Thursday, 20 August 2020 13:06

Wrongful Use of Data: The Next Cyber Storm Brewing on the Horizon

Written by Bethan Moorcraft, Insurance Business Magazine


It’s one storm after another for the cyber insurance market.

Five years ago, the biggest concern for cyber insurers was the protection and security of payment card industry (PCI) data. This is thanks partly to the infamous Target breach in 2013, through which the retail giant lost 40 million payment card credentials and 70 million customer records at the height of the holiday shopping season.


The Target breach was followed closely by an even bigger breach at Home Depot in 2014, whereby hackers infiltrated the retailer’s point of sale (POS) system and stole more than 50 million customer credit card numbers and 53 million email addresses. 


Eventually, cyber risk controls caught up with the losses and the PCI data breach storm subsided, but it was blown over by the equally menacing storm of ransomware.


Nick Economidis, vice president, eRisk at Crum & Forster, commented: “We’re right in the middle of the ransomware storm, but it’s not going to last forever. We’re seeing some significant improvements in risk controls, and I’m optimistic we’re going to see some effective responses from law enforcement to clamp down on the problem. This doesn’t mean ransomware will go away completely, but it will become a lot more manageable.”


With cyber insurers, risk managers and regulators starting to get to grips with ransomware, what’s the next cyber storm brewing on the horizon? Economidis has his sights set on issues surrounding the wrongful use or wrongful collection of data.


“We’re already starting to see this storm in the form of class action lawsuits arising from the collection of biometric information in the state of Illinois,” he said. “Illinois has a fairly unique law that governs the use and collection of biometric information and the disclosures that need to be made to the consumer when that information is collected. We’re seeing a fair amount of class action claims being made against entities in Illinois for their failure to meet the terms of those requirements.”


While biometric data suits are limited so far to the state of Illinois, there are lots of other privacy laws and regulations that companies can easily trip up on.

Previous Page Continue reading »