Explore the nexus of InfoSec and insurance. Stay updated on cyber insurance trends, risk management, and policies protecting against digital threats.
Search across headline titles and summaries.
Background for this topic.
Insurance is a form of risk management primarily used to hedge against the risk of a contingent, uncertain loss. In the context of information security, insurance relates to policies designed to mitigate the financial risks associated with cyber incidents and data breaches.
These insurance policies provide coverage for expenses and legal claims resulting from cyber attacks such as ransomware, phishing, data breaches, or other types of IT security incidents. This can range from immediate incident response costs, including forensic analysis and crisis management, to longer-term impacts like regulatory fines, litigation costs, and loss of business due to reputational damage.
Information security insurance is a critical component for businesses in managing and transferring the financial risks of operating in a digitally-connected world. It encourages companies to adopt robust cybersecurity measures by providing lower premiums for those with strong security postures and protocols in place.
Weekly headline count for the current query.
Cyber insurance coverage is slowly changing, and some policies may not provide coverage for social engineering attacks like ClickFix.
The cyber insurance industry has made relatively weak inroads into Asia due to a variety of factors, but that could be changing.
In this latest installment of the Reporters' Notebook video series, we discuss how cyber insurance is forcing organizations to quantify risk, what's covered (and what's not), and why this could be the best thing to happen to cybersecurity.
Incident Comes Months After NYS Fined Liberty Mutual $2M in Other HacksInsurance carrier Liberty Mutual is facing proposed class action litigation filed by policyholders who allege their sensitive information was compromised in an April data theft claimed by cybercrime gang Everest Group. The incident is the company's latest data security related troubles.
Josephine Wolff on Why Healthcare Must Scrutinize Cyber and AI CoverageHealthcare organizations face growing pressure to reassess cyber insurance policies as cyberattacks disrupt patient care and AI tools introduce new liability risks. Josephine Wolff of Tufts University discusses how exclusions, compliance demands and AI-related uncertainty shape insurance decisions.
An On Demand video from ID DatawebScattered Spider continues to evolve, and organizations across financial services, healthcare, insurance, telecommunications, and other sectors are strengthening defenses against increasingly sophisticated identity-driven threats.
State Insurance Officials Seeking Details About Service Firm's Mega Data BreachMissouri regulators are widening their investigation into the 204 hacking incident at Conduent Business Services, alleging that the company has stonewalled the state's attempts to obtain information about the data breach, which is estimated to affect more than 25 million people nationwide.
Allianz Retains Risk Exposure While Outsourcing Cyber Insurance OperationsAllianz will transition operational control of its standalone commercial cyber insurance business to Coalition, combining the insurer's global distribution and balance sheet with Coalition's cyber underwriting, monitoring and incident response capabilities in a long-term strategic partnership.
HHS OCR Breach Investigators Again Find All-Too-Common Risk Analysis FailuresFaulty or non-existent security risk analyses cost a medical imaging provider, a women's healthcare group, a health plan and a third-party insurance administrator a collective $1.7 million in fines after federal regulators concluded they didn't do enough to prevent ransomware attacks.
HHS OCR Breach Investigators Again Find All-Too-Common Risk Analysis FailuresFaulty or non-existent security risk analyses cost a medical imaging provider, a women's healthcare group, a health plan and a third-party insurance administrator a collective $1.7 million in fines after federal regulators concluded they didn't do enough to prevent ransomware attacks.
House Democrats Are the Latest to Raise Data Collection Privacy, Security AlarmsA plan by the U.S. federal agency that oversees federal benefits that would require insurers to hand over the identifiable health data of civil servants received pushback from House of Representatives Democrats who said it throws up privacy and security risks.
Stryker Has Said It Doesn't Carry Cyber insuranceStryker notified regulators that its March cyberattack will impact the medtech maker's first quarter financial results. The company also does not appear to have a cyber insurance policy in place to help cover costs associated with the disruptive incident claimed by Iranian hackers.
Federal Review Questions Whether Private Insurers Can Absorb Cyber LossesA Department of the Treasury review of cyber risk under the Terrorism Risk Insurance Program comes amid concern that nation-state attacks and systemic cyber events may overwhelm private insurers, raising the prospect of a federal backstop to protect critical infrastructure and economic stability.
State: Medicare Enrollee Data Sent to Unlicensed Firms in India, PhilippinesState insurance regulators have suspended a Florida third-party health administrator firm for unlawfully offshoring sensitive claims and other data of more than 23,000 Florida Medicare Advantage enrollees to several unlicensed companies in India and the Philippines.
A Federal Register notice seeks public comment on how cyber is covered within a 2002 law and program. The post Treasury asks whether terrorism risk insurance program should bolster cyber coverage appeared first on CyberScoop.
Lack of clear criteria risks encouraging firms to lean on state support instead of worrying about insurance The UK's cyber watchdog has warned that the government's £1.5 billion bailout of Jaguar Land Rover (JLR) risks setting a troubling precedent for how Britain handles major cyber crises.…
SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems
Compromise Affects Healthcare Clients of Co.'s Revenue Cycle Management ServicesBilling services vendor Trizetto Provider Solutions is notifying 3.4 million individuals of a hacking incident discovered in October 2025 that investigators have now determined started nearly a year earlier, when threat actors accessed the company's healthcare clients' insurance related data.
Cyber Insurance Expansion Drives Insurance Industry ConsolidationZurich Insurance Group has agreed to acquire U.K.-based Beazley in an $11 billion deal that would create a $15 billion global insurance powerhouse. The transaction strengthens Zurich's cyber insurance portfolio as demand surges for coverage tied to cyber and technology risks.
With one in three cyber-attacks now involving compromised employee accounts, insurers and regulators are placing far greater emphasis on identity posture when assessing cyber risk. For many organizations, however, these assessments remain largely opaque. Elements such as password hygiene, privileged access management, and the extent of multi-factor authentication (MFA) coverage are