Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Cyber Insurance. Solution Or Snake Oil?

Posted by Soulskill on from the don't-fix-it-just-insure dept.

onehitwonder writes "A recent article in The Wall Street Journal's CIO Journal argues in favor of the benefits of cyber liability insurance — policies designed to help companies cover costs they incur in the aftermath of data breaches (whether for investigation, remediation, customer notification, regulatory fines or legal settlements). Two Deloitte consultants interviewed for the article argue that cyber insurance can help companies offset the increasingly staggering costs of a data breach. (Several of the biggest data breaches in recent history, including Heartland and TJX, have cost those companies hundreds of millions of dollars. A Mizuho Investors Securities analyst estimated the total cost of the 2011 Sony data breaches at $1.25 billion.) The question is: will insurance providers really come through when companies begin filing claims on their cyber liability policies, or will they find ways out? A 2011 article from Computerworld notes that even though a growing number of companies have been purchasing cyber insurance, it's hard to find examples where one of those policies has actually covered the costs of a data breach. Moreover, the Computerworld article points out that many cyber insurance policies cover only the cost of re-creating whatever data may have been lost during the breach — not notification costs, legal costs or other related expenses."

4 of 71 comments (clear)

  1. Re:Really? That's a question? by Rockoon · · Score: 3, Informative

    Do you want to bet that you'll get less screwed by a data intrusion than by the insurance company? Go for it!

    That is in effect the essential idea of insurance. Its a wager. Clearly it only works if more money gets taken from "losers" than gets paid to "winners."

    --
    "His name was James Damore."
  2. Show us the math by Dunbal · · Score: 3, Interesting

    How do these companies arrive at hundreds of million/billion dollars worth of "damages" anyway? Is this using the MPAA/RIAA method of accounting? Do they have to shut down the entire company for a week? Seriously, did absolutely no one make a recent backup of the databases? Do they have to replace all the computer equipment? Are the IT people so expensive? Where does the figure come from?

    --
    Seven puppies were harmed during the making of this post.
  3. Ways out for the insurance companies by fox171171 · · Score: 4, Funny

    Ways out:

    - We took the money and ran, your coverage is void.
    - You failed to adequately protect your network, your coverage is void.
    - You angered nerds, you brought this on yourself, your coverage is void.

  4. Re:Really? That's a question? by graphius · · Score: 4, Insightful

    I am not a fan of insurance in general. In essence, you are betting against yourself. For the case of this article, why don't you take the money you pay in insurance premiums and invest it in securing your systems... Seems like a better bet to me.