Workload and Application Security Blog

Why Insurers Are Riveted to Plot Twists of the HBO Hack

Written by Virsec | Aug 14, 2017 5:42:07 PM

 

Amidst Perplexing Hacker’s Motives, Companies Hope Improvements in Cybersecurity & Insurance Coverage Will Emerge

In our world of increasing data theft attacks, HBO was a victim last summer, losing something other than customer information – their own sensitive information was stolen. The 1.5 terabytes of swiped information included sensitive documents, program scripts and unreleased episodes of Game of Thrones. After the initial disruption surrounding the hack, a ransom of $7.5 million was demanded in exchange for not releasing more TV show scripts and other sensitive information.

Sources this week (October 18) have said for shooting Game of Thrones episodes for season 8, no scripts will be handed out. Instead, lines will be fed to the actors through ear pieces. Some feel this will prove to be impractical for good performances, but however it pans out, it’s clear there’s enough fear of leaks that extreme measures might be tried to keep the content confidential.

Protective measures also include insurance policies. Many companies now have some coverage against hacks, but at present, those policies are known for only covering losses of tangible “hard” costs – such as, expenses you can measure and for which you are likely to receive an invoice. But soft costs are another matter, such as a tarnished reputation, public embarrassment or the difficult-to-assess damage that comes from the leaking of a much anticipated, upcoming episode of a popular TV show.

Ray DeMeo, chief operating officer of Virsec, a supplier of web application security systems says about insurance, “The resulting gaps in coverage are as plain as day. Cyber policies today typically limit coverage to the so-called "hard" costs of a breach: investigative, forensic and recovery expenses; privacy loss notifications; and even extortion payments. This can leave significant gaps for the soft costs - damaged reputation, customer goodwill, loss of future business, devalued intellectual property, etc. While some of these risks may be hard to quantify, the potential damage can be much larger than the covered costs."

A separate article on the attack, Third Certainty’s Recent HBO hack could spur better cybersecurity practices, highlights a few more details and the hope that some better security measures can come from the experience. Plenty of mystery persists around this and other attacks and a variety of theories have been expressed when trying to guess at possible motives behind these kinds of attacks. Since it wasn’t initially demanded, it doesn’t seem money was the primary objective. Sometimes the motive seems to be as much, if not more, to embarrass or humiliate a company.

Virsec Systems founder and CTO Satya Gupta observes how a breach of this magnitude goes well beyond the immediate damage. “Reputational damage can linger a long time. In the specific case of HBO, the attack comes as its parent company, Time Warner, is the target of a possible acquisition by AT&T. Will this impact the sale in some way, as the Yahoo breach slowed down that company’s acquisition by Verizon?”

Speculative about motives will likely continue about this and other hacks and companies will continue to pay high prices for such breaches. Losing money is bad enough but losing reputation as noted above can be even worse. Even if we can’t identify the why’s behind hackers’ intent, our energy is better spent aiming to bolster organization’s security to block hackers in the first place, as well as in seeking ways insurance policies can improve to help organizations be better equipped to deal with these kinds of attacks.

Read full Why insurers Are Riveted to Plot Twists of the HBO Hack

Read full Could HBO Attack Spur Better Cybersecurity Practices