September 8, 2017

Massive Breach Affects Nearly Half of the Country

Credit reporting firm Equifax announced yesterday a massive cybersecurity breach, compromising sensitive personal and credit information of 143 million American consumers – nearly half the country.


After checking the status of your identity, Equifax then offers the option to enroll in a “TrustedID Premier” credit monitoring service. A recent TechCrunch article explains that in agreeing to the terms of service, the user is waving their rights to bring a class action lawsuit against Equifax.

Equifax, one of the three major consumer credit reporting agencies, said hackers accessed company data including social security and driver’s license numbers between mid-May and July. The company said credit card numbers for 209,000 U.S. customers were also exposed in the breach.

Bloomberg reported that three top executives sold nearly $1.8 million in stock shortly after the firm initially discovered the breach. Interestingly, the company insisted that those executives were unaware of the breach when they made the sale.

“This is about as bad as it gets,” said Pamela Dixon, executive director of the World Privacy Forum, a nonprofit research group. “If you have a credit report, chances are you may be in this breach. The chances are much better than 50 percent.” Avivah Litan, a fraud analyst at Gatner, described the breach as a “10 out of 10” in terms of severity. While recent breaches such as the two Yahoo announced in 2016 were larger in size, totaling nearly 500 million users, the Equifax attack is far worse due to the nature of the breach, which compromised “the keys that unlock consumers’ medical histories, bank accounts and employee accounts,” according to a New York Times article.

While the total damage of the breach is unknown at this point, total costs will likely reach hundreds of millions of dollars, or potentially higher, when all is said and done.

The data breach also highlights the need for a uniform federal standard for reporting data breaches, a position The Council supports.  Currently, 47 unique data breach notification laws exist at the state level. The Council believes a uniform data breach notification law would ease compliance burdens that businesses face in the wake of a breach affecting clients across state lines.

Sen. Mark Warner (D-Va.), a Senate Banking Committee member, has “made disclosure of data breaches a public priority,” according to a recent PoliticoPro article, “calling for new laws for comprehensive data breach notification and, in particular, pressing the SEC to investigate the timing of Yahoo’s disclosure.”

Warner added, “while many have perhaps become accustomed to hearing of a new data breach every few weeks, the scope of this breach…raises serious questions about whether Congress should not only create a uniform data breach notification standard, but also whether Congress needs to rethink data protection policies.”

Equifax has created a website,, to help consumers determine whether their data was at risk.

CEO: Insurers Must Learn “Self-Defense”

Eyal Wachsman, CEO of Israel-based cyber security firm Cymulate explains while cyber insurance is one way to react to the problem, insurers themselves must be adequately protected in order to serve their clients. The firm has developed a cyber breach and attack simulation platform that can benefit insurers by screening the cybersecurity status of organizations that approach them for cyber cover, as well as assessing the insurer’s own cyber security defenses.

Swiss Re’s Head of Cyber Explains Company’s Cautious Approach

While cyber demand is on the rise, Swiss Re takes a cautious approach in underwriting and suggests insurers should do the same as the ‘cybergeddon’ is yet to happen.

The I of Very Big T: (IoT Risks)

The ease of connectivity (and the sheer amount of devices that are connected to the internet) may make life easier, but there is a very big risk associated with the Internet of Things (IoT). Worry less about an army of coffee makers and more about an army of one able to hack into the navigation system of cars or the GPS of an aircraft.

Hackers Gain Entry into US, European Energy Sector, Symantec Warns

(Reuters) — Advanced hackers have targeted United States and European energy companies in a cyber espionage campaign that has, in some cases, successfully broken into the core systems that control the companies’ operations, according to researchers at the security firm Symantec.

RIMS Survey Reveals Continued Confidence in Cyber Insurance

Cyber insurance is still a priority for risk professionals and stand-alone policies continue to gain international prominence, according to the 2017 RIMS Cyber Survey.
Key findings from this year’s RIMS Cyber Survey include:

  • Organizations with a stand-alone cyber insurance policy increased 3% (to 83%) from 2016
  • Of the organizations without a stand-alone cyber policy, 84% indicated that other insurance policies include cyber liability coverage
  • Nearly three-quarters (72%) of respondents transfer cyber exposures to a third-party (up 3% from 2016)
  • Only 34% of respondents thought that the government should mandate cybersecurity standards

Banks Buying Insurance for Cover against Cyber-Attacks

(Reuters) — Banks are increasingly turning to insurance to protect their capital from “operational risks” like cyber-attacks and rogue traders, and insurers say they can help safeguard lenders by providing an extra layer of expertise.

Interest in Cyber Insurance Grows as Cybercrime Targets Small Businesses

Nearly two-thirds of all cyberattacks are targeting against small and medium-size businesses (SMBs) — about 4,000 a day, according to IBM. Of the small businesses that do get hacked, about 60 percent are forced to close six months after an attack, according to the U.S. National Cyber Security Alliance. Fortunately, SMBs are beginning to take interest in cyber insurance.

Cloud Security Market to Reach $12B by 2024, Driven by Rise of Cyber Attacks

The global cloud security market is predicted to reach $12.64 billion by 2024—up from $1.41 billion in 2016, according to a new report from Hexa Research. The growth is driven by the increasing use of cloud services for data storage, and the rising sophistication of cyber-attacks, the report stated.

Chubb Broadens ERM Solutions for Cyber Policyholders in U.S. and Canada

In response to global cyber threats that require enterprise-wide attention and agile risk management solutions, property and casualty insurance company Chubb has broadened its enterprise risk management solutions for Chubb commercial cyber policyholders in the United States and Canada.