The news headlines are filled with stories about high profile cyber breaches. Recent examples include Yahoo, the Democratic National Committee (DNC), and the World Anti-Doping Agency (WADA). These high profile cases can affect very large number of customers (Yahoo) or sensitive information (DNC emails, WADA test results). Most businesses do not have the public profile of these three victims but the threat to small and mid-sized businesses is very real. According to Symantec, 43% of cyber attacks target small businesses.
The potential cyber exposure can take on many forms. Hacking and stealing sensitive information is one common and well documented cause. Other causes can include theft of a laptop or cell phone, careless disposal of paper records, and theft / vandalism by a disgruntled or former employee. Medical records are one of the more sought after targets by cyber criminals. Other types of Personally Identifiable Information (PII) that must be legally protected include drivers’ licenses, credit card numbers, birth dates, court records, banking records and email addresses. Social Engineering theft where outside party tries to mimic a manager in order to obtained wired funds is another common criminal tactic.
Relying on a third party such as cloud storage firm or credit card processing service does not insulate you from cyber exposure. Contracts with these providers will favor the bank or servicing firm. In fact, a merchant responsible for a breach might be contractually liable for damages incurred by the bank or processor.
Limiting your exposure to a cyber breach starts with good internal controls and employee training. Keeping your software and firewall up to date are also important risk management strategies. According to the Ponemon Institute, the causes for breaches involve human error (23%), system glitch (27%) and malicious or criminal act (50%).
The Department of Homeland Security has made October the National Cyber Security Awareness Month. You can find a number of articles regarding various cyber issues on their website at https://www.dhs.gov/national-cyber-security-awareness-month. A data breach calculator can be found at http://www.ibmcostofdatabreach.com/.
Cyber Risk insurance is now widely available and affordable. This type of insurance can be written to defend against litigation resulting from a breach as well as providing coverages for incurred expenses such as notification of impacted individuals, credit monitoring, business interruption, theft and extortion. Please contact us if you would like to learn more about this insurance or if you would like to obtain pricing for this coverage.