The Equifax cyber breach exposed the personal data of about 143 million Americans. It was huge by any standards.
Sensitive data from client records, such as credit card and bank information, as well as Social Security numbers, were exposed by the attack.
But what does the massive breach mean for the US cyber insurance market? Rob Rosenzweig, vice president and national cyber practice leader for insurance brokerage Risk Strategies Company, spoke to Insurance Business and shared some thoughts.
Celebrate excellence in insurance. Join us at the Insurance Business Awards in Chicago on October 26.
“The easy question becomes: does a breach of this magnitude do anything in terms of the hardening of the marketplace … for pricing and for underwriting scrutiny and the types of coverages that are available?” he said. “I would imagine this could have some broader consequences for the insurers in the marketplace.”
The fallout for the sector will likely include “some ramifications in the marketplace,” Rosenzweig said, but he suggested the ramifications may not be significant or long-lasting.
“Unfortunately, there’s generally pretty short-term institutional memory here,” he noted.
“Whether it’s the size of the organization that’s being underwritten or the industry vertical, there will be some additional scrutiny on that class of business for some period of time – you know, similarly situated businesses may have higher pricing or not as broad coverage for a period of time. But if we don’t see another significant breach, history has shown us that we will come back to the mean at some point.”
While the cyber breach was the “most catastrophic” in history, Rosenzweig said, the “60-65” major players in the industry were equipped to deal with it.
It was the “most catastrophic” breach in history for two reasons, he said. One: the number of records. And two: the fact that it included social security details, not merely credit card numbers, which can easily be cancelled.
“It’s a reminder that all businesses should place a great deal of scrutiny on their vendor relationships, both in terms of doing due diligence on what technology and what levels of control that the vendors they’re working with [are using],” he said. “Based on what’s been reported, this was a vulnerability in software that was open-sourced software, which Equifax was utilizing from a vendor.”
Related stories:
Expert takes a critical look at Equifax data breach
Is Equifax trying to trick data-breach victims into giving up their right to sue?