Cyber insurance market likely to hit $7.5 billion by 2020

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

The cyber insur­ance mar­ket will triple in size to $7.5 bil­lion in annu­al pre­mi­ums by 2020, and the insur­ance indus­try could face com­pe­ti­tion from dis­rup­tors such as Google if it does not act fast to devel­op prod­ucts, a report said. Insur­ers and rein­sur­ers are charg­ing high prices for cyber cov­er­age and putting a ceil­ing on poten­tial loss­es, deter­ring com­pa­nies from buy­ing cyber polices, con­sul­tan­cy Price­wa­ter­house­C­oop­ers said in the report. Some insur­ers have kept out of the mar­ket, wary of the risks involved. “If the indus­try takes too long, there is a risk that a dis­rup­tor could move in and cor­ner the mar­ket by aggres­sive­ly cut­ting prices or offer­ing much more favor­able terms,” PwC said. Mil­len­ni­als are more like­ly to trust brands such as Google or Apple than con­ven­tion­al insur­ers, Paul Del­bridge, insur­ance part­ner at PwC, said. Source: Reuters

Too many use easy-to-crack passwords

sh_password_280Researchers who have cracked more than 11 mil­lion Ash­ley Madi­son pass­words have released the top 100 choic­es users of that site picked. The top Ash­ley Madi­son pass­words are 123456, 12345, pass­word, DEFAULT, 123456789, qwer­ty, 12345678, abc123 and 1234567.The pass­words look like they could have come from just about any site breach pub­lished in the past decade. By virtue of being cracked, all the 11.7 mil­lion pass­words recov­ered so far were weak. Had they been long, ran­dom­ly gen­er­at­ed strings con­tin­u­ing upper- and low­er-case let­ters, num­bers and sym­bols, they’d be among the 3.7 mil­lion cryp­to­graph­ic hash­es that still haven’t been deci­phered. Only 4.6 mil­lion of the 11.7 mil­lion recov­ered pass­words were unique. Source: Ars Tech­ni­ca

8 Cal State cam­pus­es deal with data breach

A data breach at eight Cal State cam­pus­es exposed the per­son­al infor­ma­tion of near­ly 80,000 stu­dents enrolled in an online sex­u­al vio­lence pre­ven­tion course, offi­cials said. The Cal State sys­tem had hired the ven­dor We End Vio­lence to pro­vide the non­cred­it class on sex­u­al harass­ment, which is required of all stu­dents under state law. Stu­dents who took the train­ing with that com­pa­ny had their data hacked. Two oth­er ven­dors also were pro­vid­ing the class­es, but the data of stu­dents in those class­es were not com­pro­mised, said Cal State spokes­woman Toni Molle. Cal State offi­cials said they had few details on how the hack occurred oth­er than there was a “vul­ner­a­bil­i­ty in the under­ly­ing code.” Cal State has hired a foren­sics firm to inves­ti­gate. Source: Los Ange­les Times

U.S., China have ‘frank’ talk on cyber issues

sh_US and China_280Senior U.S. and Chi­nese offi­cials con­clud­ed four days of meet­ings this week­end on cyber­se­cu­ri­ty and oth­er issues, ahead of Chi­nese Pres­i­dent Xi Jinping’s vis­it to Wash­ing­ton this month, the White House said. Cyber­se­cu­ri­ty has been a divi­sive issue between Wash­ing­ton and Bei­jing, with the Unit­ed States accus­ing Chi­nese hack­ers of attacks on U.S. com­put­ers, a charge Chi­na denies. U.S. Nation­al Secu­ri­ty Advis­er Susan Rice had a “frank and open exchange about cyber issues” in her meet­ing with Meng Jianzhu, sec­re­tary of the Cen­tral Polit­i­cal and Legal Affairs Com­mis­sion of the Chi­nese Com­mu­nist Par­ty, the White House said in a state­ment. The Chi­nese del­e­ga­tion also had meet­ings with Fed­er­al Bureau of Inves­ti­ga­tion Direc­tor James Comey and rep­re­sen­ta­tives from the Jus­tice, State and Trea­sury depart­ments and the intel­li­gence com­mu­ni­ty, the state­ment said. China’s offi­cial Xin­hua news agency said that Meng, the country’s domes­tic secu­ri­ty chief, had reached “impor­tant con­sen­sus” with the Unit­ed States. Source: Reuters

