Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Underwriters seek in-depth information before covering retailers' cyber risks

Reprints

Underwriters are requesting more in-depth information from retailers before agreeing to underwrite cyber risks in light of the recent massive data breaches at The Home Depot Inc. and Target Corp.

They are focusing on how “a retailer mitigates or prevents specifically the kind of breaches, the malware, that impacted some of the big retailers to date,” said Mark Greisiger, president of Gladwynne, Pennsylvania-based NetDiligence, which provides cyber risk management and information security services as Network Standard Corp.'s marketing arm.

“They're almost getting microscopic on the issue. They really are drilling down very specifically,” said Dena Magyar, Charlotte, North Carolina-based national practice leader at Wells Fargo Insurance Services USA Inc.'s professional risk group.

Among questions cyber underwriters are asking now are:

? What has the company done to mitigate or prevent data breaches?

? Has the company investigated all systems for vulnerabilities, and what has been done to remediate any issues discovered?

? Does the company and its outside providers have PCI Security Standards Council certification as meeting the security standard for the payment card industry?

? How do the company's systems interact with those of providers?

? What point-of-sale technology is used, and what parts, if any, do outside providers handle?

? What contractual and procedural controls are in place with point-of-sale and card processing providers?

? How are point-of-sales systems segregated so the entire system is not affected if they are hacked?

? How is point-of-sale data aggregated, and how is the information secured?

? Are the company's systems based on Microsoft Corp.'s Windows operating system, which has been the source of some of the breaches?

? If allowed, how is the company monitoring employees' handheld devices brought into the stores?

“We continue to refine” the questions asked of applicants, said Brad Gow, New York-based vice president of professional lines insurance at Endurance Specialty Holdings Ltd. “I certainly know more about point-of-sale systems that I did six months ago.”

Read Next