http://www.slate.com/articles/technology/future_tense/2014/06/target_breach_cyberinsurance_is_a_mess.html
By Josephine Wolff
Slate.com
June 12, 2014
Do you still shop at Target? There’s been controversy over how much of an
impact the massive breach of 40 million credit and debit card numbers in
late 2013 had on the company’s shareholders and customers. And that
controversy speaks to a larger cybersecurity problem plaguing industry
today: the difficulty of assessing the impact and costs of these sorts of
security breaches and the challenges that presents when it comes to trying
to buy and sell cyberinsurance. Yes, that’s a real thing—and a great
business to be in, at the moment, if you can figure out how to develop
accurate actuarial models, that is.
A recent New York Times article touted cyberinsurance as the
“fastest-growing niche in the [insurance] industry today.” Nicole Perlroth
and Elizabeth Harris report: “[A]fter the breach at Target, its profit was
cut nearly in half—down 46 percent over the same period the year before—in
large part because the breach scared away its customers.” These enormous
costs to brand reputation make it difficult for companies to get as much
cyber risk coverage as they want, and the demand is only growing. The
Times cites statistics showing a 21 percent increase in demand for
cyberinsurance policies from 2012 to 2013, with total premiums reaching
$1.3 billion last year and individual companies able to acquire a maximum
of roughly $300 million in coverage.
At the time of its breach, Target had only $100 million in coverage, with
a $10 million deductible, and had been turned away by at least one insurer
when it tried to acquire more cyberinsurance, Perlroth and Harris report.
They suggest that this coverage may fall well short of the massive losses
incurred by the company when it saw its profits nearly halved.
But their piece comes less than a month after Eric Chemi argued exactly
the opposite about the impact of Target’s security breach in a piece for
Bloomberg Businessweek titled “Investors Couldn’t Care Less About Data
Breaches.” He wrote:
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
