The History of Stock Quotes

The History of Stock Quotes

In honor of all the fervor around Bitcoin, we thought it would be fun to revisit the role finance has had in the history of technology even before the Internet came around. This was adapted from a post which originally appeared on the Eager blog.

On 10th of April 1814, almost one hundred thousand troops fought the battle of Toulouse in Southern France. The war had ended on April 6th. Messengers delivering news of Napoleon Is abdication and the end of the war wouldn’t reach Toulouse until April 12th.

The issue was not the lack of a rapid communication system in France, it just hadn’t expanded far enough yet. France had an elaborate semaphore system. Arranged all around the French countryside were buildings with mechanical flags which could be rotated to transmit specific characters to the next station in line. When the following station showed the same flag positions as this one, you knew the letter was acknowledged, and you could show the next character. This system allowed roughly one character to be transmitted per minute, with the start of a message moving down the line at almost 900 miles per hour. It wouldn’t expand to Toulouse until 1834 however, twenty years after the Napoleonic battle.

The History of Stock Quotes
Cappy Telegraph System

Stocks and Trades

It’s should be no secret that money motivates. Stock trading presents one of the most obvious uses of fast long-distance communication. If you can find out about a ship sinking or a higher than expected earnings call before other traders, you can buy or sell the right stocks and make a fortune.

In France, it was strictly forbidden to use the semaphore system for anything other than government business however. Being such a public method of communication, it wasn’t really possible for an enterprising investor to ‘slip in’ a message without discovery. The ‘Blanc brothers’ figured out one method however. They discovered they could bribe the operator to include one extra bit of information, the “Error – cancel last transmitted symbol” control character with a message. If an operative spotted that symbol, they knew it was time to buy.

Semaphore had several advantages over an electric telegraph. For one, there were no lines to cut, making it easier to defend during war. Ultimately though, its slow speed, need for stations every ten miles or so, and complete worthlessness at night and in bad weather made its time on this earth limited.

Thirty-Six Days Out of London

Ships crossing the Atlantic were never particularly fast. We American’s didn’t learn of the end of our own revolution at the Treaty of Versailles until October 22nd, almost two months after it had been signed. The news came from a ship “thirty-six days out of london”.

Anyone who could move faster could make money. At the end of the American Civil War, Jim Fisk chartered high speed ships to speed to London and short Confederate Bonds before the news could reach the British market. He made a fortune.

It wasn’t long before high speed clipper ships were making the trip with mail and news in twelve or thirteen days regularly. Even then though, there was fierce competition among newspapers to get the information first. New York newspapers like the Herald and the Tribune banded together to form the New York Associated Press (now known just as the Associated Press) to pay for a boat to meet these ships 50 miles off shore. The latest headlines were sent back to shore via pigeon or the growing telegraph system.

The Gold Indicator

The History of Stock Quotes

Most of the technology used by the morse code telegraph system was built to satisfy the demands of the finance industry.

The first financial indicator was a pointer which sat above the gold exchange in New York. In our era of complex technology, the pointer system has the refreshing quality of being very simple. An operator in the exchange had a button which turned a motor. The longer he held the button down, the further the motor spun, changing the indication. This system had no explicit source of ‘feedback’, beyond the operator watching the indicator and letting go of his button when it looked right.

Soon, other exchanges were clamoring for a similar indicator. Their motors were wired to those of the Gold Exchange. This did not form a particularly reliable system. Numerous boys had to run from site to site, resetting the indicators when they came out of sync from that at the Gold Exchange.

The Ticker Tape

I am crushed for want of means. My stockings all want to see my mother, and my hat is hoary from age.

— Samuel Morse, in his diary

This same technology formed the basis for the original ticker tape machines. A printing telegraph from this era communicated using a system of pulses over a wire. Each pulse would move the print head one ‘step’ on a racheting wheel. Each step would align a different character with the paper to be printed on. A longer pulse over the wire would energize an electromagnet enough to stamp the paper into the print head. Missing a single pulse though would send the printer out of alignment creating a 19th century version of Mojibake.

