Trends in Cyber Liability for 2023

 

 

Some 2023 trends in cyber liability include increasing cyber regulations, “inside-out” underwriting, the return of ransomware, and social engineering fraud. Cyber regulations are increasing due to changes in the threat landscape and bans on ransomware payments. “Inside-out” underwriting is the use of third-party scanning technologies to help detect security weaknesses. The return of ransomware is a major issue, as ransomware losses have dropped in the past few months, but they have increased in severity and ransomware-as-service is on the rise. Finally, social engineering fraud has outpaced ransomware ones this year, fueled by the global shift to hybrid working.

Biden Admin Proposal Heralds Potential Change in 3rd Party Cyber Liability

"It what may well be regarded as the single most innovative part of the just-previewed Biden cybersecurity strategy, the president has proposed to shift liability for insecure software products and services to “those entities that fail to take reasonable precautions to secure their software.” This is truly revolutionary. It is risky. It is ambitious. It is new and different:" Lawfare

Cyber Liability Holds Up $3 Billion Federal Project

"The latest phase of a $3 billion Homeland Security program designed to protect federal computer networks from hackers is stalled because of a dispute about who will be legally liable if the system goes wrong.

For two years, negotiations between DHS and AT&T over the telecom firm’s implementation of the program have been at a standstill, said the department’s former acting Undersecretary for Management Chris Cummiskey."

Read more: http://www.politico.com/story/2014/11/federal-cybersecurity-plan-stalls-113044.html#ixzz3JjcXDRRA

GM Appoints Its First Cybersecurity Chief

Jeffrey Massimilla, "will be in charge of the efforts to protect the computers that run GM cars.

GM says it has established 'one integrated organization, Vehicle and Vehicle Services Cybersecurity, to deal with cybersecurity for vehicles and vehicle-connected services. This team will utilize our internal experts and work with outside specialists, to develop and implement protocols and strategies to reduce the risks associated with cybersecurity threats.'"

The car maker is setting a security foundation for the coming age of "self-driving cars," which will no doubt be literal "moving targets" for hackers: Fortune

Insurance Companies Try to Price Cyber Liability with Help from Consultants

"The goal isn't just to find out what's wrong with a particular company — although they do that and pass it on to the insurer, who passes it on to their customer — but also to develop systematic methods of risk analysis.

Insurers have old, tried and true ways to rate the risk of customers for more conventional forms of insurance, like homeowners and professional malpractice, but cybersecurity insurance is both new and increasingly competitive. It creates an uncomfortably risky situation for the insurers themselves."http://www.zdnet.com/cybersecurity-insurance-may-push-companies-to-better-security-7000029290/

Cyber Liability Specifics Likely to be Defined in Part by New Federal Standards

"However, critical infrastructure owners need to recognize that, if a company's cybersecurity practices are ever questioned during a regulatory investigation and litigation, the baseline for what's considered commercially reasonable is likely to become the NIST Cybersecurity Framework:"http://www.informationweek.com/government/cybersecurity/nist-cybersecurity-framework-dont-underestimate-it/d/d-id/1112978 InformationWeek

Here's the link to the NIST framework:
http://www.nist.gov/itl/upload/preliminary-cybersecurity-framework.pdf

To learn how it might impact your business, visit www.cybersecurityframework.biz

Cyber Liability Definition

Cyber liability (or, cyberliability) is a reference to Internet-based risks and those relating to information technology infrastructure and activities. Such are typically excluded from traditional commercial general liability policies. Coverages under cyberinsurance policies may include first-party coverage against losses such as data destruction, extortion, theft, hacking, and denial of service attacks; liability coverage indemnifying companies for losses to others caused, for example, by errors and omissions, failure to safeguard data, or defamation; and other benefits including regular security audits, post-incident public relations and investigative expenses, and criminal reward funds. (Adapted from White House report)


Lawsuits over cyber issues have increased significantly, both due to increasing cyber crime and regulations requiring the disclosure of events, such as SEC guidance and state reps covering the loss of PPI (protected personal information). Companies that disclose loss of PPI are often subjected to suits. 

More and more businesses are purchasing insurance to cover potential cyber liability. If you don't know whether your business has cyber liability insurance, it probably doesn't. Most policies written in past years do not include cyber liability insurance.

To learn more, visit: www.whatiscyberinsurance.com