Security News

CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March. CNA is considered the seventh-largest commercial insurance firm in the US based on stats from the Insurance Information Institute.

Key findings To date, cyber insurance has failed to live up to expectations that it may act as a tool for improving organizations' cyber security practices. Not only is cyber insurance seen as a way for organizations to reduce the impact of cybercrime by transferring financial risk to insurers as the market grows and matures, cyber insurers are seen as potentially able to fulfil the role played by insurers in other industries.

The cost of insurance to protect businesses and organisations against the ever-increasing threat of cybercrimes has soared by a third in the last year, according to international insurance brokers Howden. It found that global cyber insurance pricing has increased by an average of 32 per cent in the year to June.

Arthur J. Gallagher, a US-based global insurance brokerage and risk management firm, is mailing breach notification letters to potentially impacted individuals following a ransomware attack that hit its systems in late September. "Working with the cybersecurity and forensic specialists to determine what may have happened and what information may have been affected, we determined that an unknown party accessed or acquired data contained within certain segments of our network between June 3, 2020 and September 26, 2020," AJG said.

To overcome these challenges and champion the positive effects of cyber insurance, this paper calls for a series of interventions from government and industry. To date, the UK government has taken a light-touch approach to the cyber insurance industry.

Cyber insurance isn't exactly driving organisations to improve their infosec practices, a think-tank has warned - and some insurers are thinking of giving up thanks to the impact of ransomware. "To date, the shortcomings of cyber insurance mean that its impact is ultimately more limited than policymakers and businesses might hope," concluded the Royal United Services Institute's latest report, Cyber Insurance and the Cyber Security Challenge.

Cyber insurance isn't exactly driving organisations to improve their infosec practices, a think-tank has warned - and some insurers are thinking of giving up thanks to the impact of ransomware. "To date, the shortcomings of cyber insurance mean that its impact is ultimately more limited than policymakers and businesses might hope," concluded the Royal United Services Institute's latest report, Cyber Insurance and the Cyber Security Challenge.

A study of exposed web-app attack surface reveals that insurance companies are not good at keeping their own security house in order. Kids with sports cars pay high motor insurance premiums and houses built on flood plains have high home insurance premiums.

Ransomware victims are increasingly falling back on their cyber-insurance. Paid ransomware attackers almost $500,000,which the city announced would be mostly covered by insurance.

Indonesia's government has admitted to leaks of personal data from the agency that runs its national health insurance scheme. On May 20th Kominfo, Indonesia's Ministry of Communication and Information Technology, acknowledged it was aware of a post on notorious stolen-data-mart Raidforums offering to sell a million records leaked from the Badan Penyelenggara Jaminan Sosial, an agency that runs national health insurance scheme Jaminan Kesehatan Nasional.