The average cost of a corporate data breach increased to $3.5 million according to a research group. As large cyber breaches continue making headlines, more companies are considering cyber insurance to protect against financial losses from breaches. Cyber insurance premiums are expected to reach $2 billion in 2014, up from $1.2 billion last year. Cyber insurance is designed to mitigate losses from incidents like data breaches, network damage, and business interruptions. It can cover costs associated with notifying victims, fines, lost business, and more. As breaches become more common, more small businesses are recognizing the need for cyber insurance policies.
A publication to help business owners understand the need for cyber insurance, the news notification laws that impact business and what covers a cyber insurance policy provides.
Cyber insurance is probably one of the top security measures each organization, big corporations, and Small and Medium Enterprises (SMEs) should look up to when it comes to a cybersecurity data breach. https://cyberpal.io/
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
Protecting enterprise systems against cyber threats is a strategic priority, yet only 42% of executives are confident they could recover without impacting their business from a cyber event. Find out the hidden risks of shadow IT, cloud and cyber insurance.
Has your credit union considered how member relations, legal compliance and brand reputation might be affected during a data breach? In this 2012 NAFCU Technology & Security Conference session recording you will learn about the risks of data breaches and how they could impact your credit union.
A publication to help business owners understand the need for cyber insurance, the news notification laws that impact business and what covers a cyber insurance policy provides.
Cyber insurance is probably one of the top security measures each organization, big corporations, and Small and Medium Enterprises (SMEs) should look up to when it comes to a cybersecurity data breach. https://cyberpal.io/
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
Protecting enterprise systems against cyber threats is a strategic priority, yet only 42% of executives are confident they could recover without impacting their business from a cyber event. Find out the hidden risks of shadow IT, cloud and cyber insurance.
Has your credit union considered how member relations, legal compliance and brand reputation might be affected during a data breach? In this 2012 NAFCU Technology & Security Conference session recording you will learn about the risks of data breaches and how they could impact your credit union.
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
This article examines cyber and information security as it relates to the legal industry and provides strategic considerations for law firms looking to deal with information security issues.
Managing Cyber Risk: Are Companies Safeguarding Their Assets?EMC
This white paper summarizes the results of a survey done by RSA, NYSE Governance Series, and Corporate Board Member, in association with Ernst & Young, with 200 audit committee members responding on a variety of issues regarding their cyber risk oversight program.
Take a look with NEOS into the future. This whitepaper is a summary of the top technology trends and impediments that are coming around the bend in the insurance industry.
Insuring your future: Cybersecurity and the insurance industryAccenture Insurance
How are insurance companies faring when it comes to protecting their assets and their customers from fraud, malware, cyber attacks and a host of other security breaches? The question is important. Insurance companies hold a vast amount of data
including personally identifiable information, personal health information, credit card and bank account data, and trade secrets (their own and sometimes their clients’). Insurers
have a very distributed model for servicing, increasing the risk across the value chain. Aging legacy systems complicate matters even more.
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
This white paper discusses the results of a CIO UK survey on a“Trust Paradox,” defined as employees and business partners being both the weakest link in an organization’s security as well as trusted agents in achieving the company’s goals.
The Digital Multiplier: Five Steps To Digital Success In The Insurance SectorAccenture Insurance
Insurers are investing less than many of their counterparts in other industries in essential digital technology. They’re also achieving lower financial returns on this spending.
The few insurers that are generating good financial returns from their investments in digital technology have a big advantage over their competitors. They have grown revenue 64 percent more than other insurers that have invested heavily in digital technology and achieved a 48 percent better return on equity.
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
Managing risk is a balancing act for organizations of all sizes and disciplines. While some organizations take on too much risk, others arguably do not take on enough. Complicating this equation is the emergence of cyber as one of the most impactful sources of risk in the modern enterprise
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
This article examines cyber and information security as it relates to the legal industry and provides strategic considerations for law firms looking to deal with information security issues.
Managing Cyber Risk: Are Companies Safeguarding Their Assets?EMC
This white paper summarizes the results of a survey done by RSA, NYSE Governance Series, and Corporate Board Member, in association with Ernst & Young, with 200 audit committee members responding on a variety of issues regarding their cyber risk oversight program.
