back to article Cyber insurance brokers: If it makes you feel any better, 2016 was not our year either

Insurers are handling "hundreds" of breach claims, according to figures from CFC Underwriting. CFC Underwriting said it handled more than 400 claims against cyber-breach policies it issued this year alone. The rise in data breaches and money transfer scams are driving the increase. Claims on CFC policies almost doubled year …

  1. macjules Silver badge
    Facepalm

    Claims on CFC policies almost doubled year on year, rising 78 per cent from 2015, Graeme Newman, chief innovation officer at the underwriter, told the BBC.

    Notice how they say "Claims on CFC policies" and not "claims paid out to CFC policy holders". In this day and age you either have to be a Lloyd's Underwriter stuck in the halcyon days of pre-asbestosis, or a complete, bloody moron (frequent both) to underwrite what even the average eBay seller would tell you is fool's errand.

    But then again an underwriter and other people's money are easily parted.

  2. Sureo

    So if you're a policy holder and get hacked, you get paid. What about your customers/users who actually suffer?

    1. Doctor Syntax Silver badge

      "So if you're a policy holder and get hacked, you get paid. What about your customers/users who actually suffer?"

      You offer them two pennorth of fraud protection or whatever - which you claim on your insurance.

      But realistically the insurers have got to start laying down the precautions their clients take. No security, no payout.

      1. Tom Paine Silver badge
        Boffin

        Assurance / evidence / audits

        But realistically the insurers have got to start laying down the precautions their clients take. No security, no payout.

        They do try to do so, though the doc I've seen required self-certification on the sort of wooly questions I often see in RFP type questionnaires. "Do you take appropriate measures to securely protect data at rest?" Why yes, sure we do,.. we gots us a firewall an' one o' them Ayy-Vee gateways.... TICK! Next question?"

        Sooner or later they're going to start asking to see the most recent security controls audit report and/or certification. TBH, back in the day I assumed certification frameworks would be standard practice for every org over, say, 100 employees by 2010 . Ho boy, was I wrong...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019