In the wake of huge, high profile security breaches—Wendy’s, Sony Pictures Entertainment, Target, to name a few— cyber insurance is a hot commodity. It’s now a booming, $2 billion industry that’s on track to double by 2020. This year alone, 12,151,764 records have been compromised by 420 data breaches in the U.S. Companies hear statistics like that and line up to purchase premium policies to protect their assets. Is this a win for insurance companies?
With increased demand, insurers are taking a hard look at supply. Cyber insurance is a tricky business. Underwriters lack the quantifiable, objective metrics they need to figure out risk of a breach for companies that put valuable data online. This is because most cyberattacks don’t make the evening news; they can go unnoticed or unreported. Culling information on past hacks isn’t particularly helpful either, as cyber criminals are constantly refining their methodology.
Reckoning with Losses
It is even more difficult to put a price tag on losses stemming from a cyberattack. Underwriters must factor breach notification, forensics, setting up call centers, free credit monitoring for customers, legal fees, and crisis communication teams into their estimates. Add to that the intangible fallout—damage to a brand’s reputation and associated sales dips—and it’s a tough equation. A Forbes Insight report showed 46% of companies suffered damage to their reputations and brand value as a result of a cyber breach, but insurers struggle to put a dollar amount on those losses.
Case in point: Target. In a recent securities filing, Target said costs associated with its 2013 holiday season data breach—which exposed 70 million customers’ personal information, including 40 million debit and credit card numbers—is closing in on a whopping $300 million. Of that amount, just one-third will be covered by cyber insurance.
At the time of the hack, Target pieced together $100 million in cyber insurance coverage from multiple underwriters with a $10 million deductible. When all is said and done, experts believe Target will take a $1 billion hit when costs are tallied, which will eventually go one to include over one hundred lawsuits, plus lost revenue. Profit dropped 46 percent in the year following the breach. To regain customer confidence, the retail giant paid out of pocket to speed the adoption of more secure chip-and-PIN technology in its stores.
Insurers Fighting Against Lax Security
While insurance companies are getting an influx of cash from companies concerned about data breaches, they are also on the hook for large payouts because hacks are so prevalent. To protect their bottom line, insurers may raise premiums or force companies to undergo regular security audits to ensure they’re keeping their defenses to a certain standard. And that’s the tip of the iceberg when it comes to companies’ frustrations with the industry.
Many companies feel they have to jump through too many hoops with multiple underwriters for coverage…and the coverage they can get won’t remotely cover all their losses in the event of a breach, as was the case with Target. Policies vary widely and can be narrow in focus, excluding some major forms of fraud, like state-sponsored espionage.
With so many cyber insurance variables, the best defense is a good offense. Companies can dramatically decrease their risks of a hack and lower the cost of effective security by using the SentinelOne Endpoint Protection Platform and Critical Server Protection Platform. SentinelOne’s next-generation endpoint and server protection uses several layers of attack prevention, including behavior detection and machine learning, to stop attacks that other vendors simply can’t. To learn more about SentinelOne, and how our cutting-edge endpoint protection products help to identify malware and conduct digital forensics to prevent hacks, schedule a demo today.