CYBERINSURANCE POLICY: RETHINKING RISK IN AN AGE OF RANSOMWARE, COMPUTER FRAUD, DATA BREACHES, AND CYBERATTACKS By Josephine Wolff

SPOILER ALERT! “[The cyberinsurance industry has] met this demand at considerable long-term financial risk to themselves since very little is known about how these threats will evolve over time or how courts will interpret the coverage and exclusions in the policies in light of future incidents.” (p. 226). END OF SPOILER ALERT!

Josephine Wolff, Associate Professor of Cybersecurity Policy at the Fletcher School of Law and Diplomacy at Tufts University, presents a history of risk and insurance in Cyberinsurance Policy that helps explain why current cyberinsurance is a dicey proposition. You would think that protecting your computer and cell phone would be like buying insurance for your car or house…but think about the range of online hacking threats and phishing attacks we face today. And, these threats continue to morph like Covid-19 variants to increase the danger.

The flaw in this industry is the inability to accurately assess risk. Until that happens, what cyberinsurance companies are selling is smoke and mirrors. Has your computer, cell phone, or credit card been hacked lately? GRADE: A

TABLE OF CONTENTS:

Series Editor’s Introduction ix

Acknowledgments xiii

1 Introduction: A Market-Driven Approach to Cybersecurity 1

1 History of Cyberinsurance

2 Breach on the Beach: Origins of Cyberinsurance 27

II Cybersecurity Claims Under Non-Cyber Coverage

3 “The Hackers Did This”: Data Breach Lawsuits and Commercial General Liability Insurance 65

4 “The Point of No Return”: Computer Fraud Insurance and Defining Cybercrime 87

5 “Insurrection, Rebellion, Revolution, Riot”: NotPetya, Property Insurance, and War Exclusions 111

III Cyber Coverage and Regulation

6 “The Big Kahuna”: Stand-Alone Cyber Coverage 153

7 “What Is the Point of Collecting Data?”: Global Growth of Cyberinsurance and the Role of Policymakers 181

8 Conclusion: Is Cyber Risk Different? 215

Notes 227

References 249

Index 265

12 thoughts on “CYBERINSURANCE POLICY: RETHINKING RISK IN AN AGE OF RANSOMWARE, COMPUTER FRAUD, DATA BREACHES, AND CYBERATTACKS By Josephine Wolff

    1. george Post author

      Steve, our credit cards have been hacked about a dozen times over the years. We didn’t lose any money, but it’s very inconvenient. One of my friends at the Pool lost his wallet last week and his credit card company told him they can’t replace it for a MONTH!

      Reply
      1. Jeff Meyerson

        Lately, no. IN the past we’ve had credit cards not hacked, but the number stolen by people, twice.

        I can’t believe your friend can’t get his credit cards replaced for a month. We always get a new one within a few days! Jackie had a similar experience to you twice, when Chase or Citibank called her about fishy transactions and they canceled them immediately.

        Deb, one of the time our cards were hacked (so called) was in New Orleans. The credit card company called Jackie to tell her. Luckily we had another card to use.

        The on really bizarre one, which I know I’ve told George about, was an old American Express card, which was clearly an inside job. Someone used an old card of our two charge two meals in Manhattan restaurants at several THOUSAND dollars each.

      2. george Post author

        Jeff, my friend who lost his wallet (and credit card) tried to get his credit card company to “expedite” the replacement of his card…but they told him they’re short-staffed and the volume around the Holidays prohibited it.

  1. Deb

    We’ve had our credit cards hacked a couple of times. Both times were after we’d stayed at a hotel/casino in Mississippi—so either an employee was selling the info or the hotel’s system was easy to hack: I’m going to be charitable and assume it was the latter. We get a lot of pfishing emails at work—purported to be from a senior administrator asking for gift cards and/or for us to click on a link to accomplish a particular task. These problems became so ubiquitous that now all of the emails that come from an outside source have a huge banner across the top stating such. A big problem with that is that a lot of legitimate work-related emails come from outside the system. I try to be careful and double-check before taking any action; and in my personal life, I check my account balances daily and have notification alerts set for any withdrawals & transfers. However, in today’s world, even being hyper vigilant is not necessarily a guarantee you’ll avoid getting hacked.

    Reply
    1. george Post author

      Deb, the last time my credit card got hacked it resulted from my gassing up at Sam’s Club. I filled my Rogue SUV up and the next day Capital One–my credit card provider–called me up to ask if I tried to buy FIVE Sony Playstations at Sam’s Club. They told me they rejected that purchase. I told them I had nothing to do with this transaction. So, I suspect someone at the Sam’s Club gas station got my card card numbers and tried to buy those game machines!

      Reply
  2. Michael Padgett

    I guess I’ve been pretty lucky with credit cards. I first got a credit card in 1972 from the same bank that had my checking account (remember those?). It’s gone through a couple of name/ownership changes through the years but is essentially the same bank. During that time I’ve had just a couple of fraudulent charges that were quickly resolved. My only complaint was having to get a new card those two times, which took about a week. I won’t mention the name of the bank, but it’s one you’d all recognize.

    Reply
    1. george Post author

      Michael, usually when we’ve been hacked, our credit card company replaced our cards within a few days. But, because of the holidays, my friend at the Pool has to wait a month for a new credit card.

      Reply
  3. wolfi7777

    Never happened to me – yet.
    But I don’t use my credit card too often, of course that was different on my US holidays but now …
    Like most people here in Europe I mainly pay with my debit card, no problems there.
    Of course I’ve often got faxes (in the good old times …) and now emails from that Nigerian prince etc or from a company whose writers had spelling issues.
    In Germany a big problems are the phone scams on older people:
    Grandma, it’s me, I had an accident and need ***insert a large some here***. A friend will come by and bring me the cash you provide.
    Another scam that happens often is that the police call you: There are gangsters in the neighbourhood, so you better give all your cash and valuables to the policeman who will be soon at your door …
    And this works so often!
    But that’s a really simple method,cyber problems here usually concern companies whose data get lost or inaccessible – unless you pay some money …
    I’m sure we’ll see more of that in the near future.

    Reply
  4. Cap'n Bob Napier

    I’ve been inundated by calls from creeps who say they want to buy my house! I tell them the same thing, “Okay, it’s $3,000,000!” No problems with hacking, but I do get the Nigerian scam e-mails every so often!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *