Insurers address privacy breach liability risks

Privacy breaches are a big cybersecurity risk that the insurance industry is working to address, on both individual and business levels. 

For individuals, privacy and identity information breaches, along with theft of funds through cyberattacks, are the greatest concerns. A survey of 1,605 people sponsored by Chubb found that 13% of them had been victims of a cyberattack over money, and 18% were victims of information breach cyberattacks. The percentages were higher for high net worth individuals – 28% and 35% respectively.

Of those surveyed, 81% said they were concerned that the "proliferation" of online devices is a threat to their privacy. Less than half of consumers are confident that their personal data is secure online, according to the Chubb survey. In a related question, 56% of those surveyed said they were very concerned that a cyber breach would expose their personal information or identity, and another 36% were somewhat concerned. Among types of personal data that respondents said they were concerned about breaches, financial data ranked highest, with 53% saying it was their greatest concern, followed in rank by personal information, health information, purchasing data, browsing history and DNA/ancestry services.

"Our fifth annual report on personal cyber risk has a compelling narrative: Awareness of and concern over cyber threats is high and growing. At the same time, people are annoyed and frustrated by taking actions to protect themselves online. Thankfully, the gap between awareness and action has started to narrow," said Ana Robic, Division President, Chubb North America Personal Risk Services, in a statement. "While the progress is encouraging, risky behaviors are still too prevalent. Individuals and families should remain vigilant in defending themselves against cyber perils and know that there are risk management solutions to help ensure protection in the event of a personal cyber incident."

Privacy violations and related legal issues for businesses and corporations have gotten the insurance industry's attention, explains cybersecurity and data privacy expert David Derigiotis, chief insurance officer at Embroker, a digital insurance platform.

In the past year, five U.S. states implemented privacy laws and four more states started considering privacy laws, according to Derigiotis. Last year, Facebook settled with the state of Illinois for $650 million over violations of the Illinois Biometric Information Privacy Act. Facebook and its parent company Meta are also facing class-action privacy lawsuits over the company's "pixel" computer code that tracks online activity of website visitors.

"Privacy is an area that every organization has to be mindful of what type of data they're collecting, who they're sharing it with, what rights they're giving to the individuals that they're collecting the information from, and are they in line with what the regulations are calling for?" Derigiotis said. "That's what's so difficult about the U.S. The U.S. is such a patchwork of privacy laws, rules and regulations that are either dictated at the federal level, the state level, or from independent organizations."