Cyber Extortion Insurance

Cyber extortion is a growing concern among business owners and boards. It should be a consideration in your cybersecurity insurance policy decision.

An example of cyber extortion is using denial of service attacks, see www.ddosattacktutorial.com, to shut down the Web sites of a target, then demanding some sort of compensation or action to allow service to return to normal. This can be a devastating attack for e-commerce companies that depend on Web site "up time" and such attacks are also sometimes used as "smokescreens" for related hacks seeking to steal IP, personal information or other digital valuables.

One case during 2013 involved extortionists who launched DDOS attacks against a British online business, then met the managers to "demand a 50 percent share of the firm. If the owner failed to agree to these terms, the men threatened to use the services of a computer hacker to launch DDoS attacks on the casino’s servers..." 
http://www.ddosattacktutorial.com/2013/12/ddos-extortion-give-me-50-of-your.html

Broader Benefits of Cyber Insurance

The Benefits of Cyber-Insurance

Cyber-insurance increases cyber-security by encouraging the adoption of best practices. Insurers will require a level of security as a precondition of coverage, and companies adopting better security practices often receive lower insurance rates. This helps companies to internalize both the benefits of good security and the costs of poor security, which in turn leads to greater investment and improvements in cyber-security.

The security requirements used by cyber-insurers are also helpful. With widespread take-up of insurance, these requirements become de facto standards, while still being quick to update as necessary. Since insurers will be required to pay out cyber-losses, they have a strong interest in greater security, and their

requirements are continually increasing.

As well as directly improving security, cyber-insurance is enormously beneficial in the event of a large-scale security incident. Insurance provides a smooth funding mechanism for recovery from major losses, helping to businesses to return to normal and reducing the need for government assistance.

Finally, insurance allows cyber-security risks to be distributed fairly, with higher premiums for companies whose expected loss from such risks is greater. This avoids potentially dangerous concentration of risk while also preventing free-riding.

Advantages over Governmental Regulation

Cyber-insurance has a number of advantages over governmental regulation as a means for improving cyber-security. First and foremost, government standard-setting is simply not suitable for a rapidly evolving area such as cyber-security. Standards produced by organized bodies are based on compromise, and government involvement in the process stifles innovation further. Closely related to this is the threat of regulatory capture attendant with any system of governmental regulation.

Positive reinforcement is generally the more effective behavior modification technique, as individuals naturally prefer reward to punishment. Fear of legal sanctions can force companies to maintain a set of minimum standards, as cyber-insurance does, but unlike cyber-insurance it does not provide any incentive to do better. Governmental regulation results in an emphasis on meeting basic minimum standards, whereas insurance results in companies striving to adopt – and improve upon – best practices. Finally, because the risk is global, United States regulations alone cannot effectively manage it. However, worldwide regulation is impractical because international organizations move even more slowly than national governments. Widespread use of cyber-insurance will produce better security than a system of governmental regulation and standard-setting.

(Courtesy: White House)

Does My Company Already Have Cyber Insurance?

Do I Already Have Cyber Security Insurance? 

If You Have to Ask, the Answer is Probably "No."

Cyber insurance -- also called cyber security insurance, cyber liability insurance, cyber risk insurance, and data security insurance, among other terms -- is an insurance product used to protect businesses from Internet-based risks, and more generally from risks relating to information technology infrastructure and activities. Risks of this nature are typically excluded from traditional commercial general liability policies. Coverages provided by cyber-insurance policies may include first-party coverage against losses such as data destruction, extortion, theft, hacking, and denial of service attacks; liability coverage indemnifying companies for losses to others caused, for example, by errors and omissions, failure to safeguard data, or defamation; and other benefits including regular security audits, post-incident public relations and investigative expenses, and criminal reward funds. (Courtesy: White House)

What is Cyber Insurance?

What is Cyber Insurance? Cyber Security Insurance Explained:

Cyber insurance -- also called cyber security insurance, cyber liability insurance, cyber risk insurance, and data security insurance, among other terms -- is an insurance product used to protect businesses from Internet-based risks, and more generally from risks relating to information technology infrastructure and activities. Risks of this nature are typically excluded from traditional commercial general liability policies. Coverages provided by cyber-insurance policies may include first-party coverage against losses such as data destruction, extortion, theft, hacking, and denial of service attacks; liability coverage indemnifying companies for losses to others caused, for example, by errors and omissions, failure to safeguard data, or defamation; and other benefits including regular security audits, post-incident public relations and investigative expenses, and criminal reward funds. (Source: White House)

Why Are More and More Companies Getting Cyber Insurance?

Why Are More and More Companies Getting Cyber Security Insurance?

Any  CEO of a small and medium size company who keeps up with the news knows about the dangers of the cyber world. Business networks are under constant attack from hackers, criminals, foreign intelligence organizations and, often most dangerously angry or greedy insiders.

There dangers are only part of the threat. More and more lawyers are now suing companies for lapses in cyber security, helped by a growing number of laws that increase cyber liability risks. 

·         At least 46 states and the SEC now require disclosure of hacks in many circumstances, opening companies to major lawsuits


·        Federal contractors and government agencies are now demanding Interconnection Security Agreements (ISAs) with vendors – potentially making the vendor responsible for losses suffered by the client


·        Prime contracts are increasingly expected to require cyber insurance for vendors and subcontractors 

·         Adding to the challenge: Many if not most traditional insurance policies do NOT cover losses from cyber attacks, leaving companies holding the bag 

Who Needs Cybersecurity Insurance?

Who Needs Cyber Insurance?

For now, it's up to you and your team, including IT security and a good insurance advisor, to determine if you need cyber security insurance. We think that may change for many companies. The US government has long stated that cyber insurance and a focus on cyber liability is an effective way to drive greater cyber security across the country. The White House even called these "broader benefits" -- see more information here. Cyber security bills continue to be debated in Congress. Many observers think the government will move to encourage more companies to have cyber insurance and eventually require it for at least some. For companies serving the federal market, we're told some prime contractors are considering requiring their subcontractors to have cyber insurance. They already increasingly require Interconnection Security Agreements (ISAs) with vendors.