Tag Archives: Russia

Latest Cyber Security Breach: 1.2B Passwords Stolen

Companies large and small appear to have been targeted in what is being described as the largest known data breach to date.

As first reported by The New York Times, a Russian crime ring amassed billions of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses.

The NYT said it had a security expert not affiliated with Hold Security analyze the database of stolen credentials and confirm its authenticity.

The records, discovered by security experts Hold Security, include confidential material gathered from 420,000 websites, ranging from household names to small Internet sites.

According to Hold Security’s own report, the hackers didn’t just target large companies. They targeted every site that their victims visited:

With hundreds of thousands of sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites.”

The NYT said so far the criminals have not sold many of the records online, but appear to be using it to send spam on social networks.

If ever there was a reason to research — and buy — cyber insurance, this would be it.

In its recently published paper Cyber Risks: The Growing Threat, the Insurance Information Institute (I.I.I.) notes that reliance on traditional insurance policies is not enough, as companies face growing liabilities in this fast-evolving area.

Following the Target data breach and other high profile breaches, the I.I.I. said the number of specialist cyber insurance policies is increasing, and that insurance has a key role to play as companies and individuals look to better manage and reduce their potential financial losses from cyber risks.

It cited data from broker Marsh showing a 21 percent increase in the number of clients purchasing cyber insurance from 2012 to 2013. That growth is accelerating in 2014.

Meanwhile, a new report from PwC US and the Investor Responsibility Research Center Institute (IRRCi) indicates that while companies must disclose significant cyber risks, those disclosures rarely provide differentiated or actionable information.

According to the report’s authors:

The consequences of poor security include lost revenue, compromised intellectual property, increases in costs, impact to customer retention, and can even contribute to C-level executives leaving companies.”

It suggests that investors focus on corporate preparedness for cyber attacks, and then engage with highly-likely targets to better understand corporate preparedness and to demand better and more actionable disclosures (though not at a level that would provide a cyber-attacker a roadmap to make those attacks).

Political Risks and Ukraine Crisis

The Ukraine crisis is making headlines around the world, and also in the insurance world.

While events are still unfolding, Russia’s move to annex the Crimea region of Ukraine has prompted United States and European Union leaders to impose economic and travel sanctions on some Russian officials.

U.S. and EU leaders will meet next week in the Netherlands to discuss the crisis and further sanctions are possible.

As for insurance implications, the ongoing turmoil has the potential to impact the political risk, structured credit and trade credit insurance markets.

Broker Marsh said in a briefing last week that some insurers had stopped underwriting political risk insurance in the two countries due to concern over the political unrest and credit ratings in Ukraine and potential sanctions in Russia.

Canadian Underwriter reported on the story here.

Noting the uncertainty of the evolving situation, Marsh said:

Companies with interests in the region face the potential for damage to assets through political violence and possible broader expropriation measures or sanctions against foreign interest in Russia should sanctions be imposed against the country. This is in addition to the potential for payment delays on trade payment obligations due from customers, especially those in Ukraine.†

Marsh also noted that because Russia is the political risk and structured credit market’s largest country exposure, if the current conflict results in large-scale insurable damage, global premiums and insurance capacity for these coverages could be adversely affected.

There is also the potential for a downgrade of the country rating by the ratings agencies and possible payment difficulties for creditors of Ukrainian companies, either commercial or economic, Marsh added.

The broker advised businesses with operations in Ukraine, especially those in Crimea, to check their crisis response and insurance programs to ensure they sufficiently mitigate the potential effects on their operations.

The I.I.I.’s International Insurance Fact Book has insurance and economic data on Russia and Ukraine here.