惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

美团技术团队
W
WeLiveSecurity
Stack Overflow Blog
Stack Overflow Blog
L
LangChain Blog
S
SegmentFault 最新的问题
Apple Machine Learning Research
Apple Machine Learning Research
Google DeepMind News
Google DeepMind News
F
Full Disclosure
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
The Register - Security
The Register - Security
G
Google Developers Blog
C
Check Point Blog
GbyAI
GbyAI
A
About on SuperTechFans
V
Vulnerabilities – Threatpost
T
The Blog of Author Tim Ferriss
T
Tor Project blog
AWS News Blog
AWS News Blog
Cyberwarzone
Cyberwarzone
C
CERT Recently Published Vulnerability Notes
MongoDB | Blog
MongoDB | Blog
Latest news
Latest news
aimingoo的专栏
aimingoo的专栏
U
Unit 42
Y
Y Combinator Blog
P
Privacy International News Feed
Cisco Talos Blog
Cisco Talos Blog
S
Securelist
S
Schneier on Security
雷峰网
雷峰网
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Attack and Defense Labs
Attack and Defense Labs
P
Proofpoint News Feed
C
Cisco Blogs
Webroot Blog
Webroot Blog
T
Troy Hunt's Blog
Google Online Security Blog
Google Online Security Blog
月光博客
月光博客
P
Privacy & Cybersecurity Law Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
罗磊的独立博客
Cloudbric
Cloudbric
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Hacker News: Ask HN
Hacker News: Ask HN
H
Hackread – Cybersecurity News, Data Breaches, AI and More
博客园 - 司徒正美
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Microsoft Security Blog
Microsoft Security Blog

Search Security Resources and Information from TechTarget

How to operationalize threat modeling with AI | TechTarget CISO First fully agentic ransomware attack sparks readiness concerns | TechTarget Evaluating secure enterprise browsers vs. security plugins | TechTarget The AI vulnerability storm is here: Is your security program ready? | TechTarget Perimeter to posture: A roadmap to zero trust maturity | TechTarget TLS certificate lifetime changes: What CISOs must do now | TechTarget The agentic AI 8 key aspects of a mobile device security audit program | TechTarget Why mobile security audits are important in the enterprise | TechTarget Beyond the perimeter: The shift to data-centric protection | TechTarget How agentic AI threat intelligence aids NGO cyber defense: Case study | TechTarget How to conduct a mobile app security audit | TechTarget NO FAKES Act advances: What CISOs need to know | TechTarget What CISOs should know about AI runtime security | TechTarget As Q-Day looms, 90% of systems are unprepared for PQC | TechTarget A CISO Most security pros say their culture is Zscaler lays out its vision to secure the AI era at Zenith Live | TechTarget The OpenClaw security risks every CISO needs to know | TechTarget Cloud security metrics and KPIs: A CISO Florida public sector training on SimSpace cyber range: Case study | TechTarget Reporters' Notebook — Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security It's time to update incident response for the AI era How to build AI security guardrails without blocking innovation The prosecution gap: Why cybercrimes go unpunished AI in cyberdefense: Learning from threat actors' playbooks Top identity and access management risks CISO role changes as cyber-risk appetites in the C-suite grow CISO's guide to data minimization Researchers build autonomous AI worm that can reason and adapt How to secure data at rest, in use and in motion How to find cyber-risk data sources for a FAIR analysis Lost in translation: Cybersecurity board reporting for CISOs How to prepare security controls for future AI regulations EO 14390 raises stakes for enterprise cybersecurity First month of Mythos Preview testing exposes 10K flaws OT attacks shift from recon to physical control, raising stakes For CISOs, dawn of OpenAI Daybreak brings good and bad news Gartner Security & Risk Management Summit 2026: Adapting for AI | TechTarget Inside business email compromise attacks: Real-world examples Verizon 2026 DBIR: 6 key takeaways for CISOs Identity security for AI agents: The proliferation challenge How to build a business impact analysis checklist Taking care of business: The CISO's role in a cyber crisis What CISOs need to know about AI audit logs SOC vs. MDR: What CISOs need to consider Instructure cyberattack reignites ransom payment debate Transform SIEM rules with behavior-based threat detection CISO's guide: How to test an incident response plan How to implement zero trust for AI Data after the breach: Economics of the dark web The breakup: Why CISOs are decoupling data from their SIEMs | TechTarget News brief: Security worries and warnings as AI use expands How to construct an effective security controls evaluation 5 leading enterprise password managers to consider Claude Mythos changes the AI security threat matrix Buyer 6 things to check in your cyber insurance policy fine print News brief: Critical infrastructure, OT cybersecurity attacks Tape's strategic role in modern data protection Top zero-trust use cases in the enterprise What every CISO should consider before a SIEM migration CISO's guide to centralized vs. federated security models Shadow code: The hidden threat for enterprise IT How to fix cybersecurity's agentic AI identity crisis 5 top SIEM use cases in the enterprise Top 8 e-signature software providers for 2026 How do digital signatures work? News brief: AI woes continue for security leaders Deepfake era demands proof-based security, not just awareness Is SOAR dead or alive? Sort of The push for digital sovereignty: What CISOs need to know Beyond awareness: Human risk management metrics for CISOs Cybersecurity in the age of AI means bigger, faster threats At RSAC 2026, AI optimism and anxiety -- and an MIA U.S. government Inside the SOC that secured RSAC 2026 Conference How to roll out an enterprise passkey deployment How to improve the SOC analyst experience -- and why it matters How contact centers detect and prevent fraud News brief: Iranian cyberattacks target U.S. water, energy CISO checklist: Cybersecurity platform or marketing ploy? RSAC 2026 Conference: Key news and industry analysis | TechTarget Next-generation firewall buyer's guide for CISOs Contact center monitoring best practices for CX leaders RSAC 2026: Cyber insurance and the rise of ransomware Agentic AI's role in amplifying and creating insider risks RSAC 2026 recap: AI security and network security trends Identity security at RSAC 2026: The new enterprise dynamics Meaningful metrics demonstrate the value of cyber-resiliency What to know about red team testing and the law News brief: Iran cyberattacks escalate, U.S. targets named 5 top SOC-as-a-service providers and how to evaluate them Cloud security architecture: Enterprise cloud blueprint for CISOs Contact center compliance checklist for modern workforces How AI caught a malicious North Korean insider at Exabeam Watch your words: Tim Brown's advice for CISOs News brief: U.S. absence at RSAC sparks leadership concerns Network security management challenges and best practices 10 enterprise secure remote access best practices
How cyber insurance helped with breach recovery -- or not
Richard Livingston · 2026-05-04 · via Search Security Resources and Information from TechTarget

