Peter Hancock, the chief executive officer of American International Group Inc.’s property-casualty unit, says businesses have too little coverage to guard against costs tied to cyber attacks and data breaches.
“It’s a very real risk, and one that’s massively under-insured,” Hancock, 55, said today at a conference in New York held by National Underwriter. “Without greater awareness, there’s not much customer demand. Without much customer demand, the industry’s capacity is rather small. And without the large capacity, the customers say, ‘Why buy it?’”
Zurich Insurance Group AG and New York-based AIG are among carriers offering protection that helps pay for damage caused by hacking as well as fines and repair costs. Attacks against U.S. banks have knocked their websites offline and prevented customer access, and the Associated Press’s Twitter account was hacked this year to falsely report an explosion near the White House, temporarily triggering a plunge in U.S. stocks.
Michael Kerner, who oversees property-casualty coverage at Zurich, Switzerland’s largest insurer, said last month that computer threats are escalating and may soon cause “dramatic” disruptions for businesses and individuals. The AP attack was carried out by the Syrian Electronic Army, a group that supports the government of President Bashar al-Assad.
Businesses contend with a variety of state privacy laws that outline how they must respond when customer data is compromised, Hancock said.
“It’s really important for companies to be aware of their obligations when there’s a breach,” he said. “A lot of companies we encounter have absolutely no clue. They know they’ve been breached but they don’t know what the right response is.”