Tag Archives: Gemalto

Cyber Insurance

Cyber insurance protects against hacking into company accounts. Some companies need as much as $1 billion cyber insurance to protect themselves against cyber attacks. In addition there are firms struggling to secure even a tenth of that amount. Therefore if a data breach occurs within a network, the company which suffered the breach could face hundreds of millions of dollars in extra costs. The maximum amount of cyber insurance coverage currently available is $20 million. This is for a Data Storage company.

Researchers at Kaspersky Labs, a Russian cyber security group, uncovered sophisticated spying software in the hard drives of personal computers used in 30 countries, including Iran, Pakistan, Russia and China.

The latest in a long line of whistleblower Edward Snowden’s National Security Agency revelations may be among the most shocking. The NSA and its British counterpart GCHQ, allegedly compromised the networks of Gemalto.  They then pilfered the encryption keys protecting untold millions, potentially billions of SIM cards. A compromise of SIM cards on this scale would therefore call into question the integrity of the entire global cellular communication system.

Gemalto is a global manufacturer of mobile device SIM cards. According to the Economist, they manufacture more SIM cards than any other organisation in the world. (SIM is an acronym for subscriber identification module. A SIM card is a little integrated circuit that plugs into your mobile device. It contains the unique international subscriber identity (IMSI) along with an encrypted authentication key. Together, this key and that number essentially validate that your phone is, in fact, your phone).

Gemalto produces approximately 2 billion SIM cards every year. To put that in context, there are 7, 125 billion humans in the world; an estimated 7, 19 billion mobile devices. Gemalto’s clients include mobile service providers Sprint, AT&T, Verizon, T-Mobile and some 450 other organisations. The company furthermore does business in 85 countries and also operates a further 40 manufacturing facilities.

Target, the U. S. Retailer, said that the price tag for the data breach that affected up to 110 million of its customers had reached $248 million. A catastrophic hit such as this on a large bank or power utility has prompted the private sector to work in collaboration with the government sector to find ways to thus boost cyber insurance coverage.

Stephen Catlin, the head of Lloyds of London insurer warned that cyber attacks constituted the biggest most systemic risk he had ever seen.  He thus recommended that it should be covered by governments. He stated that insurer’s balance sheets were not large enough.

Cyber risk management is poor at certain companies. In addition the unpredictability of future attacks is accompanied by the lack of data with which to price risks. Insurance companies are finding the costs too high and instead of growing, coverage has however become more limited. Tougher cyber security standards are being required by Insurers. This is in the hope of reducing the costs of breaches. Insurers have furthermore requested retailers to encrypt data and use other ways of storing information in order to get insurance.

The recent breach at Anthem exposed 80 million Social Security numbers. Anthem is the second largest health insurer in the United States. According to well-known sources they had $150 million in cyber insurance.

Aside from civil litigation and other expenses, $40 million would have to be spent. This was to inform clients according to various state laws and remediation compensation. 13.5 million Californians were affected by the company’s data breach. Federal Health officials and state insurance commissions are investigating whether Anthem took sufficient security measures to safeguard its database.

Home Depot recorded $43 million pre-tax expenses related to a recent data breach. This amount was partially offset by a $15 million receivable for costs the company believes are reimbursable. The cyber insurance coverage for pre-tax net expenses was $28 million.  Those expenses included costs to investigate the data breach, provide identity protection services including credit monitoring to impacted customers, increase call centre staffing, legal and other professional services.

There are a number of ways to protect your valuable information from hackers:

  • Ensure that your password is complex. Most noteworthy,  do not use the same password or username across various websites. Experienced criminals will use your base password and their sophisticated software to crack your other passwords. Hackers are aware of the fact that most people are lazy.  As soon as they get access to your credentials from one site, they will also try out your credentials at many other sites. A password manager thus provides you with strong, unique passwords for all of your accounts. They are kept  in a secure encrypted vault on your device.
  • Do not recycle user IDs and passwords. Hackers sometimes try stolen IDs and passwords on different sites to gain control of other accounts.

  • Never confirm or provide personal information in response to an email or text. Therefore do not click on links in unexpected messages.
  • If you see charges on your credit card or bank statements that you do not recognise, rather contact the fraud department at your bank or credit card provider immediately to investigate.
  • Check your credit reports – for free – every few months. It is a good way to find out if someone has opened credit in your name. To get your report, visit AnnualCreditReport.com or call 1-877-322-8228.
  • Use two factor authentication. This also provides an extra layer of protection beyond your password. First you enter your username and password as usual, then a code is sent to your mobile app. Only after you enter that code will you be allowed to access your account.
  • In conclusion two factor authentication therefore combines something you know (your password) with something you have (your phone), hence making access by unauthorised users much more difficult.