The massive increase in software-defined infrastructure (SDI) in business operations, which of course affects our personal devices and us as well, has oddly lead to another aspect of hacking outcomes. This would be the availability of cyber insurance covering vulnerability of internet-based data. Therefore, any hacking disasters in these areas can be covered by insurance, the same way we insure our homes, cars, and health. This is oddly amusing yet ironic. All this marvelous technology at our finger tips, but protecting the data it accumulates seems an impossible task. It appears no one can’t keep pace with the rapid updates and creation of new apps that allow others to hack a system, grab its data, and use it at will. So we fall back on an insurance policy to cover our losses and liabilities. Obviously there’s money to be made on even hacking incidents.
These insurance policies can get quite complicated depending on whether they cover individuals (for identity theft, for example) or a company’s entire system infrastructure. A policy for the latter is very complex because it requires such heavy duty coverage. Often these policies are scaled to the business being insured; excluded are some types of hacking, for instance, cyber-terrorist attacks are typically not covered. Then, depending on what kind of information is being insured and where it resides in the system, additional scaling can occur.
Oddly, insurance for hacking has led to some worthwhile legislation regarding hacking incidents. For example, with the passage of the U.S. Data Security and Breach Notification Act, a company cannot withhold the fact that their system has been breached for longer than 30 days. The scandal that Uber created, for example, by withholding a breach from 57 million customers for a year prompted this legislation. And Equifax waited 41 days to announce to 145 million people that their personal information was in jeopardy. In fact, Europe’s new General Data Protection Regulation requires notification within 72 hours of a breach. Thus it appears that cyber insurance might be needed both nationally and internationally. Of course, this is for everyone’s protection. However, it leaves one wondering who’s insuring the insurer. And what does it mean for development of future technology and ensuing legislation?
Larson, Selena. (2017, Dec 1). Senators introduce data breach disclosure bill. CNN Tech. Retrieved from http://money.cnn.com/2017/12/01/technology/bill-data-breach-laws/index.html
Marvin, Rob. (2018, Jan 24). What is cyber insurance and should you get it? PC Magazine. Retrieved from https://www.pcmag.com/feature/358453/what-is-cyber-insurance-and-should-you-get-it/2