TLDR:

Key Points:

• Sophos survey finds cyber insurance does not fully cover recovery costs after a breach.
• U.S. Supreme Court rules against lawsuit targeting federal efforts to combat disinformation.
• Polyfill.io domain hijacked affecting 100,000 websites, injecting malicious code.

Breach Roundup: Cyber Insurance Doesn’t Cover Breach Costs

Every week, Information Security Media Group reports on cybersecurity incidents worldwide, covering a range of breaches and incidents. This week, key highlights include:

Nine in 10 companies with cyber insurance coverage report that their post-incident reimbursement falls short of recovery costs. This was revealed in a survey conducted by Sophos among 5,000 IT and cybersecurity professionals. A majority indicated that their costs exceeded policy limits, insurers refused to reimburse pre-approved costs, and some costs were not covered by the policy.

The U.S. Supreme Court ruled against a lawsuit aimed at federal efforts to push social media companies to combat disinformation. The court found that the plaintiffs lacked standing to sue following coercive tactics by federal agencies, such as the Surgeon General’s Office, aimed at pressuring platforms to remove user content related to COVID-19 and election integrity.

More than 100,000 websites were affected by a supply chain attack on the cdn.polyfill.io domain. The domain was recently acquired by a Chinese CDN company and injected with malicious code redirecting users to harmful sites. Domain registrant Namecheap took down the domain, effectively ending the threat.