Take a look with NEOS into the future. This whitepaper is a summary of the top technology trends and impediments that are coming around the bend in the insurance industry.
Insuring your future: Cybersecurity and the insurance industryAccenture Insurance
How are insurance companies faring when it comes to protecting their assets and their customers from fraud, malware, cyber attacks and a host of other security breaches? The question is important. Insurance companies hold a vast amount of data
including personally identifiable information, personal health information, credit card and bank account data, and trade secrets (their own and sometimes their clients’). Insurers
have a very distributed model for servicing, increasing the risk across the value chain. Aging legacy systems complicate matters even more.
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
This white paper discusses the results of a CIO UK survey on a“Trust Paradox,” defined as employees and business partners being both the weakest link in an organization’s security as well as trusted agents in achieving the company’s goals.
The Digital Multiplier: Five Steps To Digital Success In The Insurance SectorAccenture Insurance
Insurers are investing less than many of their counterparts in other industries in essential digital technology. They’re also achieving lower financial returns on this spending.
The few insurers that are generating good financial returns from their investments in digital technology have a big advantage over their competitors. They have grown revenue 64 percent more than other insurers that have invested heavily in digital technology and achieved a 48 percent better return on equity.
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
Managing risk is a balancing act for organizations of all sizes and disciplines. While some organizations take on too much risk, others arguably do not take on enough. Complicating this equation is the emergence of cyber as one of the most impactful sources of risk in the modern enterprise
Data Breach Insurance - Optometric Protector Plansarahb171
The Optometric Protector Plan offers malpractice, professional liability and business insurance for Optometrists, Ophthalmic Technicians and Students. Here is the 2014 Data Breach Industry Forecast.
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Cyber Security and Insurance Coverage Protection: The Perfect Time for an AuditNationalUnderwriter
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit by Lynda Bennett
2014 ended almost the same way that it began for most companies – having concerns about cyber security and hackers. At the beginning of the year, the news cycle was focused on breaches that took place in the consumer product space as Target, Michael’s, Neiman Marcus, and Home Depot worked fast and furious to address breaches that led to concerns about a massive amount of credit card information possibly being “in the open.” Later in the year, we learned that corporate giants like JPMorgan Chase and Apple were not immune from cyber security breaches as still more personally identifiable information and very personal photographs were released into the public domain. Finally, as 2014 drew to a close, the entertainment industry was further rocked by the cyber-attack on Sony Corp., which led to even broader concerns about national security and terrorist threats.
Contents lists available at ScienceDirectJournal of AccounAlleneMcclendon878
Contents lists available at ScienceDirect
Journal of Accounting and Public Policy
journal homepage: www.elsevier.com/locate/jaccpubpol
Full length article
Cybersecurity insurance and risk-sharing
Lawrence D. Bodina, Lawrence A. Gordonb, Martin P. Loebb,⁎, Aluna Wangc
a Emeritus Professor of Management Science, Robert H. Smith School of Business, University of Maryland, College Park, MD 20742-1815, USA
b Accounting and Information Assurance, Robert H. Smith School of Business, University of Maryland, College Park, MD 20742-1815, USA
c Tepper School of Business, Carnegie Mellon University, 5000 Forbes Avenue, Pittsburgh, PA 15217, USA
A R T I C L E I N F O
Keywords:
Cybersecurity insurance
Cybersecurity risk management
A B S T R A C T
In today’s interconnected digital world, cybersecurity risks and resulting breaches are a funda-
mental concern to organizations and public policy setters. Accounting firms, as well as other
firms providing risk advisory services, are concerned about their clients’ potential and actual
breaches. Organizations cannot, however, eliminate all cybersecurity risks so as to achieve 100%
security. Furthermore, at some point additional cybersecurity measures become more costly than
the benefits from the incremental security. Thus, those responsible for preventing cybersecurity
breaches within their organizations, as well as those providing risk advisory services to those
organizations, need to think in terms of the cost-benefit aspects of cybersecurity investments.
