Computer attack insurance rates rise after high-profile breaches

Hacks of Sony, Target, Home Depot and major health insurers have made it more expensive to cope with data theft, Reuters reports.

Katie Collins Senior European Correspondent
Katie a UK-based news reporter and features writer. Officially, she is CNET's European correspondent, covering tech policy and Big Tech in the EU and UK. Unofficially, she serves as CNET's Taylor Swift correspondent. You can also find her writing about tech for good, ethics and human rights, the climate crisis, robots, travel and digital culture. She was once described a "living synth" by London's Evening Standard for having a microchip injected into her hand.
Katie Collins
2 min read

Companies without cyber insurance could easily end up paying hundreds of millions if hacked. Andrew Brookes/Corbis

Just as you safeguard your home with insurance, companies get insurance to cover any problems with customer and corporate data. With hacking on the rise, that protection is getting harder to obtain and pay for.

A torrent of cyberattacks on US companies over the past two years has led cyber insurers to boost premiums for high-risk companies and in some cases limit damage cover to a maximum of $100 million, according to a Reuters report on Monday. The limits make it hard for companies to operate in the modern networked era and could mean higher costs they'll have to pass along to customers.

Hacks are expensive. Companies must pay for forensic investigations, credit monitoring, legal fees and settlements. Rising cyber insurance premiums and limited damage coverage effectively mean that companies could be liable to pay more if they're hit by a cyberattack. Companies without full insurance could easily end up paying hundreds of millions out of pocket.

The 2013 attack on US retailer Target cost the company $264 million. Target expects to only recoup around $90 million of that from insurance payouts, Reuters said. A similar attack on Home Depot forced the US home improvement chain to shell out $234 million in expenses, but insurance will only cover about $100 million, Reuters said.

High-profile attacks, like the ones against Sony, Home Depot and Target, have forced insurers to judge certain companies as too high risk. That's especially true for health and retail companies, which have highly sensitive customer data. Three insurance companies recently told Reuters that they turned away clients seeking computer attack insurance or limited coverage to $75 million and $100 million after reviewing companies' computer security mechanisms.

Just like good home security systems can get you a break on your home insurance payments, the price of cyber insurance depends in part on companies' security measures.

Health insurers are suffering the most from insurance hikes, sometimes seeing premiums triple in price, said Bob Wice, a focus group leader for insurer Beazley, according to Reuters. Massive security breaches at the beginning of 2015 affected millions of customers at two US health insurers, Anthem and Premera Blue Cross.

Upon renewing its insurance after the hack, Anthem only managed to secure $100 million in insurance protection, and that was on the condition that it pay the first $25 million of any damage costs itself, the company told Reuters.