A Wells Fargo survey of 100 large and mid market companies found that 85% have purchased cyber insurance and more than 4 in 10 have already filed a cyber insurance claim.
While that survey didn’t ask how much the claims were for, a NetDiligence study says the average claim is about $5 million.
There are a lot of factors that affect the cost of cyber insurance, but a realistic guideline is $2,000 per million dollars of coverage, but that number can vary a lot depending on many factors.
As insurers pay more claims, they are also raising the premiums. Insurance companies have raised premiums 32% in the first half of 2015 alone for high risk businesses such as retail. Insurance companies are also increasing deductibles. Anthem had to agree to a $25 million deductible to get their policy renewed. Businesses that do make a claim may discover that their policy won’t be renewed at all or the price for a renewal is out of their budget.
All of the breach related lawsuits are not making insurance companies happy either. They get to pay for the legal fees in addition to the damages and judgements. For the bigger policies, legal fees are above and beyond the policy limits – a $10 million policy might have to pay out $10 million for remediation and recovery and maybe another $10 million for legal fees.
Another scary statistic – Lloyds of London modeled a breach that left 93 million people in the NY-DC corridor in the dark. The cost of that ranged from $250 BILLION to $1 TRILLION. That is based on a hack which causes an extended outage. If generation and distribution facilities are damaged to the extent that they have to be replaced, it could take as long as a year, or more, to order and install new equipment since most of it is custom built, you have to wait in line and almost none of it is built in the U.S.
Admiral Mike Rogers, head of the NSA, said that there are several countries that already have the ability to shut down the computers that manage the U.S. power grid. Depending on how much damage is done, it could take months to even a few years to repair all the damage.
In the early 2000s, the Idaho National Labs demonstrated the ability to cause a generator to set itself on fire by hacking it. The video is available on YouTube.
Unfortunately, this is only going to get worse before it gets better.
Information for this post came from NBC.