When Sony Pictures disclosed last November that hackers had plundered its networks and accessed virtually all of its data assets, loss estimates for the company ran from the tens of millions of dollars to the hundreds of millions. Similar data breaches at TJX and Heartland had cost each company well over $100 million, and there was little to indicate that Sony would fare any better.
So when CEO Michael Lynton disclosed in a media interview earlier this year that Sony's intrusion-related costs would be almost entirely paid for by insurers, the news renewed attention on the topic of cyber insurance in a major way.
It was one of the few times that a victim of a major data breach had publicly talked about how an insurance policy had actually helped offset the cost of the breach. In a sense, Lynton's comments were a message to skeptics that cyber policies aren't a waste of time and money — they can actually soften the financial blow of a security incident. And while some have questioned whether the $60 million or so that Sony is believed to have in cyber insurance will be enough to cover the company's full losses, the breach has raised awareness about cyber insurance.
Analyst firm Gartner defines cyber insurance as protection against losses stemming from data theft and data loss, or business interruptions caused by malware or a computer malfunction. Covered under the definition are losses attributable to fines and lost income as a result of a network intrusion or security breach.
"Cybersecurity policies provide necessary coverage for claims of loss or theft of personally identifiable information and other sensitive information," says Chris Pierson, general counsel and chief security officer at Viewpost, a supplier of online invoicing and payment platforms.
To continue reading this article register now