It was Thomas Edison who invented the ‘automatic rewinder’, which allowed the machines to be synchronized remotely. The first system used a screw drive. If you moved the print head through three full revolutions without printing anything, you would reach the end of the screw and it would stop actually rotating at a known character, aligning the printers. Printing an actual character would reset the screw. A later system of Edisons used the polarity of the wire to reset the system. If you flipped the polarity on the wire, switching negative and positive, the head would continue to turn in response to pulses, but it would stop at a predefined character, allowing you to ‘reset’ any of the printers which may have come out of alignment. This was actually a big enough problem that there is an entire US Patent Classification devoted to ‘Union Devices’ (178/41).

It will therefore be understood from the above explanation that the impression of any given character upon the type-wheel may be produced upon the paper by an operator stations at a distant point, … simply by transmitting the proper number of electrical impulses of short duration by means of a properly-constructed circuit-breaker, which will cause the type-wheel to revolve without sensibly affecting the impression device. When the desired character is brought opposite the impression-lever the duration of the final current is prolonged, and the electro-magnet becomes fully magnetized, and therefore an impression of the letter or character upon the paper is produced.

— Thomas A. Edison, Patent for the Printing Telegraph 1870

Ticker tape machines used their own vocabulary:

IBM 4S 651/4  

Meant 400 shares of IBM had just been sold for $65.25 per share (stocks were priced using fractions, not decimal numbers).

Ticker tape machines delivered a continuous stream of quotes while the market was open. The great accumulation of used ticker tape led to the famous ‘Ticker Tape parades’, where thousands of pounds of the tape would be thrown from windows on Wall Street. Today we still have ticker tape parades, but not the tape itself, the paper is bought specifically to be thrown out the window.

Trans-Lux

What’s the best way to share the stock ticker tape with a room full of traders? The early solution was a chalkboard where relevant stock trades could be written and updated throughout the day. Men were also employed to read the ticker and remember the numbers, ready to recall the most recent prices when asked.

A better solution came from the Trans-Lux company in 1939 however. They devised a printer which would print on translucent paper. The numbers could then be projected onto a screen from the rear, creating the first large stock ticker everyone could read.

The History of Stock Quotes
Trans-lux Projection Stock Ticker

This was improved through the creation of the Trans-Lux Jet. The Jet was a continuous tape composed of flippable cards. One side of each card was a bright color while the other was black. As each card passed by a row of electrically-controlled pneumatic jets, some were flipped, writing out a message which would pass along the display just as modern stock tickers do. The system would be controlled using a shift register which would read in the stock quotes and translate them into pneumatic pulses.

The Quotron

The key issue with a stock ticker is you have to be around when a trade of stock you care about is printed. If you miss it, you have to search back through hundreds of feet of tape to get the most recent price. If you couldn’t find the price, the next best option was a call to the trading floor in New York. What traders needed was a way of looking up the most recent quote for any given stock.

In 1960 Jack Scantlin released the Quotron, the first computerized solution. Each brokerage office would become host to a Quotron ‘master unit’, which was a reasonably sized ‘computer’ equipped with a magnetic tape write head and a separate magnetic tape read head. The tape would continually feed while the market was open, the write head keeping track of the current stock trades coming in over the stock ticker lines. When it was time to read a stock value, the tape would be unspooled between the two heads falling into a bucket. This would allow the read head to find the latest value of the stock even as the write head continued to store trades.

The History of Stock Quotes
Quotron Keypad

Each desk would be equipped with a keypad / printer combination unit which allowed a trader to enter a stock symbol and have the latest quote print onto a slip of paper. A printer was used because electronic displays were too expensive. In the words of engineer Howard Beckwith:

We considered video displays, but the electronics to form characters was too expensive then. I also considered the “Charactron tube” developed by Convair in San Diego that I had used at another company . . . but this also was too expensive, so we looked at the possibility of developing our own printer. As I remember it, I had run across the paper we used in the printer through a project at Electronic Control Systems where I worked prior to joining Scantlin. The paper came in widths of about six inches, and had to be sliced . . . I know Jack Scantlin and I spent hours in the classified and other directories and on the phone finding plastic for the tape tank, motors to drive the tape, pushbuttons, someone to make the desk unit case, and some company that would slice the tape. After we proved the paper could be exposed with a Xenon flash tube, we set out to devise a way to project the image of characters chosen by binary numbers stored in the shift register. The next Monday morning Jack came in with the idea of the print wheel, which worked beautifully.

