Insurance Blog

Finance Blogs » Insurance Blog » Taking it in the breaches

Taking it in the breaches

By Jay MacDonald ·
Tuesday, June 28, 2011
Posted: 9 am ET

Recent data breaches at America's most secure fortresses, from the U.S. Senate and Lockheed Martin to Citigroup and Google, have sparked renewed corporate interest in "cyberinsurance." But you may need a hacker to decode these new cyber policies.

Insurance Journal reports that a rash of recent headline-making hacks, including the breach of 100 million Sony customer accounts and 360,000 Citigroup accounts, has corporate risk managers clamoring for multimillion-dollar cyberinsurance coverage. That's hardly an overreaction considering that the average data breach last year cost $7.2 million, according to March figures from the Ponemon Institute.

The problem is, insurance companies don't feel particularly comfortable throwing down on a risk that has as short a track record as hacking. How do you price it? What do you include and exclude? And how can you reasonably predict the future risk in a field as hyper-driven as computer technology?

Then there's the absence of standards to consider. Your auto insurance company can require you to wear seatbelts and drive on the right. How do you do that on the information superhighway?

During the past decade, several companies, most recently Travelers, have responded with cyberinsurance packages that attempt to mitigate the liability and loss risk of a data breach. In the current economy, it may be one of the few coverage areas that's actually growing.

But such new contracts also come peppered with all manner of exclusions that attempt to "buckle up" the insured's data protocols.

"Some, for example, exclude coverage for any incident that involves an unencrypted laptop. In other cases, insurers say, coverage can be voided if regular software updates are not downloaded or if employees do not change their passwords periodically," according to the report.

Sadly, you and I have been left out of this equation. Companies are covering their own assets with little regard to the damage their data breaches cause to us, the inconvenient human form factors.

Where's our coverage? Where's our relief?

Follow me on Twitter.

Subscribe to Bankrate newsletters today!

Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.
1 Comment