New market for hack-attack insurance takes root by Scott Tong
For the second day, the digital Grinch has stolen Christmas for gamers around the globe. Networks went dark for Microsoft's Xbox and Sony Playstation users, with a group of hackers calling themselves Lizard Squad taking responsibility.
It’s unclear if Sony or Microsoft had hacker insurance; we tried to reach them. But we do know breaches of web-based game systems come at great economic damage. And as it turns out, there is a growing world of insurance to provide protection against cyber attacks.
“The policies will typically cover the cost of notifying the affected persons, the customers, that there was a breach,” says Richard Betterley of Betterley Risk Consultants. "The cost of providing credit monitoring, legal counsel related to the breach and sometimes crisis management ... public relations campaigns, in other words.”
Like traditional insurance, if something goes wrong, the policyholder files a claim and hopes for a check.
Plenty of costs aren’t covered, like stolen ideas, stock losses and customer credit card losses. But with Xbox and Playstation joining a hacked wall of shame alongside Home Depot, JP Morgan and Target, more firms are buying peace of mind — and insurance firms are racing to provide it.
“Lots of organizations were just dabbling in this area of insurance a couple years ago,” says Larry Poneman of Poneman Institute R. “But with all of these data breaches, more and more insurance companies see huge amounts of profits to be made.”
Insurers face their own danger, though. They can’t predict hacking losses the way they can losses from tornadoes or fires.
“They are very much aware of their lack of actuarial data that underline how these policies are underwritten,” says Ted Julian of data protection firm CO3 Systems. “They could lose quite a bit of money quickly, if they’re not careful.”