The master ‘computer’ in each office was primitive by our standards. For one, it didn’t include a microprocessor. It was a hardwired combination of a shift register and some comparison and control logic. The desk units were connected with a 52-wire cable, giving each button on each unit its own wire. This was necessary because they units contained no logic themselves, their printing and button handling logic is all handled in the master computer.

When a broker in the office selected an exchange, entered a stock symbol, and requested a last price on his desk unit, the symbol would be stored in relays in the master unit, and the playback sprocket would begin driving the tape backwards over a read head at about ten feet per second, dumping the tape into the bin between the two heads (market data would continue to be recorded during the read operation). The tape data from the tracks for the selected exchange would be read into a shift register, and when the desired stock symbol was recognized, the register contents would be “frozen,” and the symbol and price would be shifted out and printed on the desk unit.

Only a single broker could use the system at a time:

If no desk units were in use, the master unit supplied power to all desk units in the office, and the exchange buttons on each unit were lit. When any broker pressed a lit button, the master unit disconnected the other desk units, and waited for the request from the selected desk unit. The desk unit buttons were directly connected to the master unit via the cable, and the master unit contained the logic to decode the request. It would then search the tape, as described above, and when it had an answer ready, would start the desk unit paper drive motor, count clock pulses from the desk unit (starting, for each character, when it detected an extra-large, beginning-of-wheel gap between pulses), and transmit a signal to operate the desk unit flash tube at the right time to print each character.

Ultronics

The Quotron system provided a vast improvement over a chalk board, but it was far from perfect. For one, it was limited to the information available over the ticker tape lines, which didn’t include information like the stocks volume, earnings, and dividends. A challenger named Ultronics created a system which used a similar hardwired digital computer, but with a drum memory rather than a magnetic tape.

The History of Stock Quotes
Drum Memory

The logic was advanced enough to allow the system to calculate volume, high and low for each stock as the data was stored. Rather than store one of these expensive memory units in every brokerage, Ultronics had centralized locations around the US which were connected to brokerages and each other using 1000 bps Dataphone lines.

This system notably used a form of packet addressing, possibly for the first time ever. When each stock quote was returned it included the address of the terminal which had made the request. That terminal was able to identify the responses meant for it based on that address, allowing all the terminals to be connected to the same line.

Quotron II

At one time during system checkout we had a very elusive problem which we couldn’t pin down. In looking over the programs, we realized that the symptoms we were seeing could occur if an unconditional jump instruction failed to jump. We therefore asked CDC whether they had any indication that that instruction occasionally misbehaved. The reply was, “Oh, no. That’s one of the more reliable instructions,” This was our first indication that commands could be ordered by reliability.

— Montgomery Phister, Jr. 1989

Facing competition from the Ultronics quote computers, it was time for Jack Scantlin’s team to create something even more powerful. What they created was the Quotron II. The Quotron II was powered by magnetic core memory, an early form of random-access memory which allowed them to read and store any stock’s value in any order. Unfortunately there wasn’t actually enough memory. They had 24K of memory to store 3000 securities.

One stock sold for over $1000; some securities traded in 32nds of a dollar; the prices to be stored included the previous day’s close, and the day’s open, high, low, and last, together with the total number of shares traded-the volume. Clearly we’d need 15 bits for each price (ten for the $1000, five for the 32nds), or 75 bits for the five prices alone. Then we’d need another 20 for a four-letter stock symbol, and at least another 12 for the volume. That added up to 107 bits (nine words per stock, or 27,000 words for 3000 stocks) in a format that didn’t fit conveniently into 12-bit words.

Their solution was to store most of the stocks in a compressed format. Each stocks previous closing price was stored in 11 bits, and store the other four values as six bit increments from that number. Any stocks priced over $256, stocks which used fractions smaller than eighths, and too large increments, were stored in a separate overflow memory area.

The Quotron II system was connected to several remote sites using eight Dataphone lines which provided a total bandwidth of 16 kbps.

