With the retail and financial services sectors hit hard by recent reports of massive data breaches, companies not only fear the damage to their reputation, but they also fear the financial impact of these cyberintrusions. As more firms face the possibility of cyberattacks and insider threats, they are increasingly turning to cyberinsurance to protect themselves from the high costs of data breaches.
Ira Scharf, chief strategy officer at BitSight, said cyberinsurance is the fastest growing segment of the insurance industry, with more carriers meeting demand from firms seeking out greater coverage for data breach expenses, Dark Reading reported.
Although cyberinsurance can prove effective in helping companies get back on their feet after the devastating financial blow of a major data breach, firms are still at risk for monetary loss if they experience declines in sales as well as consumer and investor confidence.
The question of whether simply having cyberinsurance is enough to cover the costs of data breaches is more relevant now that corporate giants like Target have already reported millions of consumer records compromised. Target's data breach at the heart of the holiday season in 2013 exposed 40 million credit and debit card numbers and 70 million customer personal information records.
Insurance companies are seeing a greater trend of firms choosing to buy cyberinsurance to guard against the risk of cyberattacks and create a better risk management culture, The Wall Street Journal reported.
Limits of cyberinsurance
Not only did the breach potentially result in profit loss for Target - with first quarter earnings down 14 percent compared to the previous year - but the company also said it had $26 million in pretax data breach-related costs in the three months ended May 3. These expenses include identity theft protection services as well as legal fees. Numerous lawsuits from consumers and businesses - including those in the financial services industry - have been filed against the retail company. Of these costs reported by Target, about $8 million was covered by insurance.
Analysts forecast the costs from the data breach could reach $1 billion, the Journal reported. However, Target's cyberinsurance policy may only be able to recover about $100 million of that amount. Although cyberinsurance could cover certain fees that could pile on after a breach, this policy does have its limits.
Cyberinsurance coverage may not be fully understood by companies and intellectual property may not be insured by most companies, according to Dark Reading. With these costs in mind, firms need to address key issues and vulnerabilities within their IT systems and staff to fully guard against the financial impact of data breaches.