Ashley Madison case sparks rise in cyber policies

Insurance brokers are expecting a spike in cyber insurance sales off the back of the Ashley Madison data breach.

Lockton and Willis both told StrategicRISK that client requests for information on cyber insurance policies had grown following the highly publicised data breach of the extramarital-affairs website.

Last month, Ashley Madison made international headlines after it was announced that hackers had stolen all of its customer data, including the names, home addresses, sexual fantasies and credit card information from more than 39 million members. Then last week the hackers came good on a threat to post all of the data online.

“The Ashley Madison case demonstrates the very public impact of a data breach and how hackers seek to use the data they’ve illegally gained for publicity, extortion, or other financial gain,” Lockton Asia chief executive Peter Jackson said.

He added that the case had prompted a rise in the number of cyber insurance queries coming into the broker’s offices.

But a standalone cyber insurance policy is not always necessary, Jackson said.

“People jump to the conclusion that they need a standalone cyber policy, but your D&O, public liability, professional indemnity or business interruption may have elements of cyber cover in there.

“From the insurance industry’s point of view we’ve got to go through a discovery journey with the client to work out where the need is, rather than jump straight to the solution.”

Marsh also reported a spike in cyber queries following the Ashley Madison event.

Technology, media and telecommunications regional industry leader – Asia Sirikit Oh said: “High profile news stories about hacking can really bring cyber risk to the fore.

“In Singapore, the enforcement of the Personal Data Protection Act, which carries a firm financial penalty per contravention, has helped focus minds on cyber. Over Asia as a whole, cyber cover is a relatively new offer and take-up is still quite low, as there’s still a worrying amount of inertia within companies to recognising this risk.”

The Ashley Madison breach is far from the largest known data breach by volume: last year alone hackers stole 145 million records from eBay, 76 million from JP Morgan and 56 million from Home Depot.

But the nature of Ashley Madison’s business has ensured that the breach has stayed in media headlines around the world.

Lockton’s Jackson said: “Irrespective of what business you’re in and whether you agree with the Ashley Madison business model or not, [the case] really highlights the need for the security of client data.”

He said all firms should ensure they have tested the strength of their security systems, and have clear boundaries around the transaction and storage of client data.

“We see clients who are regularly under attack from hackers of various sorts – whether that’s inside the business or outside of it. And occasionally one of those hackers is going to get in, so firms need to ask what is their response.”

He added that the focus needed to shift from bricks and mortar risks to online and intangible risks.

“You spend a lot of time thinking about your property programme or employer’s liability programme but the reality is, you’re probably not going to have a major fire. But you are having people hacking your systems and so the possibilities is more likely you’re going to have somebody succeed doing that than have your buildings burn down. So therefore, what’s your business continuity plan doing about that and how is your IT function working with the other functions within the business?”

The law suits against Ashley Madison have already started to come in.

Two Canadian law firms - Charney Lawyers and Sutts - have filed a $578m class-action suit against the companies that run Ashley Madison.

The suit joins a $5 million class-action lawsuit filed in Missouri in July. The anonymous female plaintiff in that case claimed she’d paid $19 to Ashley Madison to run a “paid-delete” of her personal information, which was unsuccessful.

Two individuals associated with the leak of Ashley Madison customer details are also reported to have taken their lives, according to police in Canada.