
As hackers go wild, cyber insurance gets expensive [video] - rectang
http://www.reuters.com/video/2015/10/21/as-hackers-go-wild-cyber-insurance-gets?videoId=366025124
======
rectang
Perhaps skyrocketing insurance rates will eventually force better security
practices on the tech industry. As the video explores, these risks were new
and nobody knew how to price them. After absorbing several huge claims, now
they have better information!

------
rectang
_TRANSCRIPT_

[Ron Beeson, Lockton] If you are retailer with a point of sale machine and you
take customer credit cards, if you don't use something to encrypt, end-to-end,
that credit card, you're probably going to find it very difficult now to get
insurance.

[Jim Finkle, Reuters] You hear a lot about cyber insurance, growing as an
industry, but what about the rates? If you have a car and you get into auto
accidents, you want to make sure that the other people on the road also have
insurance -- but if they're not protected and there's an accident, that means
that you'd have to pick up the costs. Cyber insurance covers costs associated
with a cyber attack. If you're a company that has access to a large number of
credit cards, your rates are likely to have gone way up in the past year.

[Bob Paris, Marsh] The insurance industry has now absorbed several hundred-
million-dollar losses in the retail and health-care space -- and for a
relatively immature market as cyber is, having three or four hundred-million
dollar losses is going to have an impact.

[Richard Bortnick, Traub Lieberman Strauss & Shrewsbury LLP] The claims
frequency and severity was not anticipated, because you had no historical
model to build in. It's all new, and everybody's learning at the same time.

[Ron Beeson, Lockton] That increase isn't going to work. And what you are now
seeing is certain insurers starting to invest, and work with in partnership
with silicon valley, with certain technology companies, to help better
understand the risk that the underwriters are writing and price the risk.

[Bob Paris, Marsh] It's an aggregation of things. Various regulatory
environment, the FCC, big breaches -- that's when we started to see these huge
purchasing trends start to change. Now the question is more about resiliency
-- because the thought is, you're gonna get breached, you're gonna get
attacked, but how capable are you, how resilient are you, to work through that
event?

[Richard Bortnick, Traub Lieberman Strauss & Shrewsbury LLP] As their premium
rates go up, they'll probably increase prices to the consumer, and so it
trickles down to the lowest denominator. I think at some point the government
is going to mandate certain industries have cyber insurance. It'll become
enterprise risk management to have the insurance. The alternative -- to be
without insurance -- is to bet the business.

[Ron Beeson, Lockton] Everyone should be investing in cyber security,
regardless of whether you consider insurance or not. But it's important to
understand that insurance does not replace that investment.

[graphic] CYBER RISK -- Target expects insurance to cover $90 million of the
$264 million of costs related to its 2013 attack. Home Depot expects $100
million in insurance payments toward $232 million in expenses from its 2014
breach.

