[BreachExchange] Japan sees surge in demand for cyber insurance as attacks increase

[Audrey McNeil]

http://www.straitstimes.com/asia/east-asia/japan-sees-
surge-in-demand-for-cyber-insurance-as-attacks-increase

There has been a sharp increase in the number of policyholders - mainly
companies - taking out cyber insurance, which compensates losses caused by
cyber attacks.

The number of victims whose personal information was stolen last year from
companies and other entities rose by more than 10 million from the previous
year.

The estimated compensation paid by the affected companies also increased to
nearly 300 billion yen (S$3.74 billion).

"It [the spread of cyber insurance] probably indicates an increasing number
of companies that now regard cyber attacks as management risks," a risk
management expert said.

Cyber insurance mainly covers risks related to cyber attacks. The risks
include costs of compensation for damage from information theft, costs of
research on possible damage, and losses from the suspension of sales
activities or assembly lines.

Some cyber insurance also covers the costs for research, conducted when it
is feared that companies might have come under a cyber attack, and
subsequent advertising used to apologise for effects of the attack.

In Japan, the first cyber insurance services were marketed in 2013. In
2015, major non-life insurers introduced their own cyber insurance services
in succession.

The number of cyber insurance policies in fiscal 2016 rose from the
previous period. Mitsui Sumitomo Insurance Co said it increased by 250 per
cent; Tokio Marine & Nichido Fire Insurance Co said it roughly tripled; AIU
Insurance Co said it increased by 50 per cent, while Sompo Japan Nipponkoa
Insurance Inc  said it increased by 350 per cent in terms of premiums paid.

Behind the rising demand for cyber insurance is companies' fear of sizeable
losses from information theft.

According to research by the Japan Network Security Association (JNSA), a
non-profit organisation, there were 468 cases of information theft via
cyber attacks and other means last year.

Although the figure fell by 320 from the previous year, the number of
victims who had personal information stolen jumped by 10.15 million to
about 15.1 million during the same period.

Among the top 10 cases in which personal information was stolen in bulk,
eight were caused by cyber attacks.

The estimated amount of compensation payments totalled about 299.4 billion
yen. The average amount per case also doubled from the previous year to
about 674 million yen.

The figure has been rising in recent years overall, although there were
special circumstances in 2014. That year, a large volume of information was
stolen from Benesse Corp, a major educational service company.

According to the National Police Agency, the number of cases of targeted
attacks using e-mails, which contained viruses and are sent to companies,
has increased for three consecutive years.

The number of those cases totalled 4,046 in 2016, up 218 from the previous
year, marking the highest number since 2012.

"These days, we should consider the notion of coming under cyber attack as
just a way of life," said Professor Keiji Habara of Kansai University, a
specialist in risk management studies.

"Considering taking out insurance policies, companies have no choice but to
examine ways to handle cyber attacks from various multiple angles."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170626/13794df6/attachment.html>