Besides investing in activities that prevent or mitigate the negative effects of cybersecurity
breaches, organizations can invest in cybersecurity insurance as means of transferring some of
the cybersecurity risks associated with potential future breaches.
This paper provides a model for selecting the optimal set of cybersecurity insurance policies by
a firm, given a finite number of policies being offered by one or more insurance companies. The
optimal set of policies for the firm determined by this selection model can (and often does)
contain at least three areas of possible losses not covered by the selected policies (called the Non-
Coverage areas in this paper). By considering sets of insurance policies with three or more Non-
Coverage areas, we show that a firm is often better able to address the frequently cited problems
of high deductibles and low ceilings common in today’s cybersecurity insurance marketplace.
Our selection model facilitates improved risk-sharing among cybersecurity insurance purchasers
and sellers. As such, our model provides a basis for a more efficient cybersecurity insurance
marketplace than currently exists. Our model is developed from the perspective of a firm pur-
chasing the insurance policies (or the risk advisors guiding the firm) and assumes the firm’s
objective in purchasing cybersecurity insurance is to minimize the sum of the costs of the pre-
miums associated with the cybersecurity insurance policies selected and ...
For digital media companies, effective cybersecurity programs a mustGrant Thornton LLP
In digital media trust is everything, without it your business model doesn’t work. Cybersecurity can be a key component, ensuring the integrity of your services. Check out this brief guide to securing your data.
This presentation focuses to the rising prominence of insurance considerations—and more particularly—to legal aspects of insurance as it relates to cybersecurity and privacy.
The presentation defines "Cyber and Privacy Insurance” and organizes such insurance into four main types of cyber insurance coverage: data breach and privacy management coverage, multimedia liability coverage, extortion liability coverage, and network security liability coverage. With these definitions, the presentation then gives snapshot of how the Cyber Insurance Market Is Maturing, its participants, costs, and related attributes.
Consideration is given to the importance of defined terms, before launching into difficulties that providers and users have relative to measuring, modeling, and pricing cyber insurance risk. Particular attention is given to the language of “claims” and how to navigate through associated risk/cost analyses and cost structures.
Additionally, general considerations, pre-conditions, cost of compliance, business interruption, governing board oversight and related issues are brought together is a cohesive manner.
Although Sony seemed to dominate the cyber-security headlines of 2014, it was just one of many corporations infiltrated by an increasingly sophisticated and driven pool of hackers. J.P. Morgan Chase, Home Depot, and Target also top the list of businesses struggling with data breaches.
The most recent major cyberattack against Anthem Healthcare shook the insurance industry. In a rare show of honesty, the insurer began alerting customers and the media to the potential of a data break just eight days after it first noted suspicious activity on Jan. 27, 2015.
Immediately upon discovering it had been attacked, Anthem jumped to address the security vulnerability, contacted the FBI, and hired leading cyber-security firm Mandiant to evaluate its systems, said president and CEO Joseph Swedish in a statement.
Noting the importance of protecting financial institutions, New York's Department of Financial Services responded to the Anthem breach by announcing its intent to integrate regular assessments of cyber-security preparedness at insurance companies as part of its examination process. It will also enforce "enhanced regulations" on insurers based in New York.
"Recent cyber security breaches should serve as a stern wake up call for insurers and other financial institutions to strengthen their cyber defenses," said Benjamin M. Lawsky, New York State's superintendent of financial services, in a statement. He continued, "Regulators and private sector companies must both redouble their efforts and move aggressively to help safeguard this consumer data.“
Most people might expect that larger insurers, given the sensitive customer information they handle, would boast robust cyber-security programs. This is not necessarily true.
As part of its investigation, the Department found that 95% of insurers already think they have sufficient staff for information security, and just 14% of CEOs receive monthly briefings on data security. Anthem, the nation's second-largest health insurer, had not even encrypted its database containing nonmedical data. It claims that the HIPAA did not require it to do so.
While experts believe that Anthem was exclusively targeted in its attack, there is no doubt that all financial institutions are at risk. Here are eight things to know as the industry enters a year of increasingly heightened cyber-vulnerability.