Four organizations, each with cyber insurance policies, responded differently to data breaches. Read the real-world examples of what went right and wrong.

Since its emergence in the 1990s, cyber insurance has become a critical part of enterprise risk management. Initially an offshoot of errors and omissions insurance, cyber insurance coverage, which was limited in scope, swiftly matured as companies became more reliant on data and technology -- and as attackers posed a greater threat.

Cyber insurance, also known as cyber liability insurance, is a commercial product that transfers financial risk arising from cyberattacks to a third party, helping victims recover from financial losses and operational disruptions. While terms vary from policy to policy, insurers typically cover a range of scenarios, including data breaches, malware, social engineering attacks, system failures and business interruptions. According to MarketsandMarkets, the cyber insurance market, valued at $16.5 billion in 2025, is forecasted to grow to $32 billion by 2030.

Do organizations really need cyber insurance?

The FBI, in its IC3 Internet Crime Report, disclosed losses exceeding $20.8 billion as a result of cybercrime in 2025, a 26% increase from the prior year. Despite elevated cybersecurity awareness and sophisticated defenses, no organization is immune to digital threat actors.

The fallout from data breaches has grown more severe, too. Beyond financial damages, organizations recovering from a cyberattack potentially face negative press, loss of public trust, regulatory costs and concerns, unanticipated business disruptions and legal action from stakeholders. A successful data breach can easily cost millions and affect a company for years.

Traditional business insurance does not cover cybersecurity risks; cyber insurance carriers offer the only contract model that can help an operation get back on its feet after a breach. In recent years, businesses of all sizes and across industries have discovered the benefits and risks of cyber insurance coverage. The following incidents are a few of the high-profile data breaches that occur all too often, and highlight how cyber insurance policyholders responded.

Cyber insurance carrier breached

The CNA Financial Corporation breach is one of the most significant ransomware incidents to affect the insurance industry, particularly because CNA itself is a major provider of cyber insurance.

