Data breaches and other cyber-related exposures are steadily on the rise, despite heightened security measures implemented by companies and government agencies around the world.
According to an article in the December issue of Claims Magazine, the Identity Theft Resource Center (ITRC) has recorded more than 620 data breaches in the United States so far this year, resulting in 176 million records being exposed. Three of the largest data breaches on record have occurred in 2015, including to healthcare provider Anthem, social website AshleyMadison.com, and the federal Office of Personnel Management.
The tangible and intangible costs associated with this kind of breach can be rather significant and affect a business’ ability to survive in the long term. The 2015 NetDiligence Cyber Claims study estimated that the average cyber-related insurance claim amounted to almost $700K.
As technology continues to advance at an astonishing rate, cyber threats to companies are expected to increase exponentially. In order to best prepare for such an eventuality, a company’s management team should consider the different possible cyber-related exposures:
- As businesses become more automated and dependent on computers, software, and the Internet to manage their industrial control systems, managers of critical infrastructure operations need to consider and evaluate the potential impact that a cyber attack could have.
- A company must assess its financial status and ability to survive should a breach occur, and ultimately decide whether to secure cyber insurance.
- Even with excellent cybersecurity measures and dedicated IT resources 100 percent prevention is impossible. Working to mitigate the losses after a cyber incident may be a prudent course of action.
- If a data breach is discovered, a company may have to comply with multiple federal and state privacy laws that require private or government agencies to notify potentially affected individuals. Companies should make sure to ensure adequate insurance coverage to help pay for breach-related expenses.
Most companies stand to benefit when they prepare a cyber strategy before a claim occurs by doing the following:
- Identifying what assets need to be protected.
- Establishing a plan of action and identifying measures to help protect these assets.
- Leveraging the services of a skilled service provider—a breach coach (typically an external legal counselor) or a data breach resolution service.
- Developing and distributing a cyber emergency response plan, as well as training all employees and turning the response plan into a protocol.
Being prepared for a cyber incident goes beyond developing a cyber strategy. It should also include consideration of a Cyber insurance policy as a risk management transfer mechanism. An all-encompassing Cyber insurance policy generally provides first- and third-party type coverages designed to address data breach exposures, including: security breach expenses, actual loss of business income, public relations expenses to restore a firm’s reputation, the cost to replace or restore electronic data and devices, and other forms of liability that may arise following a data breach.
When it comes to arming itself against the threat of a cyber-attack, companies that develop and implement a cyber security strategy before an incident has occurred are in a much better position to respond and survive. Kompani Risk & Insurance Solutions, Inc. can supply all of your cyber security insurance risk management needs, contact us today.