Is Equifax’s Cyber Insurance Enough to Cover Breach?

By | September 11, 2017

Equifax Inc.’s insurance against cyber breaches is likely inadequate to cover the credit-reporting company’s costs tied to one of the biggest hacks in history, according to people familiar with the coverage.

The company holds a policy that would probably cover about $100 million to $150 million, with costs shared by carriers in the London market and elsewhere, said the people, who asked not to be identified discussing a private contract. Though Equifax’s eventual expense may not be known for years, it could be multiples higher than the insurance payout, given what the company has disclosed and the costs at hacking victims like Yahoo and Target Corp., they said.

“Equifax carries cybersecurity, crime, general-liability and other lines of insurance, and we have begun discussions with our carriers regarding the incident,” a spokesperson said by email Saturday, without commenting further.

The company has offered free credit-monitoring to victims after reporting Thursday that a breach affected 143 million people, revealing Social Security numbers, drivers license data and birth dates. The Atlanta-based company now faces multiple state and federal investigations, and a proposed multibillion-dollar class action lawsuit was filed against Equifax. In its annual report, the company addressed the limits of its insurance protection tied to cyber risks.

‘Risk Retention’

“Our property and business interruption insurance may not be adequate to compensate us for all losses or failures that may occur,” Equifax said in the filing. “Also, our third-party insurance coverage will vary from time to time in both type and amount depending on availability, cost and our decisions with respect to risk retention.”

Equifax dropped 14 percent in New York trading Friday. The company is one of the three major bureaus that maintain databases of consumers’ credit status, payment history and address information. The same banks that furnish much of the bureaus’ credit data also use it to make lending decisions.

Beazley Plc, which has been expanding offerings to protect clients against cyber risks, is the lead insurer for Equifax, according to two people familiar with the contract. A representative for the London-based insurer declined to comment.

Related:

Latest Comments

  • September 19, 2017 at 9:39 am
    Carol says:
    Come on Jeff Sessions, you say you want to be harder on criminals and put them away longer - these are the REAL criminals as they have stolen from 143 million people and all t... read more
  • September 18, 2017 at 2:15 pm
    Dave says:
    If there was knowledge of this breach 40 days before it was reported, it is questionable that their policies will respond. It is highly doubtful that any "failure to maintain ... read more
  • September 14, 2017 at 9:54 pm
    Bender says:
    I do not think that any insurance will cover the negligence of Equifax. Last March Apache issued a patch, Apache Struts CVE-2017-5638 for a known Apache Struts vulnerability. ... read more
See all comments

Add a Comment

Your email address will not be published. Required fields are marked *

*

More News
More News Features