Hass and Associates Cyber Security Group

(EurActiv) - Insurers are eagerly eyeing exponential growth in the tiny cyber coverage market. But their lack of experience and skills handling hackers and data breaches may keep their ambitions in check. High profile cases of hackers seizing sensitive customer data from companies, such as US retailer Target Corp or e-commerce company eBay Inc, have executives checking their insurance policies. Increasingly, corporate risk managers are seeing insurance against cyber crime as necessary budget spending rather than just nice to have. The insurance brokerage arm of Marsh & McLennan Companies estimates that the US cyber insurance market was worth $1 billion (€0.73bn) last year in gross written premiums, and could reach as much as $2 billion (€1.4bn) this year. The European market is currently a fraction of that, at around $150 million (€110mn), but is growing by 50 to 100% annually, according to Marsh. Those numbers represent a sliver of the overall insurance market, which is growing at a far more sluggish rate. Premiums are set to grow only 2.8% this year in inflation-adjusted terms, according to Munich Re, the world's biggest reinsurer.

Data breaches can have a big effect on a merger's overall value. There appears to be a worrying level of complacency toward the assessment of cyber-risks during M&A deals, despite increasing awareness of the cybersecurity risks facing businesses. International law firm Freshfields Bruckhaus Deringer found in a survey shared with Infosecurity that 90% of respondents believe cyber-breaches would result in a reduction in deal value; and 83% of dealmakers believe a deal could be abandoned if cybersecurity breaches are identified during deal due diligence or mid-transaction. Yet, too few tie-up architects are addressing the threat. A majority (78%) say that cybersecurity is not a risk that is currently analyzed in-depth or dealt with in deal due diligence. "It's surprising that dealmakers recognize the growing threat of cyber-attacks to businesses, but generally aren't addressing that risk during deals," said Chris Forsyth, co-head of the firm's international cybersecurity team. "You wouldn't dream of buying a chemicals plant without assessing environmental risk, so why would you buy a data-driven business without assessing the risks its faces around data management and cyber-security?" The firm said that the effect of a cyber-incident on value would work both ways - a business with a good track record and robust processes could be worth more than competitors, while a business with a bad track record could be worth less.

In late 2011 and early 2012, activists, progressive politicians and Internet companies led in part by Internet freedom advocate Aaron Swartz came together to defeat the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA). Advertised as measures against copyright infringement, the bills would have opened any website that contained copyrighted material it was not authorized to publish on any of its pages to a forced shutdown. A site that unknowingly held a copyrighted image in a comment section, for instance, would have been eligible as a violator. Virtually everyone was susceptible to closure. The Cyber Intelligence Sharing and Protection Act (CISPA) followed SOPA and PIPA in April 2012. CISPA was worse than its predecessors, proposing that private companies be allowed to share user information, a provision that would have violated many privacy protections of the Internet. Recognizing this, Swartz fought again. "It sort of lets the government run roughshod over privacy protections and share personal data about you," he said of the bill at the time. Again, he prevailed. Now, a year and a half after Swartz killed himself, there is the Cybersecurity Information Sharing Act. CISA is a lot like CISPA, but could end up being even worse. Privacy and civil rights groups including the ACLU and the Electronic Frontier Foundation are standing up to fight it. In an article about the bill, the ACLU's Sandra Fulton wrote: CISA "poses serious threats to our privacy, gives the government extraordinary powers to silence potential whistleblowers, and exempts these dangerous new powers from transparency laws."

Nearly one-third of the world's computers could be infected with malware, suggests a report released last week by the Anti-Phishing Working Group. Malicious apps invaded 32.77 percent of the world's computers, a more than 4 percent jump from the previous quarter's 28.39 percent, the report estimates. The increase in infected computers has come hand-in-hand with a jump in the appearance of malware samples, said Luis Corrons, technical director of PandaLabs, the research arm of Panda Security, one of the sponsors of the APWG report. "The creation of malware samples is skyrocketing," Corrons told TechNewsWorld. "It has doubled from the last quarter to the first quarter of this year." In the last quarter of 2013, some 80,000 malware samples a day were discovered by Panda researchers. In the first quarter of 2014, that number jumped to 160,000. Hiding in Numbers By far, most of the new malware strains (71.85 percent) and malware infections (79.70 percent) are Trojans. Less than a quarter of new malware strains (22.70 percent) and malware infections (12.77 percent) are viruses and worms. "At the end of the day, malware is created to steal information," Carrons explained. "Trojans are the most suitable malware to do that." The primary motivation behind creating so many new malware strains is to avoid detection by antivirus programs. Those programs use signatures to identify malicious software. Since each new bad app strain contains a new signature, constantly introducing new strains extends the time a malicious app can remain virulent.