Sony's Insurers to Help Foot Bill for Data Breach

Sony is looking to its insurers to help cover the cost of cleaning up a data breach that exposed the names of more than 100 million customers, an amount that one expert estimates could exceed $2 billion.

"We have a variety of types of insurance that cover damages. Certain carriers have been put on notice," a Sony Corp spokesman said in response to an inquiry from Reuters.

Larry Ponemon, chairman and founder of the Ponemon Institute, estimates that notifying Sony's customers and cleaning up the breach will cost about $20 per person, or more than $2 billion. Ponemon is a consulting firm that specializes in research on data breaches and security issues.

Ponemon said that was a conservative estimate because some 12.3 million credit card numbers may have been compromised in the hack. And replacing a credit card costs considerably more than $20.

"It's likely to be more expensive because credit data is involved," Ponemon said. "We call credit card numbers 'crown-jewel' data."

The Sony spokesman declined to name the insurers or say whether there was a cap on the size of the payout that they would make to Sony.

Insurance experts said that the liability on Sony's policy was likely spread among several insurers.

It was not clear whether Sony was insured for the full cost of the cleanup, which involved hiring at least three firms to investigate the matter. Sony has yet to restore service on its PlayStation and gaming networks.

"They are not going to be completely unscathed," said Etti Baranoff, professor of insurance at Virginia Commonwealth University. "No matter what, their insurance rates are going to go up."

She added that the insurers are likely involved in cleaning up Sony's network.