Cyber Risk Reality
We all have heard the stories about cyber-crimes, stolen information, and the sensational events after a breach where someone’s life has been turned on end from their identity being stolen. As individuals we need to do what we can to protect ourselves. That includes being smart about where we buy, who we entrust with our information, and monitoring of our statements to stop an identity theft before it progresses too far. We can also purchase affordably, a private service or insurance endorsement to pick up some of the expenses associated with identity theft. Plus, many of these options come with an expert on the subject to help navigate through such a crises.
But what are the risks for businesses that have been entrusted with private information? These stakes are much higher since you are now dealing with thousands of records, not just one. Not only is there potential loss of reputation and goodwill with your customers, there are huge probable financial costs. Simply notifying thousands of customers about the breach and providing subsequent credit monitoring can come with a hefty price tag. There can also be lawsuits brought by the victims for damages from their information being stolen in a breach, not to mention the fines by government agencies for failing to protect the information. Certain industries such as financial and health care institutions are held to an even higher standard through the HIPPA and FIPPA laws.
Many businesses fight back by implementing new equipment, processes and procedures to better protect private information entrusted to them. While the physical theft of PCs, PDAs, laptops, disks, and USB drives is obvious for security reasons, incidents of lost media related to poor tracking and misplacement, leave companies vulnerable to unauthorized access. Hackers, no longer just thrill seekers but highly capable computer experts, can perform such malicious activities including intellectual property theft, destruction of data, sabotage and theft of an organization’s system resources. Data released accidentally via the Internet through an organization’s web site or email as well as discarding equipment without properly removing all traces of non-public information can also facilitate a breach. Liability related to slander, libel and infringement of intellectual property rights could leave an organization facing critical financial concerns.
The less obvious but more common vulnerability actually comes from inside your organization, and sophisticated solutions can’t stop them. Consider, for example, the salesman who leaves his computer for the night with his password enabled. The cleaning service person sees it, accesses the system and sells the info to a buddy who hacks into the corporate system. Or think about the office receptionist who takes a call asking for the technology manager’s name and email address. The person on the other end of the line, now with a legitimate company name and email address, sends a request to another employee in the department for the password they forgot under a spoofed email that appears to be coming from the technology manager. Both scenarios, seemingly innocent at the source, could lead to serious hacks that can cost a business not only a lot of money but could potentially ruin corporate reputation, reliability, and trust.
Software and equipment solutions are constantly evolving as hacking techniques become more complex. What can a business do before a fool-proof solution to cyber-crimes is found? There are a vast number of new cyber security insurance products available that not only let you transfer the financial uncertainty associated with a breach of data, but many also come with access to emergency response experts. The three primary components of this type of coverage are Emergency Response Expense, Cyber Liability, and Expert Support in the event of a breach.
If you have done everything to prevent a data breach by taking the proper precautions with equipment and policies, it might be time to contact your Arthur Hall Insurance professional to learn more about the many options now available for the uncertainty that comes with a cyber-breach or identity theft.