Just released: How to raise venture capital in 2023


3 cyber insurance lessons from the HBO data breach

Matt McKenna Scale Underwriting
Matt McKenna

Underwriting Manager

Copyright 2017 Home Box Office, Inc.


Winter is com…wait, nope, those are lawyers.

Lawyers are coming.

Fresh off the heels of the personally identifiable information (PII) of every registered voter in the United States being stolen, another American institution is on the defense.

OK so maybe it’s not an “institution” per se. HBO was the target of a hacking attack in July which resulted in a 1.5 terabyte data breach. Much of this data was highly sensitive or valuable information. 

We can learn countless lessons from this but there are three in particular that stand out:

  1. Data breaches can happen to anyone.
  2. Data breaches against smaller companies consume less time and resources.
  3. Cyber insurance is designed to cover the costs that HBO is dealing with right now.


Data breaches can happen to anyone

HBO announced on July 31st that it was the victim of a hacking attack. A week later, new details began to emerge. We now know that the breach was 7 times the size of the Sony breach. It included the PII of employees and even famous actors. Adding fuel to the fire, internal and confidential communications were released which could have serious PR implications.

We also know that Time Warner (HBO’s parent company) is no stranger to data breaches. Just last year, the passwords of 320,000 cable users were compromised in what was believed to be a social engineering scheme. (More on social engineering here).

They’ve navigated the intricate terrain of lawyers and regulators, demonstrating a thorough commitment to the auditing process within their insurance company, ensuring meticulous scrutiny and enhancement of their cybersecurity practices.

And still they got attacked. The thing is, it took six months to get the job done.


Data breaches against smaller companies consume less time and resources

Let’s use another big budget franchise to help us out here:

So I’m Jaws, right? Big shark, sharp teeth…the whole deal. For six years I try to eat those delicious little 1970’s Amity Island beachgoers and for six years that meddling Police Chief Brody and his little “shark expert” buddy get in the way.

A few foolhardy fisherman and promiscuous college kids here and there are not enough for the modern shark to make ends meet…do you have any idea what overhead is like on the ocean?

So I’ve had enough. No more cold winters. I’m heading down to Florida, I’m getting a relaxing spot by the beach and I’m going to eat Dennis Quaid. I’m taking the path of least resistance because I’ve been burned in the past. And shot. And blown up!

Hackers are predators. It took this hacker (or hackers) six months to breach HBO’s systems. This level of persistence is the exception, not the rule. The vast majority of black hats will instead choose the path of least resistance and attack the target that doesn’t see it coming. This is the target that hasn’t had an attack in the past. They haven’t brought in their “expert” to review their situation. They honestly don’t think it can happen to them.

For this reason, 85% of “targets of opportunity” are small businesses and 55% of small businesses have experienced some sort of data breach. Considering the average total cost of a data breach is $3,500,000, you can see why it’s vital to prepare.


Cyber insurance is designed to cover the costs that HBO is dealing with right now

Here are some data breach expenses that HBO may have on its horizon:

  • Credit monitoring for all of its employees (they’ve already confirmed they’re doing this).
  • Cyber security contractor to investigate the source of the breach (this, too, is in progress).
  • Notifying people that they’ve been affected by the breach.
  • Defending any civil suits that are filed.
  • Responding to investigations, fines and penalties from state or federal regulators.
  • Public relations expenses.
  • Data restoration services for anything that could not be recovered.

These are all standard costs that could contribute to a multi-million dollar price tag at the end of the day. The good news is they can all be covered by the right cyber insurance policy!


Do I need to bend the knee to protect my company and myself?

Nope, just talk to us!  You can contact us at info@foundershield.com or create an account here in order to get a quote for a cyber insurance policy.

Want to read more on the subject?  Check out our other blog posts on cyber insurance.

Our friends at The Hartford also assembled a great infograph on the total consequence of a data breach.

Related Articles

Cybersecurity Data Breaches
November 9 • Cyber Liability

Top 10 Cybersecurity Data Breaches of 2023

Today’s digital landscape is frightening for business leaders. Here’s a glimpse into some of the most cringe-worthy data breaches in 2023 — plus, how to avoid them.

Cyber Insurance Pricing Trends
July 19 • Cyber Liability

Cyber Insurance Pricing Trends 2023

After a hard-hit 2022, let’s explore the lessons learned, what currently impacts the cyber market, and cyber insurance pricing trends to expect in the future.

Fintech Insurance Trends for 2023
June 22 • Thought Leadership

Fintech Insurance Trends for 2023 [Updated for 2024]

The fintech industry is undergoing massive changes, creating new challenges and risks. As a result, fintech insurance trends are responding. Let’s review 2023 what to expect from this market in 2024.

sec cracks down on crypto
June 20 • Thought Leadership

SEC Cracks Down on Crypto — What the Binance and Coinbase Lawsuits Mean for Risk Management

As the SEC cracks down on crypto, suing Coinbase and Binance, our experts chime in about the greater risk management implications on the industry. What can we expect for crypto regulations in the future?

multi factor authentication
January 24 • Cyber Liability

Securing Your Company With Multi-Factor Authentication: A Complete Guide

Cybersecurity is a priority for most company leaders, with multi-factor authentication spearheading the endeavor. Here’s how to make it a reality in your organization.

November 14 • Thought Leadership

Crypto Crash: FTX Files for Bankruptcy — Here’s What We Know

FTX filed for bankruptcy. SBF is in hot water. Investors and stakeholders are seeing red. Ponzi is now a four-letter word. What’s next? Let’s review this crypto crash through our risk management lens.