Cyber security is becoming increasingly relevant within the insurance industry to the degree, that the National Association of Insurance Commissioners (NAIC) named it as the key initiative for 2015.
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfProtected Harbor
Protected Harbor's 2022 Legal Services Data Breach Trend Report is a comprehensive analysis of the evolving cybersecurity landscape in the legal industry. This report offers valuable insights into emerging trends, challenges, and opportunities that legal professionals and firms may encounter in the year ahead. Through in-depth research and expert analysis, it sheds light on the impact of technological advancements, changing regulations, and client expectations on legal services. Stay ahead of the curve with this indispensable guide to the future of legal services.
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsElizabeth Dimit
Blog post discussing why CISOs need to collaborate with privacy, legal, and product teams to effectively identify and mitigate risk in their organization.
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
84017
1. December 8, 2014
A
data breach can be
crippling to a small
business.
The average cost of a corpo-
rate breach increased 15 percent
in the last year to $3.5 million,
according to the Ponemon Insti-
tute, a Michigan-based private
research group.
With large cyber breaches
continuing to make headlines
weekly, more companies are
considering cyber insurance
policies to protect against fi-
nancial fallout.
“Cyber insurance continues
to be the fastest growing type
of insurance today,” says Rick
Betterley, president of Bet-
terley Risk Consultants Inc., a
Sterling, Massachusetts-based
risk management consulting
firm that publishes an annual
cyber/ privacy insurance mar-
ket survey. Nationally, busi-
nesses are expected to spend
around $2 billion on cyber in-
surance premiums in 2014, up
from $1.2 billion last year, ac-
cording to Betterley.
Mitigating losses
The insurance is designed to
mitigate losses from a variety
of cyber incidents, including
data breaches, business inter-
ruption and network damage,
LI BUSINESS
Data breach insurance
NEWSDAY/ALEJANDRAVILLA
Pam D’Apuzzo of RR Health Strategies in Uniondale says she took out a cyber insurance policy — proactively
— with the help of Steven Browne of Insureatech Agency in New Hyde Park.
LIBUSINESSnewsday.comNEW
A
data breach can be crip-
pling to a small business.
The average cost of a
corporate breach increased 15
percent in the last year to $3.5
million, according to the
Ponemon Institute, a Michigan-
based private research group.
With large cyber breaches
continuing to make headlines
weekly, more companies are
considering cyber insurance
policies to protect against finan-
cial fallout.
“Cyber insurance continues
to be the fastest growing type
of insurance today,” says Rick
Betterley, president of Better-
ley Risk Consultants Inc., a
Sterling, Massachusetts-based
risk management consulting
firm that publishes an annual
cyber/ privacy insurance mar-
ket survey. Nationally, busi-
nesses are expected to spend
around $2 billion on cyber in-
surance premiums in 2014, up
from $1.2 billion last year, ac-
cording to Betterley.
Mitigating losses
The insurance is designed to
mitigate losses from a variety of
cyber incidents, including data
breaches, business interruption
and network damage, according
to the Department of Home-
land Security.
“The initial demand for this
product was driven by larger
corporations,” explains Robert
P. Hartwig, president of the In-
surance Information Institute, a
Manhattan-based industry
trade association. “It began to
movedownto mid-size corpora-
Browne, who works with about
six insurance carriers including
Travelers and Hartford.
Many businesses think it
won’t happen to them, or that
their general liability coverage
will protect them. But general li-
ability typically covers physical
loss or damage, not the data
side, he explains.
Cyber insurancecancover lia-
bility incurred by the insured,
including defense and settle-
ment costs, remediation and re-
sponse costs such as customer
notification and credit monitor-
ing, costs related to regulatory
fines and penalties and in some
cases credit card fines and pen-
alties from card issuers, accord-
ing to Betterley. It can also
cover loss of business income
ents putting language in con-
tracts asking if she had cyber in-
surance. “At some point what
I’m doing now proactively will
become a requirement from our
clients,” says D’Apuzzo, who
worked with Insureatech to se-
mond & Co. LLC, a benefits and
risk management advisory firm
in Uniondale. “Two years ago,
people weren’t even speaking
about this.”