The fundamental system worked by having one 160A computer read stock prices from a punch tape (using about 5000 feet of tape a day) into the common memory. A second 160A responded to quote requests over the Dataphone lines. The remote offices were connected to bankers office using teletype lines which could transmit up to 100 words-per-minute where a device would forward the messages to the requesting terminal.

It’s somewhat comforting to learn that hack solutions are nothing new:

Once the system was in operation, we had our share of troubles. One mysterious system failure had the effect of cutting off service to all customers in the St. Louis area. Investigation revealed that something was occasionally turning off some 160A memory bits which enabled service to that region. The problem was “solved” for a time by installing a patch which periodically reinstated those bits, just in case.

The system was also notable for introducing the +/- tick to represent if a stock had gone up or down since the last trade. It also added some helpful calculated quantities such as the average price change of all NYSE stocks.

The story of Quotron II showcases the value of preparing for things to go wrong even if you’re not exactly sure how they will, and graceful degradation:

Jack Scantlin was worried about this situation, and had installed a feature in the Quotron program which discarded these common-memory programs, thus making more room for exceptions, when the market went haywire. On the day President Kennedy was assassinated, Jack remembers sitting in his office in Los Angeles watching features disappear until brokers could get nothing but last prices.

Those of us who worked on Quotron II didn’t use today’s labels. Multiprogramming, multiprocessor, packet, timesharing-we didn’t think in those terms, and most of us had never even heard them. But we did believe we were breaking new ground; and, as I mentioned earlier, it was that conviction more than any other factor that made the work fascinating, and the time fly.

It’s valuable to remember that as easy as this system might be to create with modern technology, it was a tremendous challenge at the time. “Most of us lived Quotron 12 to 14 hour days, six and a half days a week; but the weeks flew by, and before we turned around twice, five years were gone…”

NASDAQ

Anyone who has ever been involved with the demonstration of an on-line process knows what happens next. With everyone crowded around to watch, the previously infallible gear or program begins to fall apart with a spectacular display of recalcitrance. Well so it went. We set the stage, everyone held their breath, and then the first query we keyed in proceeded to pull down the whole software structure.

The History of Stock Quotes
NASDAQ Terminal

Feeling pressure from the SEC to link all the nation’s securities markets, the National Association of Securities Dealers decided to build an ‘automated quotation service’ for their stocks. Unlike a stock ticker, which provides the price of the last trade of a stock, the purpose of the NASDAQ system was to allow traders to advertise the prices they would accept to other traders. This was extremely valuable, as before the creation of this system, it was left to each trader to strike a deal with their fellow stock brokers, a very different system than the roughly ‘single-price-for-all’ system we have today.

The NASDAQ system was powered by two Univac 1108 computers for redundancy. The central system in Connecticut was connected to regional centers in Atlanta, Chicago, New York and San Francisco where requests were aggregated and disseminated. As of December 1975 there was 20,000 miles of dedicated telephone lines connecting the regional centers to 642 brokerage offices.

Each NASDAQ terminal was composed of a CRT screen and dedicated keyboard. A request for a stock would return the currently available bid and ask price of each ‘market maker’ around the country. The market makers where the centers where stock purchases were aggregated and a price set. The trader could quickly see where the best price was available, and call the market maker to execute his trade. Similarly, the market makers could use the terminal units to update their quotations and transmit the latest values. This type of detailed ‘per-market-maker’ information is actually still a part of the NASDAQ system, but it’s only accessible to paying members.

One thing this system didn’t do is support trading via computer, without calling the money maker on the phone (the AQ in NASDAQ actually stands for ‘Automated Quotations’, no stock purchasing capability was originally intended). This became a problem on Black Monday in 1987 when the stock market lost almost a quarter of its value in a single day. During the collapse, many money makers couldn’t keep up with the selling demand, leaving many small investors facing big loses with no way to sell.

In response the NASDAQ created the Small Order Execution System which allowed small orders of a thousand shares or less to be traded automatically. The theory was these small trades didn’t require the man-to-man blustering and bargaining which was necessary for large-scale trading. Eventually this was phased out, in favor of the nearly all computerized trading based system we have today.

Now

Today over three trillion dollars worth of stocks are traded every month on computerized stock exchanges. The stocks being traded represent over forty billion dollars worth of corporate value. With the right credentials and backing it’s possible to gain or lose billions of dollars in minutes.

