Page 57 - Cyber Warnings
P. 57
Too often the business owners and executives read through the policy and do not ask the
correct questions for clarity and understanding. Too few questions are resolved with
ambiguities, generally to both parties. This business may mistakenly believe the business is fully
insured, when it may only be partially or not all insured.
Such a case recently occurred with the Rosen Hotels & Resorts. Rosen had the opportunity or
teachable moment with recovering from a breach in 2016. This oversight ended up costing
Rosen at least $2.4M. These expenses were primarily from Visa and Mastercard ($1M each),
American Express ($128,830), attorney fees ($50k), notification expenses ($40k), fees to third
party crisis-management firm ($15k), and to a data forensics firm ($150k).
These costs have not been static and are expected to increase. This is relative to cyber-
insurance in that Rosen naturally filed a claim for the expenses with the St. Paul Fire & Marine.
All was thought to be well, until the claim was denied.
The rationale for the decline was the correct policy was not purchased. The insurance policy
purchased was a commercial general liability policy. St. Paul Fire & Marine was not commenting
on any liability or negligence.
It was notable also that the breach occurred from an extended September 2, 2014 to February
18, 2016. The focal point was the credit card payment system. There was an unauthorized
malware that secured the data from the magnetic strips on the credit cards.
In Closing
This was a teachable moment. The source of the breach is merely conjecture at this junction.
This could be from the same source as other significant breaches (e.g. Target, US Navy, etc.).
The client and insurance carrier need to build a relationship. The client needs to read through
the policy and/or rider to fully understand what is covered and what is not.
The client needs to ask as many questions as needed. The insurance carrier agent’s job was to
answer these questions to the client’s full and complete satisfaction. If these are not answered
so everyone has the requisite understanding, other carriers should be explored.
About The Author
Charles Parker, II began coding in the 1980’s. Presently CP is an Information Security Architect
at a Tier One supplier to the automobile industry. CP is presently completing the PhD
(Information Assurance and Security) in the dissertation stage at Capella University. CP also is
an adjunct faculty at Thomas Edison State University. CP’s interests include cryptography,
SCADA, and NFC. He has presented at regional InfoSec conferences. Charles Parker, II may
be reached at [email protected] and InfoSecPirate (Twitter).
57 Cyber Warnings E-Magazine – July 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
