2017
Insurers Handling ‘Hundreds’ of Cyber Breach Claims Insurance claims for data breaches are being made at a rate of more than one a day, figures from CFC Underwriting suggest. The firm said that in 2016 it had handled more than 400 claims on cyber-breach policies it had issued. The main types of attack being claimed for were privacy breaches and the theft of cash, it said. The massive amount of stolen data shared online was driving many attacks, said the firm. No recovery Claims on CFC policies were up 78% on 2015, said Graeme Newman, chief innovation officer at the underwriter.
behind 16% of the claims filed with CFC, putting it third behind data breaches and theft, he added. Mr Newman also pointed out that the major breaches seen in 2016, which have seen huge amounts of login details stolen and shared, was starting to be used much more frequently. These "phantom breaches" and account takeovers were proving tempting for criminal hackers, said Mr Newman. "They are going after the low-hanging fruit," he said. Cyber Breach Claim Categories Privacy breach 31% Financial loss 22% Ransomware 16% Malware/viruses 7% Website attacks 5%
"About 90% of our claims by volume are from businesses with less than £50m in revenue," he said, adding that a "disproportionate" number of claims were being made by British firms.
Unauthorised access Business interruptions 4%
"This is largely down to the fact that on the whole, UK businesses have a lower level of security maturity than their US counterparts," he said.
Other 10%
Ransomware, in which data is encrypted unless victims pay cash to a hacker to unscramble it, was
Cyber-insurance was becoming necessary to help firms cope with the volume of attacks they faced every day, he said.
[Source: CFC Underwriting]
"It's now become more of an incident response service that pays all the costs associated with that," he said. "You ring up the insurer and they get people in to help." Many insurance firms now had security, data forensics, incident response and PR firms on call to help respond when a claim is filed, he said. Some also employed experts who had experience negotiating with kidnappers and can advise about the best way to deal with ransom and extortion demands. The insurance policies were proving popular, said Paul Delbridge, a partner at professional services network PWC, who has studied the market, because the costs associated with investigating and fixing a breach were potentially so high. "It can be incredibly expensive to work out what was stolen and remediate," he said. In the UK, most policies were for a few million pounds, said Mr Delbridge, and the highest cover that firms can buy is for ÂŁ25m. In the US, the highest policies cover about $100m (ÂŁ80m). The cyber-breach policies were particularly attractive to smaller firms which cannot afford to staff and run a large internal security unit, he added. "Not investing in your cyber-defences is very risky because if there's a material breach it becomes a very public event and often the PR fallout is such that the business never really recovers," he said. If you would like further information or to discuss the brief in more detail please contact Thomas Carroll Brokers on 02920 887733 *Source BBC Technology
01
Fall
08