26 September 2016Insurance

Yahoo data breach is a wake-up call for cyber risk exposures

Businesses and insurers must improve their understanding of cyber risk exposure in the wake of Yahoo admitting the data of 500 million accounts had been stolen in 2014, according to data analytics company Sciemus.

In a statement given by Yahoo, Bob Lord, chief information security officer, said: “A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor.

“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.”

Nick Beecroft, director product innovation and strategy at Sciemus, stated: “This is another reminder of the need for businesses and insurers to improve our understanding of cyber risk exposure. The challenge for insurers is to continue to develop products and underwriting approaches that can match clients’ exposure to sophisticated threats.

“In order to remain relevant, insurers will need to employ the expertise to understand cyber risk exposure and the flexibility to cover the many different forms of loss that can arise through cyber attack.”

Daniel Carr, director of cyber security at Sciemus, added: “The Yahoo breach could be a watershed moment in cyber security. Large organisations need to expect more extreme cyber events in the future and not rely on history as any kind of accurate guide to the future of cyber security.

“While the economic impact of the breach has been played down because it did not directly expose payment card information, the sheer scale of the breach is another reminder of how much data in the modern economy is concentrated on digital networks.

“Email is users’ gateway to the internet and this breach has highlighted the specific vulnerability of email. It has been known within the security and cyber world for the past one or two years that one of the cryptographic methods reportedly used by Yahoo, MD5, is weak. However, addressing such rapid changes in technology will continue to pose significant challenges and residual risk exposures for large organisations.”

Already registered?

Login to your account

To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.

Two Weeks Free Trial

For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Elliot Field at efield@newtonmedia.co.uk or Adrian Tapping at atapping@newtonmedia.co.uk


More on this story

Insurance
23 September 2016   Specialist insurer Beazley has appointed Rafael Sanchez as international manager of Beazley Breach Response Services (BBR Services), a team designed to coordinate data breach response.
Insurance
13 September 2016   Just as paying kidnappers is widely outlawed, with people understanding that doing so encourages more crime of this nature, bending to the ransom demands of online criminals will also fuel bigger and more prevalent ransomware attacks in the future.