Specialized policies to protect against online attacks are offered by about 50 carriers, including big names like the American International Group, Chubb and Ace. As data breaches have become a reality of the business world, more companies are buying policies; demand increased 21 percent last year from 2012, according to Marsh, a risk management company and insurance broker.
Yet companies say it is difficult to get as much coverage as they need, leaving them vulnerable to uncertain losses.
The main problem is quantifying losses from attacks, because they are often intangible — lost sales or damage to a brand name, like the public relations disaster Target suffered after the breach of its point-of-sale systems late last year.
“The losses that are more tangible and more readily quantifiable are the ones you’ll be able to insure against more easily,” said Ed Powers, who heads the online risk services practice at Deloitte & Touche, the accounting firm. “The ones that are less tangible and less quantifiable are more challenging, but those are often the bigger ones.” More...
That massive number, tallied for CNNMoney by Ponemon Institute researchers, is made even more mind-boggling by the amount of hacked accounts: up to 432 million.
The exact number of exposed accounts is hard to pin down, because some companies -- such as AOL (AOL) and eBay (EBAY, Fortune 500) -- aren't fully transparent about the details of their cyber breaches. But that's the best estimate available with the data tracked by the Identity Theft Resource Center and CNNMoney's own review of corporate disclosures.
The damage is real. Each record typically includes personal information, such as your name, debit or credit card, email, phone number, birthday, password, security questions and physical address.
It's enough to get hunted down by an abusive ex-spouse. It makes you an easier target for scams. And even if only basic information about you is stolen, that can easily be paired with stolen credit card data, empowering impostors. More...
The White House has carved out an exception for the Federal Bureau of Investigation and other agencies to keep information about software vulnerabilities from manufacturers and the public. Until now, most debate has focused on how the National Security Agency stockpiles and uses new-found Internet weaknesses, known as zero-day exploits, for offensive purposes, such as attacking the networks of adversaries.
The law enforcement operations expose a delicate and complicated balancing act when it comes to agencies using serious security flaws in investigations versus disclosing them to protect all Internet users, according to former government officials and privacy advocates.
“You might have a bad guy using a zero-day to attack a nuclear facility,” Steven Chabinsky, a former deputy assistant director in the FBI’s cybersecurity division, said in a phone interview. “The FBI doesn’t disclose that vulnerability because they don’t want to tip their hand.” More...
- With 1 million comments, U.S. net neutrality debate nears first marker
- U.S. web companies press demands for net neutrality with FCC
- German government cancels Verizon contract in wake of U.S. spying row
- Cyberattack Insurance a Challenge for Business
- Half of American adults hacked this year
- F.C.C. Votes to Move Ahead on Net Neutrality Plan
- U.S. 'net neutrality' plan faces heat from venture capitalists
- FBI Keeps Internet Flaws Secret to Defend Against Hackers
- Internet users advised to change passwords due to 'Heartbleed' bug
- Target, security auditor Trustwave are sued over data breach