These markets make it possible for both the average citizen and billion dollar funds to invest in thousands of companies. In turn, it allows those companies to raise the money they need to (hopefully) grow.

 

Our next post in this series is on the history of digital communication before the Internet came along. Subscribe to be notified of its release.

Netflix and no chill: a new phishing attempt

Netflix users are suffering from yet another batch of phishing emails.  They get emails that look legit and ask them to enter personal information into the website.

Attempts to phish Netflix users are pretty common. The emails appear, sometimes get into the headlines. Then they go through a makeover: a redesign to evade spam folder and other defensive filters. And later on, they reappear again.

It is the same with gaming platforms (Steam, Blizzard) or banks. 

What are phishing attempts trying to make you do?

They ask you to go to a website, enter your details (name, surname, credit card, social security number) and submit the form, so that your details would get into hands of the phisher.

These massive campaigns are impressive in numbers: they can reach 1, 10 or even 100 million users. The recent Netflix phishing attempt targeted 110 million users. This attack was personalized and it looked just like legit Netflix informational email. 

What are the goals of scammers that send out such campaigns?

They don’t need all users to get hooked on this. If they catch 0.1% of all people that got this email, they are looking at details of 110 000 users. And that’s a lot. Even 0.01% is a lot. And though defensive filters won’t allow most of such emails get through, other users will ignore it; there will be that part of people that might agree to give their private details to phishers.

How to protect yourself from Netflix phishing attempts?

  • First of all: check the sender. The sender’s email address might look legit, but it is not. Look carefully.
  • Hover your mouse pointer over the link. Check the link where you are forwarded to enter your credit card and other details by hovering over your mouse pointer or looking at the source and details of sent email. Is it really legit? 
  • Don’t click on any links that come with some powerful statement like “Your account might be compromised.” Open your browser, go to the webpage and put in your account details yourself. In case of Netflix, go to netflix.com, enter your username and password, and if you need to take any action, you will be notified.
  • Get CUJO. We are working hard to keep up to date with most recent phishing attempts, block them seconds after such campaign starts and before it gets wild.

Read more about protecting yourself from phishing attempts in our older post.

Yahoo, Deloitte and Equifax: new developments in the old stories

Cybersecurity breaches are getting so common that you start to get numb. But it’s a must to keep up with the older stories and see how they unveil. After all, this is how a precedent is formed in a legal sense, and a lesson is learned on a personal level.

Today I wanted to talk about the aftermath of the data breaches in Yahoo, Deloitte, and Equifax. What’s the current status?

 

Yahoo leak affects 3 billion users after all

In 2013 Yahoo announced that it’s been hacked and around a billion of users’ private data was leaked. In 2017 Verizon closed its acquisition of Yahoo and made it public that announcement, made 4 years ago, might not have been absolutely true.

Today it’s clear that all 3 billion of user accounts data was leaked, including names, addresses, phone numbers, password hashes etc. Yahoo was being made fun of in the forums with users stating that they were using Yahoo accounts only for spam emails and there is no big deal if some hackers saw the huge amount of online gaming news.

If you had Yahoo account, there are a few things to consider:

  • If you have created Yahoo account before August 2013, think about credential stuffing. If you use the same password as in Yahoo account from 2013, you must change it. Don’t reuse it on other platforms.
  • If you created Yahoo account after 2013 August, there is a big chance that your credentials are safe. However, having in mind non-disclosed details about this breach, one might not be so sure anymore. For the sake of protection, implement a proper password hygiene and change passwords (or enable 2FA where it is possible) periodically.

Read more about proper password hygiene here.

Deloitte takes the heat for exposing private data from businesses

There are still lots of unknown variables in this equation, however, one more giant company has been hit by a cyber attack. According to The Guardian, one of the four biggest accountancy firms, and one of the largest US private firms Deloitte has been experiencing cybersecurity attacks for months.

Apart from tax consultancy and other areas of interest, Deloitte was also covering high-end cybersecurity consulting. It could mean that the attack has not been a “low-level intrusion.”

