Innovation Insurance Group

  • Home
  • About
    • Company Profile
      • Annual Reports
        • 2014 Annual Report
        • 2013 Annual Report
    • Ty R. Sagalow
    • Lisa Vivori
  • Our Services
    • Expert Witness
    • InsurTech
    • Product Development
      • Product Development Case Studies
    • Directors and Officers Insurance
    • Cyber Risk Insurance
    • Bitcoin Insurance Agency
      • BitCoin 101
      • Bitcoins FAQ
      • Bitcoin Video Series
      • Publications and Interviews
  • News
    • Speaking Engagements
    • IIG in the News
    • Bitcoin Industry News
    • Events
    • World Risk and Insurance News
      • Web Series Hosted
        by Ty Sagalow
        • What’s New in Insurance?
        • Innovations in Insurance
      • Interviews of
        Ty Sagalow
    • Gallery
  • Leadership
    • Publications and Interviews
      • Innovation and Product Development
      • D&O Insurance
      • Cyber Risk Insurance
      • Reputation Risk
      • Bitcoin
    • Innovation
    • Emerging Risks
      • InsurTech
      • Reputation Risk
      • Crowdfunding
      • Bitcoin Risk
      • Cyber Risk
    • Thoughts from Industry Leaders
  • Clients
    • Clients
    • Testimonials
    • Partners
      • Advisen, Ltd.
      • Hanover Stone Partners, LLC
      • CLM Advisors
  • Lemonade Book
    • Book Store – Buy the Book
    • Book Overiew
    • Interviews with the Author
    • Book Signing Gallagy
  • Contact Us
You are here: Home / Cyber Risk Insurance Publications and Interviews / A Look at Cyber Risk of Financial Institutions

April 2, 2013

A Look at Cyber Risk of Financial Institutions

You cannot be a financial institution operating in the 21st Century and not have a cyber risk management plan which includes the purchase of cyber insurance.

Overview Of The Risk

There were more than 26 million new strains of malware released into circulation in 2011. Such a rate would produce nearly 3,000 new strains of malware an hour! Almost two-thirds of U.S. firms report that they have been the victim of cyber-security incidents or information breaches. The Privacy Rights Clearinghouse reported that since 2005, more than 534 million personal records have been compromised. In 2011, 273 breaches were reported, involving 22 million sensitive personal records. The Ponemon Group, whose Cost of Data Breach Study is widely followed every year, indicated a total cost per record of $214 in 2011, an increase of over 55% ($138) compared to the cost in 2005 when the study began.

Other surveys are consistent. NetDiligence, a company that provides network security services on behalf of insurers, reported in their “2012 Cyber Risk and Privacy Liability Forum” the results of their analysis of 153 data or privacy breach claims paid by insurance companies between 2006 and 2011. On average, the study said, payouts on claims made in the first five years total $3.7 million per breach, compared with an average of $2.4 million for claims made from 2005 through 2010.

And attacks simply don’t target large companies.

  • According to Symantec’s 2010 SMB Protection report, small businesses:
  • Sustained an average loss of $188,000 per breach
  • Comprised 73% of total cyber-crime targets/victims
  • Lost confidential data in 42% of all breaches
  • Suffered direct financial losses in 40% of all breaches

Indeed, according to the 2011 Verizon Data Breach Report, in 2010, 57% of all data breaches were at companies with 11 to 100 employees. Interestingly, it was the Report’s opinion that 96% of such breaches could have been prevented with appropriate controls.

Bottom line: cyber attacks are here to stay — and in many ways, they are getting worse.

A Look At The Financial Institution Sector

Willy Sutton once infamously remarked that he robs bank because “that’s where the money is.” According to Professor Udo Helmbrecht, the Executive Director of the European Networking and Information Security Agency, if Willy Sutton was alive today, he would rob banks online.

Criminals today can operate miles, or even oceans, away from the target.

The number and sophistication of malicious incidents have increased dramatically over the past five years and is expected to continue to grow,” according to Gordon Snow, Assistant Director of the Cyber Division of the Federal Bureau of Investigation (testifying before the House Financial Services Committee, Subcommittee on Financials Institutions and Consumer Credit). “As businesses and financial institutions continue to adopt Internet-based commerce systems, the opportunity for cybercrime increases at the retail and consumer level.

Indeed, according to Snow, the FBI is investigating 400 reported account takeover cases from bank accounts of US businesses. These cases total $255 million in fraudulent transfers and has resulted in $85 million in actual losses.

According to the FBI, there are eight cyber threats that expose both the finances and reputation of financial institutions: account takeovers, third-party payment process breaches, securities and market trading company breaches, ATM skimming breaches, mobile banking breaches, insider access, supply chain infiltration, and telecommunications network disruption.

It was the telecommunications network disruption that dominated the news in 2012. 

Otherwise known as a distributed denial of service attack, US banks were attacked repeatedly throughout the year by sophisticated cyber “criminals” whose attacks were eventually sourced to the nation of Iran in what would truly be considered a Cyber War attack against this country’s infrastructure.

Among the institutions hit were PNC Bank, Wells Fargo, HSBC, and Citibank, among many others. Big or small, it made no difference. At the end of the day, as many as 30 US banking firms are expected to be targeted in this wave of cyber attacks, according to the security firm RSA. And it is likely that we are not at the end of the day. On January 9, 2013, the computer hacking group that has claimed responsibility for cyber attacks on PNC Bank vowed to continue trying to shut down American banking websites for at least the next six months.

That is not to say that financial situations only had to worry about distributed denial of service attacks launched by hostile nation states in 2012.

On December 13, 2012 the Financial Services Information Sharing and Analysis Center, which shares information throughout the financial sector about terrorist threats, warned the US financial services industry that a Russian cyber-gangster is preparing to rob American banks and their customers of millions of dollars. According to the computer security firm, McAfee, the cyber criminal, who calls himself the “Thief-in-Law,” already has infected hundreds of computers of unwitting American customers in preparation to steal that bank account data.

Of course not all threats look like they come from the latest 007 flick. On October 12, 2012, the Associated Press reported TD Bank had begun notifying approximately 260,000 customers from Maine to Florida that the company may been affected by a data breach. Company spokeswoman Rebecca Acevedo confirmed to the Associated Press that unencrypted data backup tapes were “misplaced in transport” in March 2012. She said the tapes contained personal information, including account information and security numbers. It is unclear why the bank waited until October to notify customers. Over 46 states now have mandatory notification laws that dictate prompt notification to bank customers of missing or stolen “Personally Identifiable Information.” Failure to make timely notification can, and often does, prompt customer lawsuits and regulatory investigations.

The bottom line: you cannot be a financial institution operating in the 21st Century and not have a cyber risk management plan which includes the purchase of cyber insurance.

The Cyber Insurance Market

With these facts, it is not surprising that the cyber insurance market has grown tremendously from its initial beginning in 2000. Starting with what was the brainchild of AIG and Lloyds of London, the market has grown to over 40 insurance providers. A widely accepted statistic is that the market now produces over $1 billion in premium to insurance carriers on a worldwide basis.
Despite the increasing claim activity, informal discussions with the market continue to indicate that cyber risk is a profitable business. Perhaps, it is for this reason, cyber premium rates are flat to down 5% according to industry reports in the market where rates in property-casualty are generally increasing.

Carriers also see this as an area where there are many non-buyers, and statistics seem to back them up. According to the “Chubb 2012 Public Company Risk Survey: Cyber,” 65% of public companies surveyed do not purchase cyber insurance, yet 63% of decision-makers are concerned about this cyber risk. A risk area with a high level of concern but little purchase of insurance is an insurance broker’s dream. In a recent Zurich survey of 152 organizations, only 19% of those surveyed have bought cyber insurance despite the fact that 76% of companies surveyed expressed concern about their information security and privacy.

It is unclear why there aren’t more buyers, but most of the industry believes it’s a lack of education. For example, previous surveys indicated that over 33% of companies incorrectly believe that cyber risk is covered under their general corporate liability policy.
It is then perhaps not surprising that the Betterley 2012 market report stated “we think this market has nowhere to go but up.” Although, they quickly qualified, “as long as carriers can still write at a profit.”

Originally published on April 2, 2013 in Insurance Thought Leadership. 

Print Friendly, PDF & EmailPrint Friendly
Share

Filed Under: Cyber Risk Insurance Publications and Interviews Tagged With: cyber risk

Innovation Insurance Group, llc

Offices at Short Hills
51 John F. kennedy Parkway,
First Floor West
Short Hills, NJ 07078
917-620-2174 (Ty's cell))
973-261-5624 (office)
contact@innovationinsurancegroup.com
tysagalow@innovationinsurancegroup.com

Expert Witness

Ty Sagalow head shotTy Sagalow's unique background in legal, underwriting, policy drafting and claims – and his designation as a “qualified insurance expert” by the United States District Court for the Southern District of California – offers attorneys an unparalleled resource in D&O, E&O and Cyber insurance coverage disputes. He was also named "Most Helpful Expert" in a recent $8.7M coverage decision.

Mr. Sagalow served as Chief Underwriting Officer and General Counsel for AIG Executive Liability (formerly National Union Fire Insurance Company of Pittsburgh, PA), the world’s largest carrier of Directors and Officers Liability and Professional Liability Insurance. As General Counsel, Mr. Sagalow personally wrote or led teams that wrote all the D&O policies and many of the professional liability policies that AIG produced between 1988 and 2000 – policies which continue to serve as the foundational wording for the D&O and professional liability policies in the market today. As AIG Executive Liability’s Chief Underwriting Officer, Mr. Sagalow was charged with all underwriting interpretations and decisions for AIG D&O/E&O policies. In 2009, Mr. Sagalow headed up the team that rewrote all D&O policies for Zurich North America.

Ty is a cum laude graduate of Georgetown University Law Center and holds a LLM from New York University School of Law.

Company Profile

Innovation Insurance Group is an insurance consulting firm and insurance brokerage founded by 30-year insurance executive, Ty R. Sagalow, former Chief Underwriting Officer, General Counsel and Chief Innovation Officer at AIG, and former Chief Innovation Officer at Zurich, NA and Tower Group. IIG focuses on three core practice groups: product development, expert witness services (primarily in the Management and Professional Liability areas), and bitcoin industry brokerage services.

Learn more about Ty R. Sagalow
Learn more about Innovation Insurance Group
Learn more about InsurTech Consulting
Learn more about Bitcoin Insurance Agency

Innovation Insurance Group, LLC BBB Business Review

Featured Topics

  • InsurTech
  • Innovation and Product Development
  • Directors & Officers Liability Insurance
  • Cyber Risk Insurance
  • Reputation Risk
  • Bitcoin Risk and Insurance
  • Emerging Risks
  • Interviews of Ty Sagalow
  • Gallery
  • Testimonials
  • Speaking Engagements

Featured Video Series

  • "What’s New in Insurance with Ty Sagalow"
  • "Innovations in Insurance hosted by
    Ty Sagalow"

Recent Speaking Events

  • CIIA Conference: Innovation, Culture and Technology
    May 13, 2021, Chili (Virtual)
  • Latin American Conference New Perspectives and Innovations for the Future of Insurance
    Nov 4, 2019, Mendoza, Argentina
  • Reactions North America Re/Insurance Conference
    Sept 26, 2019, New York
  • Global InsuTech Conference
    June 18, 2019, New York
  • InsideTech
    June 13, 2019, New York
  • Latin America Reactions Conference, InsurTech
    May 23 2019, Miami
  • AIMU/MICA Marine Insurance - A Global Perspective: The Future of Insurance
    June 21, 2018, New York
  • 12th Property Innovation Summit: InsureTech and the Lemonade Way of Claims
    May 2, 2018, St. Petersburg, FL
  • Italy Insurance Forum
    April 11, 2018, Milan, Italy
  • FST: The Future of Insurance
    March 6, 2018, Sydney, Australia
  • Artificial Intelligence Conference
    January 29 - 30 - Miami Beach
  • Kennedys leadership summit: What Law Firms Can Learn from InsurTech
    January 20, London
  • All Speaking Engagements
    • 2016 Insurance Consultants Award
      2016 Insurance Consultants Award
    • 2017 Insurance Consultants Award
      2017 Insurance Consultants Award
    • 2017 Insurance Expert Witness of the Year
      2017 Insurance Expert Witness of the Year
    • AI 2017 InsurTech Consultant of the Year Award
      2017 InsurTech Consultant of the Year Award - AI International
    • 2018 Best Advisor Award – M&A Today
      2018 Best Advisor of the Year - M&A Today
    • 2018 Best Consulting Firm – Lawyers International
      2018 Best Consulting Firm - Lawyers International
    • 2018 Best Advisor of the Year - Corporate USA Today
      2018 Best Advisor of the Year - Corporate USA Today
    • 2018 Insuretech Consultant of the Year - Business Excellence
      2018 Insuretech Consultant of the Year - Business Excellence
    • 2019 50th Fasting Growing Company
      2019 50th Fasting Growing Company

    Copyright © 2023 Innovation Insurance Group · Offices at Short Hills · 51 John F. Kennedy Parkway, First Floor West · Short Hills, NJ 07078 | Site Map | Log in