Cyber Insurance for Data Breaches

1
Cyber Insurance for Data Breaches

• Márk Félegyházi
• Laboratory of Cryptography and System Security
  (CrySyS Lab)
• Department of Telecommunications
• Budapest University of Technology and Economics
• www.crysys.hu

2
Failure to protect data

• 2006 May Department of Veteran Affairs 28.6m
  name, SSN, DoB
• 2007 March TJ Maxx 94m credit and debit cards
• 2008 end Heartland Payment Systems 100m
  credit and debit card info
• 2011 April Sony Online 24.6m accounts
• Is this going to continue?

3
Failure to protect data

• AND
• Wall Street Journal, 2007 Sep 22

4
Cost of breach is substantial

• SME breach of 25000 records cost of 4.16m
• Sony breach of 77m records compromised
• 171m spent (May 24, 2011) on
• total costs?
• 258 per record 20.6 billion
• conservative 5.6 billion

5
Solution Static audits

• Payment Card Industry Data Security Standard (PCI
  DSS)

content provider
users
auditor
Malice
6
Proposal Dynamic security monitoring Insurance
content provider
users
security company
cyber-insurance company
Malice
7
Key points

• data value assessment
• design a clear data flow in system
• monitor data flow
• establish security

Márk Félegyházi, Crysys Lab, BME-HIT mfelegyhazi_at_
crysys.hu www.crysys.hu