In March 2021, CNA disclosed that it had suffered a sophisticated cyberattack that disrupted its network and internal systems, including corporate email and employee services. The attack was later identified as ransomware, widely attributed to the Russian-linked Evil Corp/Phoenix group. It reportedly encrypted more than 15,000 devices across the company's network, including remote systems connected via VPN. This widespread disruption forced CNA to shut down parts of its IT infrastructure and engage forensic experts and law enforcement to investigate the breach.

CNA decided to pay approximately $40 million in ransom, negotiated from a $60 million demand, to regain access to its systems. At the time, it was one of the largest publicly known ransomware payments.

Cyber insurance played a paradoxical role in this event. As a leading cyber insurer, CNA offered policies designed to help other organizations recover from cyberattacks, including coverage for ransomware incidents, business interruption and incident response services. However, in its Securities and Exchange Commission filings, CNA said its cyber insurance coverage would probably not fully offset the financial losses from the attack.

Resort pays to recover loyalty data

In August 2023, Caesars Entertainment, operator of the Caesars Palace resort, was the victim of a social engineering attack targeting a third-party IT vendor. Attackers linked to the Scattered Spider group impersonated Ceasers employees and tricked its outsourced IT support vendor into sharing access credentials. Once inside, they exfiltrated a large database tied to Caesars' loyalty program, compromising sensitive personal information belonging to its rewards members, including some driver's license and Social Security numbers.

The attackers demanded a ransom of around $30 million. Caesars ultimately chose to pay $15 million in exchange for the attackers' assurances that the stolen data would be deleted. Caesars' decision to pay enabled casino and hotel operations to continue largely uninterrupted, an example of the high-stakes trade-offs organizations face during ransomware incidents.

In its regulatory filings, Caesars acknowledged that the total financial impact of the breach -- including ransom payment, investigation and remediation costs -- would be partially offset by its cybersecurity insurance coverage.

MGM Resorts refuses to pay

A month after the Caesars breach, MGM Resorts International suffered a similar incident. Scattered Spider used social engineering techniques to access MGM's systems by impersonating an employee and convincing the IT help desk staff to reset credentials. Attackers deployed ransomware, encrypting systems and forcing MGM to shut down large portions of its operations.

MGM did not pay its attackers. Hotels and casinos across Las Vegas experienced widespread outages, including inoperable slot machines, malfunctioning digital room keys and disabled booking systems. The disruption lasted several days, significantly impacting customer experience and revenue. MGM later confirmed that personal information, including names, contact details and some Social Security numbers, had been accessed.

Cyber insurance mitigated some of these losses but did not eliminate the financial impact. The company reportedly had a policy covering $200 million in business interruption- and ransomware-related costs, but it still disclosed a $100 million financial impact from the incident, with an additional $10 million incurred in costs for consultants, advisors and legal fees.

A city denied due to MFA

The February 2024 cyberattack on the city of Hamilton, Ontario, highlighted how failing to meet cyber insurance requirements might leave an organization fully exposed to financial loss. Attackers gained access to the city's network through weak credentials on public-facing systems. The incident crippled 80% of the municipal IT infrastructure. Critical services, including business licensing, property tax and transit planning, were offline for weeks. Some system backups, including permit applications and fire department records, were unrecoverable.

The attackers demanded $18.5 million in ransom. Hamilton chose not to pay, citing unreliable decryption tools and concerns about funding organized crime. Instead, it spent nearly the same amount -- about $18.3 million -- on recovery efforts.

Under normal circumstances, Hamilton's cyber insurance policy would help offset the losses. However, the city's IT teams had failed to fully implement MFA, as required under the policy, and the claim was denied. A lack of proper cybersecurity controls resulted in a fully uninsured financial burden shouldered by taxpayers.

With cybercrime costs surging and the fallout from breaches growing more severe, organizations should consider the role of cyber insurance in safeguarding operations, reputation and the bottom line. Whether policyholders decide to cede to threat actor demands or take a stand on principle, organizations must clearly understand what's covered, what's not and what cybersecurity measures are necessary to keep systems safe.

Richard Livingston is an editor with Informa TechTarget's SearchSecurity site, covering cybersecurity news, trends and analysis.

Next Steps

Why cyber insurance won't cover the next generation of attacks

RSAC 2026: Cyber insurance and the rise of ransomware

How cyber insurance requirements reshape backup architecture

Dig Deeper on Risk management