not only is there the cost of the breach itself, there are many collateral expenses. There’s damage to the brand name, hiring a crisis management team and defending against lawsuits. What this has meant to the Aon brokerage is that the company has placed more cyberinsurance policies in the last eighteen months than in the previous five years!
Marsh Inc, another global insurance broker, reports that the number of organizations buying cyberinsurance in the United States has jumped 33 percent from 2011 to 2012. “This is the fastest growing area of commercial insurance in the world right now,” said Michael Peterson, a managing director of Marsh Canada Limited. “Organizations are realizing that the risk is real, that they’re not quite as secure as they thought and, therefore, they’re taking steps to transfer that exposure to insurance companies.”
The cbc.ca article notes, “Brokers, like Aon and Marsh, estimate there are about two dozen Canadian insurers who provide stand-alone cyber network policies. Most of these underwriters provide cafeteria-style policies, in which clients can pick which losses they want to protect against. Others, such as Encon Group Inc., offer it as an add-on to errors and omissions coverage that can protect companies against claims of negligence.”
Though Canada’s cyberinsurance market is growing by leaps and bounds, it still lags behind European and American ones. Stefanie McKay, a senior vice president at Encon, attributes this fact to Canadian companies not having to report data breaches as do their American and many European counterparts. And, Canadian brokers say the lack of laws that govern the reporting of breaches north of the border makes it tricky for underwriters to know how much risk there is, how much a breach can cost and how to price their policies.
The cbc.ca story hints that cyberinsurance can’t or won’t cover every eventuality. “As new tools — such as mobile banking and cloud computing — create new security issues, insurers will have to reevaluate which risks they are willing to insure their clients against.”
ThreatMetrix is the fastest-growing provider of integrated web fraud and cybersecurity solutions. The TrustDefender™ Cybercrime Protection Platform helps companies prevent unauthorized access to web and mobile applications, protect sensitive data, and secure transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. ThreatMetrix protects more than 1,500 customers and 9,000 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.
To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.
Posted by Dan Rampe
Tags: Account Takeover, Account Takeover Fraud, Bank Fraud, Botnets, CNP fraud, Cookieless Device Identification, Cookies, Credit Card Fraud, Cyber attacks, Cyberinsurance, Device Detection, Device Fingerprint, Device Fingerprinting, Device ID, Device Identification, Fraud Prevention, Identity theft, Malware, Malware Protection, MitB, Mobile fraud, Online Fraud, PII, ThreatMetrix, ThreatMetrix Cybercrime Index, ThreatMetrix Cybercrime Protection Platform, ThreatMetrix Global Trust Intelligence Network, Web Fraud