Now about 15 percent of the
firm’s clients are purchasing
cyber policies, he says. “Compa-
nies have come to realize it’s
not a matter of if they’re going
to get breached, but when
they’re going to get breached.”
Risk assessment
Products vary, so work with a
broker to understand your risk
and coverage needs. Premiums
generally run $2,000 to $5,000 a
year depending on the industry
and company size, estimates
Browne.
As part of the process, insur-
SMALL
BUSINESS
Jamie Herzlich
Data breach insurance
NEWSDAY/ALEJANDRAVILLA
son
eri-
rab
orc-
ore,
hem
unts
nual
the
ain
to
in-
on-
esi-
re-
the
hich
has
s it
eti-
and
the
ll 13
. In
the
on.
em
s of
ave
nes.
ow
ing
hed
ent
ult-
ow
ED
Y
jherzlich@aol.com
LI BUSINESS
CYBER COST
Pam D’Apuzzo of RR Health Strategies in Uniondale says she took out a cyber insurance policy —
proactively — with the help of Steven Brown of Insureatech Agency in New Hyde Park.
Policies mitigate
company losses
incyberincidents
The average cost of
notifying victims of a
data breach — one of
the largest costs that
companies incur — is
$509,237.
Source: Ponemon Institute
A35
PRINTED COPY FOR PERSONAL READING ONLY.
NOT FOR DISTRIBUTION
2. according to the Department
of Homeland Security.
“The initial demand for this
product was driven by larger
corporations,” explains Robert
P. Hartwig, president of the In-
surance Information Institute,
a Manhattan-based industry
trade association. “It began to
move down to mid-size corpo-
rations, and eventually it will
make its way down to smaller
and smaller businesses.”
That’s what Steven Browne,
president of Insureatech Agency
in New Hyde Park, a broker
for cyber liability insurance, is
banking on.
Last year, he started Insure-
atech as a separate division of
Sachem Insurance Agency, be-
cause he saw breaches becom-
ing more prevalent in the news.
“We saw a big need for it,” says
Browne, who works with about
six insurance carriers includ-
ing Travelers and Hartford.
Many businesses think it won’t
happen to them, or that their gen-
eral liability coverage will protect
them. But general liability typi-
cally covers physical loss or dam-
age, not the data side, he explains.
Cyber insurance can cover
liability incurred by the in-
sured, including defense and
settlement costs, remedia-
tion and response costs such
as customer notification and
credit monitoring, costs relat-
ed to regulatory fines and pen-
alties and in some cases credit
card fines and penalties from
card issuers, according to Bet-
terley. It can also cover loss of
business income post-breach,
adds Browne.
These costs can add up.
Pam D’Apuzzo, president of
RR Health Strategies LLC, a
health care consulting firm in
Uniondale, recently took out
a cyber insurance policy. The
company provides consult-
ing to clients including private
health practices, hospitals and
teaching facilities, and routine-
ly reviews medical records for
compliance.
D’Apuzzo noticed more cli-
ents putting language in con-
tracts asking if she had cyber
insurance. “At some point what
I’m doing now proactively will
become a requirement from
our clients,” says D’Apuzzo,
who worked with Insureatech
to secure the policy. “I think
we’ll be ahead of the curve.”
Even though she takes neces-
sary security precautions when
dealing with sensitive data, she
wants to makes sure she’s pro-
tected. “This added layer of cy-
ber insurance is an extra safety
net for me,” says D’Apuzzo.
And as more breaches make
headlines, more smaller firms
will likely follow suit.
“Demand is picking up,”
says Marc Schein of Chernoff
Diamond & Co. LLC, a benefits
and risk management advi-
sory firm in Uniondale. “Two
years ago, people weren’t even
speaking about this.”
Now about 15 percent of
the firm’s clients are purchas-
ing cyber policies, he says.
“Companies have come to
realize it’s not a matter of if
they’re going to get breached,
but when they’re going to get
breached.”
Risk assessment
Products vary, so work with
a broker to understand your
risk and coverage needs. Pre-
miums generally run $2,000 to
$5,000 a year depending on the
industry and company size, es-
timates Browne.
