Do businesses need Cyber Insurance?
Cyber insurance is a contract that an entity can purchase to help reduce the financial risks associated with doing business online. Cyber insurance generally covers your business’ liability for a data breach involving sensitive customer information, such as Social Security numbers, credit card numbers, account numbers, driver’s license numbers and health records. Apart from the typical legal fees and expenses, Cyber insurance also helps in notifying customers about a data breach, restoring personal identities of affected customers, recovering compromised data and also repairing damaged computer systems. The importance of cyber security is highlighted as the loss, compromise or theft of electronic data can have a negative impact on a business, including the loss of customers and revenue.
One example was the breach that took place in 2011 with respect to Sony, the Playstation Network was breached by hackers, exposing personally identifiable information (PII) of 77 million PlayStation user accounts. The breach prevented users of PlayStation consoles from accessing the service, an outage that lasted for 23 days. Sony incurred over $171 million in costs related to the breach. Portions of this cost could have been covered by a cyber insurance policy, but Sony did not have one in place. A court case ruled that Sony’s insurance policy covered damage to physical property only, leaving Sony to incur the full amount of costs related to cyber damages.
More or less all businesses do need cyber insurance but businesses that specifically deal with a lot of PII, electronic data should surely get cyber insurance. E-commerce businesses can benefit from cyber insurance, since downtime related to cyber incidents can cause a loss in sales and customers. Similarly, any business that stores customer information on a website can benefit from the liability coverage that cyber insurance policies provide.
Cyber insurance policies are sold by many of the same suppliers that provide related business insurance. Most policies include first-party coverage, which applies to losses that directly impact a company, and third-party coverage, which applies to losses suffered by others from a cyber event or incident, based on their business relationship with that company. The cost of a cyber insurance policy will depend on a number of different factors including the size of the business and the annual revenue. Other factors can include the industry the business operates in, the type of data that the business typically deals with, as well as the overall security of the network.
There are some things that could be important to organisations that don’t tend to be covered by cyber insurance and it’s vital to understand what isn’t covered, so protecting these assets can be properly managed. The financial damage caused by loss of intellectual property isn’t covered by cyber insurance and neither is the reputational costs that can be incurred following a cyberattack.For example, cyber insurance could pay out for the costs associated with dealing with the direct aftermath of a cyberattack, but in the longer run the company might lose business due to public perception of having poor cybersecurity. A cyber insurance policy won’t cover the cost of losing customers due to the bad reputation it picks up as a result of a cyberattack.
Connect with Tsaaro for better understanding of cyber attacks and how to protect your business from them.
Major Privacy Updates of the Week
Japan, EU launch digital partnership
Japanese Prime Minister Fumio Kishida, who held talks in Tokyo with European Commission President Ursula von der Leyen and European Council President Charles Michel, told a joint news conference that Japan supports tough sanctions against Russia and ample support for Ukraine because the war “shakes the foundation of the world order not only in Europe but also in Asia.”
The EU leaders said they want to take a greater role and responsibility in the region and agreed to bolster cooperation in a range of areas including digital transformation, renewable energy and climate.
Japan, EU launch digital partnership
Japanese Prime Minister Fumio Kishida, who held talks in Tokyo with European Commission President Ursula von der Leyen and European Council President Charles Michel, told a joint news conference that Japan supports tough sanctions against Russia and ample support for Ukraine because the war “shakes the foundation of the world order not only in Europe but also in Asia.”
The EU leaders said they want to take a greater role and responsibility in the region and agreed to bolster cooperation in a range of areas including digital transformation, renewable energy and climate.
Connecticut Passes Comprehensive Data Privacy Law
On May 10, 2022, Connecticut became the fifth state to pass a comprehensive privacy law, adding to the patchwork of such laws. The law will go into effect on July 1, 2023, and applies to all persons (a) that conduct business in Connecticut or produce products or services targeted to Connecticut residents and (b) in the last year either controlled or processed the personal data of at least 100,000 consumers (unless solely for the purpose of completing a payment transaction) or controlled or processed the personal data of at least 25,000 consumers and derived 25% of their gross revenue from the sale of personal data.
Connecticut Passes Comprehensive Data Privacy Law
On May 10, 2022, Connecticut became the fifth state to pass a comprehensive privacy law, adding to the patchwork of such laws. The law will go into effect on July 1, 2023, and applies to all persons (a) that conduct business in Connecticut or produce products or services targeted to Connecticut residents and (b) in the last year either controlled or processed the personal data of at least 100,000 consumers (unless solely for the purpose of completing a payment transaction) or controlled or processed the personal data of at least 25,000 consumers and derived 25% of their gross revenue from the sale of personal data.
UK Data Protection Reform - Data Reform Bill
The U.K. government announced in the Queen’s Speech its intentions to reform the country’s data protection regime, Euractiv reports. The speech did not include specific details regarding the extent of the reform, but those are expected in the weeks to come. The changes may affect EU-U.K. adequacy, as Centre for European Reform Senior Research Fellow Zach Meyers said the U.K. “was repeatedly found to have breached” EU data protection standards previously with its national security practices and further divergence may lead the European Commission to a withdrawal.
UK Data Protection Reform - Data Reform Bill
The U.K. government announced in the Queen’s Speech its intentions to reform the country’s data protection regime, Euractiv reports. The speech did not include specific details regarding the extent of the reform, but those are expected in the weeks to come. The changes may affect EU-U.K. adequacy, as Centre for European Reform Senior Research Fellow Zach Meyers said the U.K. “was repeatedly found to have breached” EU data protection standards previously with its national security practices and further divergence may lead the European Commission to a withdrawal.
Conti ransomware declared a ‘National Emergency’ in Costa Rica
The Conti ransomware that has been plaguing Windows systems around the world has ripped through the Costa Rican government since April, and has become such a persistent and damaging issue that the country has declared it a national emergency. This has prompted the US State Department to turn up the pressure on the group by offering a total of $15 million in reward money for information that leads to identification or arrest of the group’s organizers.
Leaked internal information from 2021 shows that Conti operates like a legitimate tech company that employs remote working contractors, some of whom apparently are not aware that they are working for a ransomware gang. In spite of its billions of dollars in activity and churning through hundreds of these lower-level employees, core members of Conti have yet to be identified or brought to justice. There is a fierce debate over whether or not ransom demands should be paid, but as Roger Grimes (Data-Driven Defense Evange list for KnowBe4) notes, victims are often not given much of a choice: “This is what happens in today’s ubiquitous world of ransomware. If you become a victim and do not pay, they will leak your data. It is a large reason why most victims are paying today.
Conti ransomware declared a ‘National Emergency’ in Costa Rica
The Conti ransomware that has been plaguing Windows systems around the world has ripped through the Costa Rican government since April, and has become such a persistent and damaging issue that the country has declared it a national emergency. This has prompted the US State Department to turn up the pressure on the group by offering a total of $15 million in reward money for information that leads to identification or arrest of the group’s organizers.
Leaked internal information from 2021 shows that Conti operates like a legitimate tech company that employs remote working contractors, some of whom apparently are not aware that they are working for a ransomware gang. In spite of its billions of dollars in activity and churning through hundreds of these lower-level employees, core members of Conti have yet to be identified or brought to justice. There is a fierce debate over whether or not ransom demands should be paid, but as Roger Grimes (Data-Driven Defense Evange list for KnowBe4) notes, victims are often not given much of a choice: “This is what happens in today’s ubiquitous world of ransomware. If you become a victim and do not pay, they will leak your data. It is a large reason why most victims are paying today.
Government proposes new law to make social media firms accountable
The Indian government is mulling a new piece of legislation that would weaken the immunity provided to social media companies under the safe harbour rule, multiple reports have stated, quoting various sources.
The proposed law—aimed to increase social media platforms’ accountability for the content posted using their platforms and to improve data security—is expected to “replace the existing Information Technology Act and include aspects of the draft data privacy bill,” Livemint reported.
Safe Harbour rules, specified under Section 79 of the Information Technology Act, protect social media firms from being held liable for any third-party information that has been made available on their platforms. Safe harbour rule provides legal immunity to the firms against any action by a third party that is deemed illegal or offensive by the government.
Government proposes new law to make social media firms accountable
The Indian government is mulling a new piece of legislation that would weaken the immunity provided to social media companies under the safe harbour rule, multiple reports have stated, quoting various sources.
The proposed law—aimed to increase social media platforms’ accountability for the content posted using their platforms and to improve data security—is expected to “replace the existing Information Technology Act and include aspects of the draft data privacy bill,” Livemint reported.
Safe Harbour rules, specified under Section 79 of the Information Technology Act, protect social media firms from being held liable for any third-party information that has been made available on their platforms. Safe harbour rule provides legal immunity to the firms against any action by a third party that is deemed illegal or offensive by the government.
WEEKLY PRIVACY NEWSLETTER
Keep up to pace with this high-impact weekly privacy newsletter that
features significant data privacy updates, trends, and tools that can
help to make your life secure & easier every day!
*By clicking on subscribe, I agree to receive communications from Tsaaro
