By: 20 December 2016
No surprise that data breach claims are being made at a rate of more than one a day

It is “no surprise” that data breach claims have reached a frequency of more than one a day according to Vectra Networks.

The cyber security company has said that it is seeing growth in corporate cyber extortion using intelligent software such as ransomware and malware after news emerged from CFC Underwriting that it had seen a large increase in data breach claims.

The BBC has reported that CFC Underwriting handled more than 400 claims on cyber-breach policies it had issued in 2016. That is a 78% jump on claims in 2015. The main types of attack being claimed for were privacy breaches and the theft of cash, said CFC.

Graeme Newman, chief innovation officer at the underwriter told the BBC that about 90% of the claims were from businesses with less than £50m in revenue and that a disproportionate number of claims were being made by British firms.

Matt Walmsley, EMEA director at Vectra Networks, said that a rise in claims for digital theft and intrusion was taking place amid growing nation state-driven cyber crime and the looming risk posed by GDPR compliance requirements and punitive fines.

“PwC puts the total value of cyber insurance premiums today at $2.5bn, rising to $7.5bn by 2020 as more companies globally try to mitigate their financial risk,” he said.

“However, such is the infancy of both the insurance and the understanding behind it, insurance providers can struggle to accurately size and price the risk. Also, many firms lack the tools and data insight to support a claim and help law enforcement.”

Walmsley added that no cyber policy claim was viable without actionable intelligence as to what transpired, where it took place on the network and how the criminals got in.

In much the same way that an insurer will want to see CCTV footage after a break in, he said that cyber insurers will need similar data from policy holders to support a claim. Therefore, a range of security visibility tools and counter measures, such as network threat management, would necessary to ensure the validity of any policy and subsequent claim.

“Of course, prevention is better than cure,” he said.

“By automating detection using the very latest self-learning security tools, and with it the response to an incident based on early indicators, many attacks can be “nipped in the bud” before they become costly incidents. This not only reduces the risk for the insurer, but for organisations it is a risk reducing capability that could be argued should reduce premiums. Ultimately, Insurance can provide transference of the financial risk of some cyber attacks but can’t help repair the associated reputation damage.”