GO
Loading...

Hack Attacks Help Boost Insurance Business

Saturday, 2 Mar 2013 | 4:30 PM ET
Ugurhan Betin | E+ | Getty Images

More than 138 million American adults have life insurance. Why? Because death is one of the only guarantees in life — that and taxes. And now, perhaps, getting hacked can be added to the list, and that's been a boon to the cyber-insurance industry.

"Any high-value organization has been or will be attacked soon — that is almost certain in today's world," said William Stewart, the leader of Booz Allen Hamilton's Cyber Technologies Center of Excellence.

Apple, Facebook, Twitter, Bank of America, PNC, and even NBC News have all been victims of cybercrime recently. And the list goes on. (Like NBC News, CNBC is a unit of Comcast's NBC Universal unit.)

It's an issue that's keeping C-suite executives up at night. Fear of a cyberattack tops the list of major business risks that CEOs are most concerned about, according to a recent study sponsored by American International Group.

(Read More: Execs Say Cyberattacks a Top Threat: AIG Survey)

That fear appears to be driving business to the insurance industry. Cyber-insurance policies have been around for over a decade but their use has really only spiked in the past few years, and business is expected to grow.

As of June 2012, the Betterley Report, an independent guide to specialty insurance products, estimated that the total insurance premium for cyber-insurance was about $1 billion in the United States. The report's publisher, Richard Betterley, said he anticipates the premium to hit $1.2 billion in this year's report.

Insurance brokerage firm Marsh, whose parent company is Marsh and McLennan, said it has seen a 30 percent increase over the last year when it comes to its cyber business.

"There was a day when IT-related risks seemed to exist only for computer and technology firms," Bob Parisi, Marsh's Network Security and Privacy Practice Leader, told CNBC. "Now, the reality has set in that any company that handles, collects, or stores information; or any company that uses a computer network in its operations has this risk."

Hacking in America: The Growing Problem
CNBC's Scott Cohn reports on the growing problem of cyber attacks. Even Ben Bernanke addressed it in his testimony to Congress this week. Many companies, however, are wary of reporting attacks, he says, and that's a problem.

Marsh's clientele for cyber-liability insurance includes financial institutions, retail, health care, higher education, and media and tech industries. However, Parisi said there is new demand from companies within the manufacturing, biotechnology, and pharmaceutical sectors.

(Read More: 10 Ways Companies Get Hacked)

So what exactly is cyber-liability insurance?

Plans include everything from business interruption coverage, which covers reimbursement for lost revenue resulting from an attack; privacy and security liability, which provides protection for claims such as lawsuits arising from an actual or alleged failure of computer security; cyber-extortion coverage, which covers ransom or investigative expenses associated with a threat; and information asset coverage, which provides reimbursement for the actual and necessary costs incurred to restore an organization's information and computer system assets.

Costs for these plans can vary depending on the company's size as well as the breadth and scope of coverage purchased.

Maria Treglia, chief sales officer at Program Brokerage Corporation, a division of HUB International, said she has seen sales of cyber-liability insurance increase ten-fold over the last year.

The company expects an even bigger expansion of that business this year.

"There is significant interest in this product by our middle-market clients with between $10 million to $1 billion in revenue," Treglia told CNBC.

(Read More: Is Washington to Blame for Cybersecurity Threat?)

Insurance companies are now fighting each other for clients, she said, so they can build up their books to sustain the losses they know will come in. "Each is trying to out-do the other in policy terms and conditions they will offer a client as well as risk management services. This is a win-win for our clients."

However, some remain skeptical.

"It's human nature to want to 'check all the boxes' to protect yourself from today's threats, but at the end of the day, insurance won't protect your company from losing sensitive intellectual property," said John Prisco, CEO of the cybersecurity company Triumfant.

"Signing up for insurance alone is not enough," he added. "Security professionals need to employ a higher level of diligence to make sure they're taking the proactive steps to protect their companies on the front-end rather than simply making sure the damage isn't as bad once it's done."

(Read More: The Dirty Email Trick Favored by Hackers)

In fact, cyber criminals are much more organized these days. According to Fortinet's 2013 Cybercrime report, they are operating more like a legitimate business with a complex hierarchy.

The bottom line, Prisco said, is no amount of insurance is going to save a company if trade secrets are revealed as a result of a successful cyber attack.

And when it comes to cyber crime, most experts would agree, no protection is perfect.

  Price   Change %Change
BAC
---
FB
---
PNC
---
AAPL
---
MMC
---

Featured

  • CNBC's senior correspondent and lead investigative reporter, Scott Cohn also appears on "NBC Nightly News with Brian Williams," the "Today" and on MSNBC.

  • Co-anchor of CNBC's "Squawk on the Street," David Faber also is a co-producer of CNBC's original documentaries.

  • Eamon Javers is a reporter based at CNBC's Washington, D.C. bureau, appearing on business day programming and contributes to CNBC.com.

Investigations Inc.: Cyber Espionage

  • When a person enters information on a website, like an email or credit card, it gets stored in that company’s data base. Those web-based forms are a simple tool for users, but they are also another way hackers can exploit a company’s system. Instead of inputting a name into the website, cyber spies can put in a specially crafted text that may cause the database to execute the code instead of simply storing it, Alperovitch said. The result is a “malicious takeover of the system,” he said.

    By attacking business computer networks, hackers are accessing company secrets and confidential strategies and creating huge losses for the overall economy.

  • China is working feverishly to counteract its slowest GDP growth in recent years, and one of the ways it’s doing so, say U.S. officials, is through the theft of American corporate secrets.

  • US businesses are enduring an unprecedented onslaught of cyber invasions from foreign governments, organized crime syndicates, and hacker collectives, all seeking to steal information and disrupt services, cybersecurity experts say.

Technology

  • Facebook's latest moves in mobile have shown how messaging is shifting from SMS texts to full-blown content sharing.

  • Is Google fiber coming to New York? CNBC's Jon Fortt and Peter Kafka, Re/Code senior editor, discuss the possible entrance of Google fiber into the New York marketplace and what hurdles the tech giant will have to clear.

  • Makeshift co-founder Nick Marsh

    Start-ups often find it tough to protect their ideas, especially when faced with so-called "clone factories." But most are unfazed.

Technology Explained