Cyber Security Breach at LinkedIn
For millions of professionals who use LinkedIn, the career social networking site, it was time to create new passwords.
Earlier this month, LinkedIn — a site with more than 160 million users, including many insurance professionals — said more than 6 million passwords had been stolen by hackers. Those stolen passwords later surfaced on underground online forums used by criminal hackers.
LinkedIn was still examining the full extent of the breach when Insurance Journal went to press. A LinkedIn spokesperson did not immediately respond to Insurance Journal‘s inquiry about the company’s insurance coverage including any cyber insurance.
Unfortunately, these types of cyber breach incidents are common events for U.S. companies. Everyday, major companies face threats from hackers, and there is the potential for big damages to their corporate reputation and business.
According to the Insurance Information Institute, traditional insurance policies typically have not handled these emerging risks — but in recent years limited coverage under traditional policies has become available.
The I.I.I. said traditional business insurance policies that may help in the event of a data breach or other cyber-related attack include: property insurance (including business interruption coverage); liability insurance (including E&O, D&O, general liability and umbrella insurance); crime insurance policies (including financial institution bonds, computer crime policies and fidelity insurance); and business owners policy (BOP) packages.
But traditional insurance policies may not provide enough coverage, and insurance companies have been developing specialist social media and cyber insurance policies.
Specialized cyber risk coverage is available primarily as a stand-alone policy, available for both first- and third-party coverages.
According to Advisen, an analytics and research firm, a growing number of risk professionals see information security and other cyber risks as “serious concerns.”
But many are failing to purchase relevant insurance coverage. Advisen says only about one-third of organizations purchase insurance as part of their cyber risk management strategy.
What are some of the reasons that companies don’t buy cyber liability insurance? They include: an emphasis on preventive measures rather than buying insurance; lack of coverage clarity and knowledgeable brokers; difficulties in the application process; high deductibles; and limited policy coverage.
On the brighter side, Advisen did find that interest in the coverage appears to be growing. Further, guidance issued by the Securities and Exchange Commission (SEC) last year urging publicly traded companies to disclose significant cyber risks and exposures could also help boost the demand for cyber insurance.