[ISN] The $10 Million Deductible – Why the cyberinsurance industry is a mess.

http://www.slate.com/articles/technology/future_tense/2014/06/target_breach_cyberinsurance_is_a_mess.html By Josephine Wolff Slate.com June 12, 2014 Do you still shop at Target? There’s been controversy over how much of an impact the massive breach of 40 million credit and debit card numbers in late 2013 had on the company’s shareholders and customers. And that controversy speaks to a larger cybersecurity problem plaguing industry today: the difficulty of assessing the impact and costs of these sorts of security breaches and the challenges that presents when it comes to trying to buy and sell cyberinsurance. Yes, that’s a real thing—and a great business to be in, at the moment, if you can figure out how to develop accurate actuarial models, that is. A recent New York Times article touted cyberinsurance as the “fastest-growing niche in the [insurance] industry today.” Nicole Perlroth and Elizabeth Harris report: “[A]fter the breach at Target, its profit was cut nearly in half—down 46 percent over the same period the year before—in large part because the breach scared away its customers.” These enormous costs to brand reputation make it difficult for companies to get as much cyber risk coverage as they want, and the demand is only growing. The Times cites statistics showing a 21 percent increase in demand for cyberinsurance policies from 2012 to 2013, with total premiums reaching $1.3 billion last year and individual companies able to acquire a maximum of roughly $300 million in coverage. At the time of its breach, Target had only $100 million in coverage, with a $10 million deductible, and had been turned away by at least one insurer when it tried to acquire more cyberinsurance, Perlroth and Harris report. They suggest that this coverage may fall well short of the massive losses incurred by the company when it saw its profits nearly halved. But their piece comes less than a month after Eric Chemi argued exactly the opposite about the impact of Target’s security breach in a piece for Bloomberg Businessweek titled “Investors Couldn’t Care Less About Data Breaches.” He wrote: […]