Sony has been sued by its insurance company, which says the policy it issued doesn’t cover a series of high-profile security breaches that exposed personal information associated with more than 100 million accounts.

Full Story at http://www.theregister.co.uk/2011/07/22/sony_breach_insurance/

According to Alan Paller of the SANS institute:

” I met with the representatives of nearly every organization selling cyber
insurance in the U.S. and was surprised that they were unable to provide even one
example where any of their insurance policies ever paid for the kinds of losses that
weak cyber security facilitated. It turns out the problem they face is lack of
reinsurance, without it insurers will not take the risk. Reinsurance requires that a
fire in Chicago not also be happening in New York and Atlanta and everywhere else.
The cyber threat can and does affect many victims in many places; its losses simply
cannot be re-insured effectively. Without reinsurance, the insurers had to
radically constrain the losses they covered. If you bought a cyber policy, don’t bet
your career on telling your boss that your company “is covered for cyber losses.””

Have you read your cyber-liability policy lately?