As part of the process, insur-
ers will do a risk assessment
and make recommendations,
Hartwig says. “It’s not simply
pure insurance,” he notes. “It in-
volves elements of prevention.”
Browne partners with out-
side cyber-security consul-
tants to perform risk assess-
ments. “We want to make sure
certain systems are in place
and they’re protected,” he says,
adding insurers after the fact
may not cover a breach if the
insured was lacking in some of
these protections.
(#84017) Copyright 2014 Newsday LLC. Reprinted with permission. To subscribe to Newsday, please call 1-800-Newsday or visit us online at Newsday.com.
For information about reprints and permissions from Newsday, visit PARS International Corp. at www.newsdayreprints.com.
newsday.comNEWSDAY,MONDAY,DECEMBER8,2014
ulting
nnual
mar-
busi-
pend
er in-
4, up
r, ac-
ed to
ety of
data
ption
rding
ome-
r this
arger
obert
he In-
ute, a
ustry
an to
pora-
will
maller
owne,
Agen-
roker
ce, is
ureat-
of Sa-
, be-
com-
news.
” says
Browne, who works with about
six insurance carriers including
Travelers and Hartford.
Many businesses think it
won’t happen to them, or that
their general liability coverage
will protect them. But general li-
ability typically covers physical
loss or damage, not the data
side, he explains.
Cyber insurancecancover lia-
bility incurred by the insured,
including defense and settle-
ment costs, remediation and re-
sponse costs such as customer
notification and credit monitor-
ing, costs related to regulatory
fines and penalties and in some
cases credit card fines and pen-
alties from card issuers, accord-
ing to Betterley. It can also
cover loss of business income
post-breach, adds Browne.
These costs can add up.
Pam D’Apuzzo, president of
RR Health Strategies LLC, a
health care consulting firm in
Uniondale, recently took out a
cyber insurance policy. The
company provides consulting
to clients including private
health practices, hospitals and
teaching facilities, and routine-
ly reviews medical records for
compliance.
D’Apuzzo noticed more cli-
ents putting language in con-
tracts asking if she had cyber in-
surance. “At some point what
I’m doing now proactively will
become a requirement from our
clients,” says D’Apuzzo, who
worked with Insureatech to se-
cure the policy. “I think we’ll be
ahead of the curve.”
Even though she takes neces-
sary security precautions when
dealing with sensitive data, she
wants to makes sure she’s pro-
tected. “This added layer of
cyber insurance is an extra safe-
ty net for me,” says D’Apuzzo.
And as more breaches make
headlines, more smaller firms
will likely follow suit.
“Demand is picking up,” says
Marc Schein of Chernoff Dia-
mond & Co. LLC, a benefits and
risk management advisory firm
in Uniondale. “Two years ago,
people weren’t even speaking
about this.”
Now about 15 percent of the
firm’s clients are purchasing
cyber policies, he says. “Compa-
nies have come to realize it’s
not a matter of if they’re going
to get breached, but when
they’re going to get breached.”
Risk assessment
Products vary, so work with a
broker to understand your risk
and coverage needs. Premiums
generally run $2,000 to $5,000 a
year depending on the industry
and company size, estimates
Browne.
As part of the process, insur-
ers will do a risk assessment
and make recommendations,
Hartwig says. “It’s not simply
pure insurance,” he notes. “It in-
volves elements of prevention.”
Browne partners with outside
cyber-security consultants to
perform risk assessments. “We
want to make sure certain sys-
temsareinplaceandthey’repro-
tected,” he says, adding insurers
after the fact may not cover a
breach if the insured was lack-
ing in some of these protections.
NE
CYBER COST
Pam D’Apuzzo of RR Health Strategies in Uniondale says she took out a cyber insurance policy —
proactively — with the help of Steven Brown of Insureatech Agency in New Hyde Park.
The average cost of
notifying victims of a
data breach — one of
the largest costs that
companies incur — is
$509,237.
Source: Ponemon Institute
PRINTED COPY FOR PERSONAL READING ONLY.
NOT FOR DISTRIBUTION