Report finds Sony Pictures’ cyber insurance will likely be drained (blog)

By Chad Hemenway on December 16, 2014

SonySenior staff writer Steve Ragan at CSO has apparently dug into the leaked Sony Pictures Entertainment documents and found evidence that the company “has upwards of $60 million in cyber insurance coverage after consolidating coverage with Sony Corporation America.”

A freelance IT contractor before finding a career in journalism, Ragan looks to have found (and has included images of) the policy and email communication outlining Sony Pictures’ search for cyber coverage after it was hacked in 2011.

At the advice of broker Marsh, Sony Pictures joined a one-year AIG CyberEdge policy with Sony Corp. of America starting April 1, 2014, Ragan says in his column, Salted Hash.

“The problem is, most of the cyber insurance experts that spoke with Salted Hash, feel that $60 million isn’t enough for a company Sony’s size, and they’re not alone,” Ragan wrote.

READ: Breach insurance might not cover losses at Sony Pictures


Much has been written about the letter from Davis Boise of law firm Boise Schiller & Flexner on behalf of Sony Pictures to journalists. It sternly requests that reporters stop using leaked Sony documents in stories and destroy copies of leaked documents.

Many journalists, like the well-known Brian Krebs of KrebsOnSecurity, have risen in defiance against such a request. Reporters typically don’t like being told what to do.

But some media outlets have likened the usage of the recently stolen Sony documents to the recently hacked and published nude photos of many celebrities. Most of the media railed against the publication of these photos as a clear violation of privacy.

We’re all hypocrites and my hypocrisy does not run deep enough to deny myself a look at some of the many entertainment stories generated by the incredibly massive amount of files leaked by whatever person or group from whatever country broke into Sony’s computer systems.

But is the public any more well-informed by the publication of personal, stolen emails from Sony executives and employees–no matter how juicy? Is the use of the these documents even by researchers and journalists with higher objectives any more ethical? Do we have the right to know what people say to one another or send to one another under an umbrella of an expectation of privacy? Or do folks have a naïve expectation of privacy to begin with?

My inclusion in these conversations and my reactions to the opinion pieces and blogs has been mixed. I admit, I am swayed equally by arguments from either side. Nevertheless, this is an excellent debate and one worth having if these types of breaches are to be a regular unwelcomed guest in our society.

But to me, it has thus far been very interesting to note the backlash against one and the acceptance of another type of “violation of privacy.” Have we somehow crafted a violation of privacy scale?

Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or