Following the Capital One hacking and data breach, which is among the largest ever in the banking and financial world, Property Claim Services (PCS) is monitoring the event for cyber catastrophe implications.
This is according to PCS Co-Head, Tom Johansmeyer, who told Reinsurance News that this sort of development can take a long time, and as such, PCS is monitoring the situation but isn’t jumping to any conclusions.
On July 29th, an individual accessed Capital One’s IT systems, which ultimately resulted in the loss of personal data associated with 106 million applicants and customers, 100 million in the United States and 6 million in Canada.
At the time, Capital One explained that most of the data accessed by the hacker was the kind of personal data collected when consumers applied for one of its credit cards. This included names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income.
The alleged hacker has been arrested by the FBI, and specific vulnerability that was exploited was closed by Capital One as the bank entered recovery mode.
Capital One said that the data breach and hacking is likely to generate the firm incremental costs of approximately $100 to $150 million in 2019, that’s largely for customer notifications, credit monitoring, technology costs, and legal support.
The firm explained that it has a $400 million cyber insurance tower in place to cover “certain costs associated with a cyber risk event.”
PCS released its Global Cyber Industry Loss Index for insured cyber losses with a minimum threshold of $20 million industry wide in 2017, and the Capital One breach has been designated it as a global risk loss under PCS Global Cyber.
For a cyber event to qualify for designation under PCS Global Cyber, it must generate a re/insured loss of at least $20 million.
“We’re monitoring the event for cyber catastrophe implications, but this sort of development can take a long time. LockerGoga is a recent example of this. Even when companies are affected, it can take time for them to decide whether to claim and against which programs.
“While the industry tends to focus on development of the loss once the reporting starts (we see this in property catastrophes a lot), with cyber, it can take a while to see if claims will even occur.
“If there is a cat here, it’s going to take some time. For now, PCS has designated a global risk loss, and we are not jumping to conclusions about cat,” said Johansmeyer.
It was reported last week that the Capital One breach may have affected other major companies, so it will be interesting to see how this event develops not just for Capital One, but potentially for other companies as well.