Computer Crime Research Center


Covering Cyber Threats

Date: September 01, 2008

As companies face a host of new risks associated with their digital data, insurers are scrambling to create a whole new field of coverage: cyber liability.

Costly and legally troublesome problems ranging from data breaches to infringement cases are on the rise, and 43 states, including Connecticut, have passed laws spelling out rules for companies that experience them.

Data breaches that become public underscore what’s at stake for the companies held responsible.

Bank of New York Mellon faces a potential class action suit and other penalties after it lost two unencrypted data tapes in February. Those tapes contained account information for about 4.5 million customers, including some 550,000 Connecticut residents.

As of last week, more than 500 plaintiffs had signed up to sue the bank.

And under pressure from Attorney General Richard Blumenthal and other state officials, the bank agreed to provide customers with two years of free credit monitoring, $25,000 in identity theft insurance and free credit freezes.

As businesses seek protection against big expenses from such a potential threat, cyber liability insurance coverage is now coming into its own. Insurers that offer it include The Hartford, Travelers, AIG, Darwin Professional Underwriters and ACE Limited.

ACE Limited, a global property and casualty insurer, has seen demand for its cyber liability coverage double in the past 12 months.

“Companies are surprised by the high costs associated with a security breach,” Merrill said. “They see this insurance as a way to protect themselves.”

Most cyber policies offer first-and-third party coverage, including expenses associated with data recovery and business interruption. They may also help pay for crisis management costs, including the notification of affected parties and investigations by outside experts.

Some policies also offer reimbursement for legal fees and public relations campaigns, which are used to repair a company’s image following a breach. But they may not cover the costs from victims who sue and win lawsuits.

“It’s a new era for risk,” said Drew Bartkiewicz, vice president of Cyber and Technology Risk at The Hartford. “Traditional insurance no longer covers the risks presented by the Internet.”

According to The Identity Theft Resource Center, a California-based nonprofit, 342 data breaches were reported from Jan. 1 to June 27, a 69 percent increase over the same period last year. The actual number of breaches is muc higher, ITRC said, due to underreporting.

The costs of dealing with such breaches can be high. Companies spent $6.3 million, or $197 per record, on average in 2007 to recover from data breaches, according to a study from the Ponemon Institute, a Michigan-based privacy and information management research firm.

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo