After Hacks, A Dozen States Buy Cybercrime Insurance

Insurers pick up the cost of investigating and restoring data, notifying those whose information may have been compromised, providing legal and public relations services and credit monitoring. Utah pays $230,000 a year for $10 million in cyber coverage, with a $1 million deductible.

As the threat from hackers and cybercriminals intensifies, a growing number of states are buying cyber insurance to protect taxpayers, Stateline reports. “It’s expensive. It’s a big budget item for us. But it’s absolutely worth it,” said Michael Hussey, Utah’s chief information officer. “You’re seeing breaches now that cost companies and states millions and millions of dollars.” More than a dozen states have cyber insurance policies, which cover losses and expenses if a computer network is hacked. Insurers pick up the cost of investigating and restoring data, notifying those whose information may have been compromised, providing legal and public relations services and credit monitoring.

Utah first bought a policy in 2015, three years after a Department of Health server data breach exposed 780,000 residents’ personal information to hackers. The state spent millions of dollars to deal with the aftermath, including paying for credit monitoring and legal fees and conducting a security assessment of all state servers. Utah pays $230,000 a year for $10 million in cyber coverage and has a $1 million deductible. After massive data breaches like those involving Yahoo last year and Anthem the year before, many businesses have scrambled to buy cyber insurance. Last year, insurers wrote $1.35 billion in premiums, a 35 percent jump from 2015, says Fitch Ratings. A survey of state information officers this year found that 38 percent reported having some type of cyber insurance, compared with 20 percent in 2015. Hackers and cybercriminals have taken aim at state and local government networks, which contain information such as Social Security, bank account and credit card numbers on millions of people and businesses. Online activists have hijacked government computer systems, defaced websites, and hacked into data or email and released it online.

from https://thecrimereport.org