听到大众市场零售商(例如Target)的黑客攻击是一回事,Target是2014年的重大事件,涉及向承包商提供的网络访问。即使今年违反民主党全国委员会的侵犯似乎也与普通业务相去甚远,因为它涉及俄罗斯和美国政治。
但是雅虎?您可能会认为一家互联网公司已经弄清楚了它的曝光率。和NSA?不应该做黑客吗?
随着美国企业权衡网络脆弱性,Enr最近对数百家设计和承包公司进行了调查,以了解其如何为风险提供资金。新利luck答案范围从确定的“我们可以舒适地控制”到“现在就读”。新利luck
开始的一个很好的理由是客户要求合同中的承保范围。
“除了额外报道之外,这正是正常要求。”位于纽约市的经纪人Skyline Risk Management Inc.总裁Anthony Kammas说,专门从事建筑和房地产。
对于尚未购买网络违规保险范围的公司,政策持有人有一种倾向于询问其财产和伤亡政策是否会覆盖它们。但是,根据一位保险高管的说法,这些承运人并没有将网络风险定为其财产政策,许多人仍在衡量曝光并弄清楚如何定价和承保它的过程中。
同时,设计师和承包商根据他们的风险和合同中施加的要求,为自己提供不同的保证。一位大型得克萨斯州总承包商说,它为计算机病毒,黑客媒体以及数据丢失的毯子覆盖范围。印第安纳州的一位中型总承包商说,它可以购买数据泄露成本恢复范围。
保险承保范围通常与平台安全方面的升级以及经纪人和承运人的建议齐头并进。
For example, one medium-size Connecticut construction manager says it buys business continuity coverage and has made “significant improvements in firewall, malware filtering and hardening of devices. Employees are also receiving cyber security awareness training.”
其他公司仅引用一种特定类型的承保范围,例如丢失和更换文件,隐私责任覆盖范围,网络/业务中断或勒索软件。
With scant data available so far, insurers are relying on an applicant’s risk-management procedures and risk culture to evaluate the risk and pricing. Before writing coverage, an insurer will probably review a construction company’s network, website, physical assets and intellectual property, says a report on the subject by the National Association of Insurance Commissioners and the Center for Insurance Policy and Research.
似乎没有标准的覆盖范围尚未成形,但至少有很多选择。
Insurers such as Chubb and Travelers make many different types of coverage available. Chubb’s third-party cyber liability coverage includes unauthorized access or dissemination of private information, reputational injury, security system failures that harm third-party systems and security breaches that prevent access by customers to platforms and information. First-party coverage may include expenses related to notifying of data breaches, vandalism to a company’s systems and threats and the “the cost of a professional negotiator and ransom payment.”
可以涵盖国防成本18luck.cub,和解或判断。
Although neither type of policy has been designed for cyber exposures, “The usual suspects for insurance coverage where cyber insurance has not been purchased include commercial general liability insurance and commercial property insurance,” attorney Patrick O’Connor wrote in a paper presented at Victor O. Schinnerer’s annual meeting for invited attorneys.
According to O’Connor, insurers in 2001 had very specifically separated coverage of electronic data under a commercial general liability policy and defined it very broadly. The definition included data created, used or transmitted by computers. The Insurance Services Office also created a new exclusion in 2004 specifically eliminating electronic data and “damages arising out of the loss of, loss of use, damage to, corruption of, inability to access or inability to manipulate electronic data.”
