Cyberinsurance: Products Mature but Still Underused

Risk transfer opportunities have proliferated, as have the threats

The bad news keeps coming. Every month, some company somewhere is hacked and loses confidential data. A storm of negative publicity — and lawsuits — quickly follows. Everyone is a potential target, and nobody is safe. Yet, according to a global survey by PricewaterhouseCoopers, the majority of companies don’t have cyberinsurance in place.

Some don’t know that specific coverage is available, or they mistakenly believe they are sufficiently covered by existing liability policies. Others assume — dangerously — that their security is tight enough to prevent a breach, or that they are too small for malicious or criminal hackers to bother with.

Verizon Communications, in its 2012 Data Breach Investigations Report, counted 855 incidents last year, with a total loss of 174 million records. Financial losses in each instance ranged from a few dollars to more than $100 million, and at least four companies went out of business as a result of a breach.

Year-to-year trends vary, but the overall direction is not encouraging. For 2010, Verizon reported a record low of 4 million records lost in 800 breaches. That represented a lull between the case of credit card processor Heartland Payment Systems in late 2008, which accounted for 300 million of that year’s 361 million compromised data records; and 2011, when hacking into the PlayStation platform affected more than 100 million customer records, cost Sony Corp. $6 billion, and prompted more than 55 lawsuits.

Read full story at Risk Professional magazine. (Paid registration required.)