A recent cyber hack that was as embarrassing for the company as it was for its victims should provide a “wake-up call” for every broker with a commercial client.
Its tagline may have been “Life is short. Have an affair..,” but many of Ashley Madison’s users probably wish they never heeded that call, no matter how short life may be.
In what The Economist
has dubbed a “wake-up call” for modern business, the latest cyberattack reveals that commercial clients are no longer safe in the digital age – and it’s up to brokers to let them know that.
In Ashley Madison’s case, a band of hackers known as Impact Team released 9.7 gigabytes of its members’ personal data, including names, addresses, financial transactions and details surrounding their sexual preferences, according to Wired
This particular hack is intensified by the fact that many of Ashley Madison’s members were linked to government or military institutions, including one from the Customers and Immigration Union who wrote, “I’m looking for someone who isn’t happy at home or just bored and looking for some excitement.”
As a result, this incident exposes a new threat that is growing in frequency, but presents a new opportunity for brokers to provide necessary coverage that protects clients.
“Technically speaking, this is actually a case of cyber extortion,” said Brian Rosenbaum, national cyber and privacy practice leader at Aon Risk Services, in a previous interview with Insurance Business
. “Sometimes it’s motivated by political views, sometimes it’s for financial gain, but either way, it involves someone threatening to release information in order to force a company to do something.”
Impact Team wanted Ashley Madison and all related sites taken off the internet, but when its Canadian owners failed to oblige, it went public with the leak. Many businesses may not realize that while these attacks seem extraordinary, they are actually on the rise.
“Cyber extortion is on the upswing now,” Rosenbaum said. “Years ago it wasn’t a big issue, but there’s been a lot of development of malware and intrusion software that make cyber extortion more viable now.”
He differentiates this from kidnap, ransom and extortion policies, which protect the enterprise itself, but not outside parties affected by a breach. That doesn’t necessarily mean the third party can make a claim.
“In Ashley Madison’s case, the threat was to release customers’ personal information. Kidnap, ransom and extortion would cover the company’s own intellectual property, but a cyber extortion policy would cover the third-party information of the insured,” he said.
Going forward, Rosenbaum foresees an environment where many private sector organizations will require a certain baseline of this coverage before they will enter into contracts or agreements with another entity.
“A lot of industries have made this a contractual obligation, essentially saying: Want to do business with us? Then buy this insurance,” Rosenbaum said.