It seems that only after these events (sources show that attack might have started in November 2016), two-factor authentication has been introduced as one of the security measures in the company. By abusing administrator’s account (or elevating privileges), intruders managed to get access to clients’ emails, some of them with highly sensitive details. And even more sensitive data could’ve been exposed: business information, usernames, passwords, worker’s health records etc.

Deloitte has been investigating breach which could’ve led to 5 million emails being exposed since March 2017. While we are still waiting for more details about this, one thing is for sure: it’s a huge blow to Deloitte’s reputation.

 

Equifax breach just keeps on rolling

The breach shook up the entire country: half of all American adult population was affected. Right now we know that Equifax cannot do proper cybersecurity AND count: they announced that 2.5 million more people were possibly in danger of identity theft than officially announced. 

What else? Well, creating havoc to half of a country apparently can work out well. It’s quite possible that the company can expect to get additional revenue from opting in the credit monitoring service that’s supposed to protect people who got their data stolen.

Of course, that’s not the only questionable fact that happened after the breach. For instance, the IRS gave Equifax a 7.25 million contract. And by “gave” I mean exactly that – Equifax was the sole bidder. Talk about having a pie and eating it too.

I cannot even start talking about ex-CEO blaming a single person for not patching properly. Cybersecurity must be a company-wide system, complete with the education of all employees and a team effort. It cannot be implemented if discussed once in a quarter or if your admin passwords are “admin, admin”.

How could this and other similar hacks be avoided?

Next week we will share an article about key cybersecurity practices for businesses.

Stay tuned and stay safe!


We just reached 600+ reviews on Amazon. Very proud to have 4.5 stars – take a look!

Cyber Insurance: Should You Get It?

You have probably noticed the gradual increase in the number of ads over the past two years selling “cyber insurance,” or insurance that covers a hack. The market for this kind of insurance has been growing.

According to a 2017 Deloitte report on cyber insurance, the market is currently $1.5 to $3 billion dollars in the United States and will grow to over $20 billion by 2025. In our opinion, that is a conservative estimate which should be higher, based on the growth and size of breaches we have been seeing.

In a May 2017 survey from the Council of Insurance Agents and Brokers, only 32% of US businesses had some type of cyber insurance. Many of those do not have full coverage.

As a courtesy to our customers, we are going to briefly discuss the current state of cyber insurance and provide some data and a few anecdotes to help you make a decision on whether to purchase coverage. I have included sources at the end of this post.

Wordfence and our team do not sell cyber insurance. This is report is informational and as a courtesy to our customers.

Cyber Insurance Overview

Cyber insurance is a relatively new market, and it is challenging for both customers and for insurers.

The challenge for insurers is that they do not have much historical data they can use to price risk. In addition, they face the problem that cyber attacks keep evolving. There also is a risk that insurers will have to pay out for a large number of breaches simultaneously. Insurers may have difficulty understanding what to cover in a highly technical and rapidly evolving field.

Buyers of insurance, who are mostly non-technical, may have trouble understanding risks and their insurance options. Buyers may also find that the risks associated with a cyber breach cover a wide range of policy types. Policies lack standardization, and most countries lack a body of legal precedent to help predict outcomes when there is a dispute.

Some of the kinds of loss a company may experience during a cyber breach are:

  • Direct monetary loss through electronic theft.
  • Losses due to extortion from DDoS blackmail or ransomware.
  • Costs of mitigating and investigating the incident.
  • Losses due to downtime.
  • Losses from damage to data and systems, and the costs associated with restoring systems back to normal.
  • Costs of remediation, including the cost to improve security and prevent a similar breach going forward.
  • The cost of customer breach notification, including legal costs and public relations.
  • Expenses of customer compensation, including credit monitoring, service-level agreement penalties, refunds and contractual breaches.
  • Costs of liability associated with the breach, including legal costs.

Policies to cover such diverse risks are complex, which presents a challenge to insurers who have trouble pricing the risk, and a challenge to consumers who could have trouble understanding the coverage.

Cyber Insurance Policies Don’t Always Pay

The past few years have seen several high-profile examples of cyber insurers refusing to pay out, and the issue has usually ended up in court.

Insurer Does Not Cover BitPay’s Theft of $1.8M in BitCoin

Bitcoin payment processor BitPay had purchased cyber insurance from Massachusetts Bay Insurance Company (MBIC). In December 2014, they were hacked when an attacker spearphished their Chief Financial Officer.

