Yahoo data breach is a wake-up call for cyber risk exposures

Businesses and insurers must improve their understanding of cyber risk exposure in the wake of Yahoo admitting the data of 500 million accounts had been stolen in 2014, according to data analytics company Sciemus.

In a statement given by Yahoo, Bob Lord, chief information security officer, said: “A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor.

“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.”

Nick Beecroft, director product innovation and strategy at Sciemus, stated: “This is another reminder of the need for businesses and insurers to improve our understanding of cyber risk exposure. The challenge for insurers is to continue to develop products and underwriting approaches that can match clients’ exposure to sophisticated threats.

“In order to remain relevant, insurers will need to employ the expertise to understand cyber risk exposure and the flexibility to cover the many different forms of loss that can arise through cyber attack.”

Daniel Carr, director of cyber security at Sciemus, added: “The Yahoo breach could be a watershed moment in cyber security. Large organisations need to expect more extreme cyber events in the future and not rely on history as any kind of accurate guide to the future of cyber security.

“While the economic impact of the breach has been played down because it did not directly expose payment card information, the sheer scale of the breach is another reminder of how much data in the modern economy is concentrated on digital networks.

“Email is users’ gateway to the internet and this breach has highlighted the specific vulnerability of email. It has been known within the security and cyber world for the past one or two years that one of the cryptographic methods reportedly used by Yahoo, MD5, is weak. However, addressing such rapid changes in technology will continue to pose significant challenges and residual risk exposures for large organisations.”