Can cybersecurity insurance protect consumers from attacks?–Doug Criscitello

Doug Criscitello, Executive Director of MIT’s Center for Finance and Policy

Doug Criscitello, Executive Director of MIT’s Center for Finance and Policy

From The Hill

As we move beyond the widespread acceptance and use of online banking and trading platforms and push further into an increasingly digital financial marketplace, consumers face new forms of risk—namely, cyber risk—that would have been unfathomable previously. When confronted with risks that could be financially devastating, consumers are driven to mitigate and insure against such perils. Has the time come to purchase insurance for financial cyber risks?

Rational consumers seek to prevent, minimize or avoid adverse financial outcomes by purchasing insurance to protect against actual and perceived risks they can’t easily afford. Insurance essentially serves as a risk management and wealth preservation tool. However, consumers realize that it doesn’t make sense to purchase insurance when the cost of coverage is so high that they will pay substantially more in premiums than expected losses. In other words, they decide that self-insuring is the more cost-effective alternative.

Individuals today are increasingly concerned about their online security but don’t have a clear understanding of the amorphous yet perilous risks they face. In response, new consumer-directed insurance products are being offered to guard against cyber attacks.

Read More »

How small businesses can fend off hackers — Lou Shipley

MIT Sloan Lecturer Lou Shipley

MIT Sloan Lecturer Lou Shipley

From The Wall Street Journal

If you wanted to hack a business, which one would you pick: A Fortune 500 company with a large digital-security budget and a team dedicated to protecting its cyberassets? Or a small enterprise that doesn’t employ a single IT security specialist? Of course hackers are equal-opportunity criminals, but you get my point.

Security breaches at big companies such as J.P. Morgan, Sony and Home Depotdominate the headlines, but safety measures are crucial for organizations of all shapes and sizes. According to the 2012 Verizon Data Breach Report, 71% of cyberattacks occur at businesses with fewer than 100 employees. The average cost of a data breach for those small businesses is $36,000.

We can no longer assume that hackers are solitary figures sitting in basements fiddling with their laptops. They may be members of organized-crime groups or employed by nation states, and they have resources that can destabilize entire companies and countries. These hackers constantly look for Internet vulnerabilities. They break through firewalls, infect machines, and use phishing schemes to gain access through emails to people’s passwords and Social Security numbers. They can then leverage weaknesses in applications to cause a database to output its contents.

So what can the owner of a small business do to defend himself? Here are some tips.

Read More »

Why the future of digital security is open — Lou Shipley

MIT Sloan Lecturer Lou Shipley

MIT Sloan Lecturer Lou Shipley

From TechCrunch

The topic of digital security often brings to mind the image of bleak and dark future, where computers, mobile devices and other systems are riddled with malware and cyber criminals lurk, ready to steal our data and crash our systems. We have good reason to be nervous. We’ve seen plenty of cyber-security breaches in the past few years, like credit card thefts at Target and password issues at sites like LinkedIn.

Digital security is a major concern. Few other issues affect everyone, from individuals to companies to entire nations. So what is the future of digital security?

One discussion thread centers on email encryption, prompted by Yahoo joining forces with Google and Microsoft to develop an encrypted email system. While encryption is a step in the right direction, it’s probably not sufficient by itself. In addition to usability issues — like compatibility of platforms and the human tendency to reuse the same basic passwords — email only covers a portion of the digital world. It’s a partial “attack surface.”

Read More »