The attacker used the hacked email account to spoof emails to the CEO and tricked BitPay into transferring 5000 bitcoins into their wallet. The bitcoins were worth $1,850,000, and they were transferred in three separate transactions over two days.

MBC did not pay out on BitPay’s cyber insurance policy, so BitPay sued MBC. In court documents, MBC claimed:

The Policy requires that the loss of money be the direct result of the use of any computer to fraudulently cause a transfer of that property from inside the premises to a person or place outside the premises. “Direct” means without any intervening step i.e. without any intruding or diverting factor. The Computer Fraud Insuring Agreement is only triggered by situations where an unauthorized user hacks into or gains unauthorized access into your computer system and uses that access to fraudulently cause a transfer of Money to an outside person or place. The facts as presented do not support a direct loss since there was not a hacking or unauthorized entry into Bitpay’s computer system fraudulently causing a transfer of Money. Instead, the computer system of David Bailey, Bitpay’s business partner, was compromised resulting in fictitious emails being received by Bitpay. The Policy does not afford coverage for indirect losses caused by a hacking into the computer system of someone other than the insured.

The dispute was settled in May of last year, two years later. The terms were not disclosed.

Cyber Breach Costs P.F. Chang’s $1.9 Million in Assessments. Insurer Doesn’t Pay.

In 2014, Federal Insurance Company, a division of Chubb, sold a policy to P.F. Chang’s parent company that they said was “a flexible insurance solution designed by cyber risk experts to address the full breadth of risks associated with doing business in today’s technology dependent world.”

In June 2014, hackers stole 60,000 customer credit card numbers from P.F. Chang’s point-of-sale system and posted them on the Internet.

Federal paid P.F. Chang’s more than $1.7 million for losses associated with the breach. They did not pay out on an additional $1.9 million in fees and assessments imposed by MasterCard.

P.F. Chang’s sued Federal to recover the assessment charges. They lost – and are currently appealing that ruling.

Should You Buy Cyber Insurance?

Cyber insurance is a new product for the insurance industry in a field that is rapidly evolving. It presents unique challenges for buyers and insurers.

As a small company, your best approach is to avoid a breach in the first place. That means investing in systems that secure your applications and networks, and investing in people and services to support those systems.

For example, if you use WordPress as a publishing platform, investing in a firewall like Wordfence Premium can dramatically reduce the risk of a breach. You can also have our team perform a security audit on all your WordPress installations to further reduce risk.

If you are a small business with a low budget, cyber breach insurance may not be for you at this time, because it may simply be too complex or expensive. As the industry matures, products will become more reasonably priced as insurers can price risk better.

If you are considering cyber insurance, we recommend the following:

  • Use a reputable insurer who has been in the cyber insurance industry for several years. The industry is new, so a history of three to five years may be enough. If your insurer entered the market within the past few months, you may be helping them iron out bugs in their product.
  • Gain a clear understanding of exactly what the insurance policy covers. Check our list of possible costs associated with a breach in this post for reference (above).
  • Chat with your insurer and talk through breach scenarios with them to clearly understand what is covered and what is not. Make sure your insurance contract agrees with the answers you get from your insurer.
  • Check if your insurer has any history of not paying claims. Search Google News.
  • Review your cyber insurance policy every six months. Make sure you still have the coverage you need and that your organization has not rolled out new technology that is not covered.
  • During your semi-annual review, make sure new attack types are covered by your policy.
  • Ensure that you are fully aware of your obligations. Your insurer will require that you implement policies, procedures and technologies to remain covered. If you do not comply with these contractual obligations, you will no longer be covered. Ensure you are in compliance.

Conclusion and Sources

While this post is not directly related to WordPress security, I wanted to share our thoughts on cyber insurance because it is an emerging field that our small business customers will want to keep abreast of.

I used several sources for this post. They were:

As always, we welcome you to share your thoughts and experiences regarding cyber insurance in the comments below.

Mark Maunder – Wordfence Founder/CEO

The post Cyber Insurance: Should You Get It? appeared first on Wordfence.

Top

Fresh View Partners