With iPhone convenience comes privacy issues—again

Apple intro­duced some smart new cam­era and Siri fea­tures in its new iPhones, but they come with some pri­va­cy con­cerns. The new “Hey Siri” fea­ture, which allows you to acti­vate Siri at any time by say­ing that phrase, means that the iPhone 6S micro­phone has to be on at all times. Like­wise, the new Live Pho­tos fea­ture, which cap­tures just over a sec­ond of video before and after every pho­to you take, requires that the cam­era, when active, con­tin­u­al­ly record your audio and video. Both fea­tures are able to be deac­ti­vat­ed, but to make full use of the phone, it’s expect­ed that you’ll have them on. “In no case is the device record­ing what the user says or send­ing that infor­ma­tion to Apple before the fea­ture is trig­gered,” Apple says. Oth­er­wise, it sounds as though the iPhone 6S will only store a few sec­onds of sound at a time and will con­tin­u­al­ly write over, and there­fore, the­o­ret­i­cal­ly, delete what has been cap­tured before it. Source: The Verge

That phone call might be monitored

sh_phone surveillance_280Wall Street has a mes­sage for its traders: Watch what you say. At large banks in the Unit­ed States and Europe, traders’ every­day activ­i­ties are being record­ed and mon­i­tored more often than ever before. Banks and their reg­u­la­tors have focused on perus­ing the minu­ti­ae of phone con­ver­sa­tions traders have each day with col­leagues, com­peti­tors and cus­tomers. Tech­nol­o­gy and reg­u­la­to­ry require­ments are mak­ing the phone a zone of total sur­veil­lance, with con­ver­sa­tions con­stant­ly record­ed and some­times auto­mat­i­cal­ly tran­scribed for exam­i­na­tion. Some bank exec­u­tives and traders said they have toned down humor or short­ened con­ver­sa­tions on the phone, while oth­ers are increas­ing­ly using elec­tron­ic trad­ing venues that don’t require as much chat. Mean­while, meet­ing in per­son has increased in impor­tance because that’s one of the few means of com­mu­ni­ca­tion where reg­u­la­tors can’t eaves­drop. Source: Wall Street Jour­nal

When Irish eyes aren’t smiling

Google has refused to remove search results that show the names of new­ly nat­u­ral­ized Irish cit­i­zens in the state’s offi­cial gazette, because of the government’s “ongo­ing choice” to make the infor­ma­tion pub­lic. Con­cerns were expressed by a migrant rights body and by dig­i­tal rights cam­paign­ers recent­ly when it revealed the details of thou­sands of cit­i­zens, includ­ing their full address­es and whether they are minors or adults, are being pub­lished on Iris Oifigiúil. At least one cit­i­zen sought a for­mal deci­sion from the Data Pro­tec­tion Com­mis­sion­er on the mat­ter. The per­son told the com­mis­sion­er they failed to see why, as a nat­u­ral­ized cit­i­zen, they would have less­er rights to data pro­tec­tion than those who are cit­i­zens by birth. The com­mis­sion­er has insist­ed the pub­li­ca­tion of the infor­ma­tion is cov­ered by a 1956 law, and that data pro­tec­tion issues, there­fore, don’t arise. Google said the con­tent was being pub­lished and pro­vid­ed to search engines “on an ongo­ing basis by a gov­ern­ment body or agency.” Source: Irish Times

Clouds over the sunshine state

sh_for rent_280When Chris Ker­nan list­ed a Sara­so­ta, Fla., house for sale, he wound up bat­tling an online rental scam. Some­one claim­ing to be the home­own­er swiped Kernan’s pho­tos and infor­ma­tion from a real estate web­site, post­ed them on Craigslist and began tak­ing email offers to rent the house. “I had at least a dozen peo­ple call to show them the house as a rental,” said Ker­nan, a Real­tor with Cold­well Banker. He noti­fied Craigslist of the scam, and the post soon was removed. “I thought that was the end of it, but 24 hours lat­er, the guy had a new ad up, and the calls start­ed com­ing again,” he said. Shan­non Wil­son, com­mu­ni­ty man­ag­er at the Bene­va Place Apart­ments in Sara­so­ta, said she’s dealt with a rash of pho­ny Craigslist ads. Some of the false ads pro­vid­ed a link for poten­tial ten­ants to click on and fill out an appli­ca­tion that asked for birth dates and Social Secu­ri­ty num­bers. “They were steal­ing iden­ti­ties,” she said. “The con­sumers don’t know if that is ours or not.” Source: The Sara­so­ta (Fla.) Her­ald-Tri­bune