Encryption Flaw "Heartbleed" Creates Data Risk: How Insurance Can Stanch the Bleeding
In early April, news broke of an encryption flaw named "Heartbleed" that exposed companies to data breaches for over two-and-one-half years. Heartbleed is a vulnerability in OpenSSL, an open-source set of libraries for encrypting online services that nearly two-thirds of all websites use. The vulnerability allows hackers to steal personal information, such as bank account information, social security numbers and passwords, from companies, with little risk of detection. Given the length of exposure and the ease of exploitation, Heartbleed has been described by cybersecurity professionals as one of the biggest flaws in Internet history. And the technology community has not been able to stop the bleeding. In June, researchers found additional vulnerabilities in OpenSSL that implicate many of the same data breach concerns triggered by Heartbleed.
While the ability to escape detection makes the extent to which hackers have exploited these vulnerabilities unclear, for many companies, costs and future liabilities related to Heartbleed may be very substantial. Insurance policies may be available to help stem the hemorrhaging of financial losses and liabilities. This article discusses the rise in cybersecurity attacks and examines first- and third-party coverage potentially available under different types of insurance policies. It then describes state security breach notification laws that may be triggered by events like Heartbleed, and recent SEC guidance on disclosing cyber risks in public filings.Read More!
No comments:
Post a Comment