Insurance Market Watch: Cybersecurity + Terrorism = Top Concerns for Risk Management

March 23, 2015

by: Mary-Pat Cormier & Jennifer Garner

The 2015 Risk Management Summit held earlier this month in New York City identified cybersecurity and terrorism as “gamechangers” that will create big problems for risk managers in the future. The Summit’s Keynote Speaker, Mike Rogers, former US Representative and Chairman of the US House Intelligence Committee, noted that as these types of risks become more prevalent, companies must rethink the way information and systems are protected. You can watch a summary of the Summit here.

This is hardly surprising in the wake of recent large, highly public security breaches:

  • Target, which endured one of the most high-profile data breaches of 2013 and 2014, was hit with a shareholder derivative suit and a consumer class action suit in response to the breach. On Thursday, March 19, 2015, a federal judge approved a $10 million settlement in the class action suit. A condition of that settlement requires Target to improve its data security and provide security training to its employees. The derivative suit remains ongoing.
  • In December of 2014, Sony was also sued by its employees following the exquisitely embarrassing data breach that hit it in 2014. In the Complaint, Sony employees alleged that Sony “failed to secure its computer systems, servers and databases, despite weaknesses that it has known about for years” and “subsequently failed to timely protect confidential information of its current and former employees from law-breaking hackers.” Sony’s hack was particularly noteworthy, as its systems were apparently attacked for political retribution related to the mother of all B-movies, “The Interview”. (To date, Sony’s investors have not filed suit against the company in connection with the breach.)

In Target and Sony, we can see the faint outlines of enterprise risks that could far outweigh liability claims, defense costs, or even regulatory inquiries.

Besides the increased demand for insurance for cyber-security and data protection, what these instances and the Risk Management Summit highlight is the need in some industries and companies for coverage for extortionthreats, or ‘kidnap & ransom’-type risks in conventional cyber policies.