Data privacy violations are the new cyber threats for insurers

Data privacy violations are the new cyber threats for insurers
The Facebook pixel, website session recorders, online video tracking and reporting – these are the new privacy threats companies are facing as class action lawsuits and regulatory actions heat up.

“Data privacy claims are now just starting to hit cyber insurers,” said Jeremy Barnett, chief commercial officer at LOKKER. “These lawsuits and regulatory actions are triggering cyber insurance claims to cover those legal expenses, as well as any fines or penalties related to them.”

“I worked in cyber insurance for years, and I left to start a company that focused on data privacy threats, because most of what cyber insurance is reacting to are cyber events that have already happened,” he explained. “I feel like data privacy threats are the leading-edge cyber events and I wanted to help address the source of the growing cybersecurity issues.”

New threats

“The new threats, relative to your readers, are starting to bubble up now with data privacy violations and class action lawsuits related to personal data theft and unauthorized usage,” he said. Cyber insurance policies that cover data privacy-related risks (as well as ransomware and other cybercrimes) are now coming up against class action lawsuits against companies, alleging unauthorized sharing of customer data.

“These lawsuits are triggering insurance claims to cover those legal expenses as well as any fines or penalties related to them,” he said.

LOKKER started in October of 2021, and even in the short time since, Barnett has seen changes in the field.

“Data privacy violations are the new ransomware,” he said. “Ransomware was the central threat to cyber insurers from 2017 to 2022.” However, Russia’s invasion of Ukraine perhaps led to a decline in ransomware attacks and, as companies fortified their systems, fewer are choosing to pay ransoms.

“Now cyber insurers are dealing with the growing trend of data privacy violations,” as the new cyber problem, in part because there is a “much higher degree of awareness from consumers as well as regulators.” With more class action lawsuits and regulatory enforcement actions, insurance companies are going to take a closer look at how their cyber policies are underwritten.”

Making the Hidden Threats Visible

LOKKER is able to address many of these data privacy concerns by helping insurers and their policyholders identify threats with its cutting-edge tools.

Companies are going to have to take a look under the hood to see what is really going on within their website features. “The trackers, pixels and cookies that are at the center of these cyber claims, are often hidden from the organizations that are being sued,” said Barnett.

Mitigating the risks requires collaboration of marketing, IT and privacy teams – on a regular basis “to continually monitor and report on what the third-party technologies are running on the website,” to see that they are privacy compliant.

In his view, executives are often perplexed to learn that here are dozens of third parties operating within their website – some needed, some not, many of which were installed years ago, and were never turned off, even after they had outlived their usefulness.

LOKKER sees itself as being part of the solution, providing a safe customer experience online.

“We provide the tools that allow companies to identify risks, control what goes in and out of the browser, and set the rules,” he said.

How does LOKKER do this?

“We first run a browser inspection of the entire site to uncover all third-party activity,” he explained.

“We’re basically imitating the website user. We scan for everything. We focus on the transaction of data. We look at every web session in the browser on the client side. And we know what’s being passed between every browser session.”

LOKKER’s toolset then allows the website administrator, the privacy team, and the marketers to make informed decisions about which trackers should be removed, which need to be evaluated, and which are approved to remain on the site.

“Because website content is always changing, organizations must be vigilant. They need effective tools that monitor and alert when things change. And, as a team, they need to build some muscle around managing the website, data that gets collected, and how to comply with the latest privacy laws,” he said.  

For cyber insurers, the mindset is a bit different. “How can underwriters identify privacy risks across their entire book?” Barnett asks, hypothetically. “As with cyber security risk assessments, technology is a key element to gaining intelligence. We hope to be a go-to partner for helping insurers manage and mitigate these privacy risks.”

LOKKER, he said, helps give companies and their insurers the right “tools to do right by their customers and build trust.”

Full Report: Insurance Business

Share this article: