Content area
Full Text
The right coverage can help soften the blow of a data breach. But don't expect to be bailed out if your security plan is flawed.
WHEN SONY PICTURES disclosed last November that hackers had plundered its networks and accessed virtually all of its data assets, loss estimates for the company ran from the tens of millions of dollars to the hundreds of millions. Similar data breaches at TJX and Heartland had cost each company well over $100 million, and there was little to indicate that Sony would fare any better.
So when CEO Michael Lynton disclosed in a media interview earlier this year that Sony's intrusion-related costs would be almost entirely paid for by insurers, the news renewed attention on the topic of cyber insurance in a major way.
It was one of the few times that a victim of a major data breach had publicly talked about how an insurance policy had actually helped offset the cost of the breach. In a sense, Lynton's comments were a message to skeptics that cyber policies aren't a waste of time and money-they can actually soften the financial blow of a security incident. And while some have questioned whether the $60 million or so that Sony is believed to have in cyber insurance will be enough to cover the company's full losses, the breach has raised awareness about cyber insurance.
Analyst firm Gartner defines cyber insurance as protection against losses stemming from data theft and data loss, or business interruptions caused by malware or a computer malfunction. Covered under the definition are losses attributable to fines and lost income as a result of a network intrusion or security breach.
"Cybersecurity policies provide necessary coverage for claims of loss or theft of personally identifiable information and other sensitive information," says Chris Pierson, general counsel and chief security officer at Viewpost, a supplier of online invoicing and payment platforms.
Cyber insurance provides funds for crisis management, media and intellectual property claims that fall under a media liability policy, and privacy claims. "These types of coverage are no longer part of an ad hoc protection scheme, but are more and more an expected part of a wellgoverned and risk-controlled environment," Pierson says.
A New Era, With Surging Demand
Policies...