When people think of cyber losses and cyber insurance, they tend to think of privacy breaches. The exposure of personally identifying information and concomitant risk of identity theft, which is followed by notification costs and regulatory fines is a recognized threat. More and more, though, the interruption of day to day business is the highest cost of a breach. These losses can lead to lost sales, lost productivity, reputational damage, and missed deadlines leading to breach of contract.
When businesses think of ways that poor cyber security can lose them money, they often think of hackers breaching their systems. It’s easy to picture this as a pitched battle between the cyber criminals storming the castle walls, and the defenders seeking to repel them. Unfortunately, some cyber incidents and privacy breaches occur not through the concerted efforts of the bad guys; instead they happen due to simple mistakes and negligence by a company’s own employees.
More and more companies are purchasing cyber insurance as the risks to the company’s businesses from the breach of their networks expand. More companies are also requiring that their vendors and contractors obtain cyber insurance to protect themselves from breaches caused by third parties. As the cyber insurance market place grows, it’s important for companies to know what they get with their cyber insurance policies to maximize the advantage of their purchase.
The increased ability to use biometric data for a variety of purposes has the potential to improve security and privacy in the cyber world significantly. Voice recognition software, fingerprint IDs, facial recognition software are all touted as ways of preventing unauthorized access to computer systems and improving security.
How much would it cost your business to shut down for a week? How much would it cost your business to shut down for a month? Employees unable to get work done, unable to complete sales orders or deliver products to your customers? For some businesses, the answer to that question can be in the millions.
The Dark Overlord hack stands at the intersection of a number of prominent issues in the modern world: terrorism, cyber warfare, confidentiality and privacy. On New Year’s Eve, 2018, a group of hackers calling themselves Dark Overlord stated they had hacked confidential legal files related to the insurance litigation that followed the 9/11 attacks. The hackers demanded a ransom from the law firm from whom the information was stolen. Apparently, the ransom was paid but the law firm breached the terms of the ransom by reporting the breach to law enforcement. Now the hackers have threatened to sell the information online through the dark web.
Social engineering attacks continue to represent a significant attack vector on U.S. businesses. The frequency and cost of these attacks keep increasing. Businesses need to protect themselves or they could be facing large losses. While people tend to view hackers as computer whizzes exploiting technical flaws in software code, the reality is that over 95% of attacks focus on exploiting human weaknesses, not technological ones.
Another major data breach at an American company worth billions of dollars has served to heighten cyber security concerns in businesses of many sizes in many countries. Equifax announced in September 2017 that a massive theft of data from their system had occurred. The failures of Equifax's cybersecurity team resulted in hackers obtaining the personal information of over one hundred and forty-five million of the people whose credit history Equifax tracked.
Equifax faced criticism after how the company reacted to a hack that was announced in September 2017. When dealing with a cybersecurity event, a quick response is necessary to minimize damages from the event. Delays can cause continued interruptions in day to day business processes the damage or loss of vital information; they can also make it harder to track down perpetrators and recover both data and money from them. To this end, most cybersecurity experts recommend that businesses put in place an incident response plan so that teams can act as quickly as possible after an incident instead reacting with a frantic, disorganized frenzy of activity.
A massive ransomware attack crippled thousands of businesses around the globe on May 12, 2017. Nicknamed WannaCry, the attack hit Britian’s National Health Services, FedEx, and ahost of major companies. Preliminary reports estimate the number of affected companies at over two hundred thousand. It is too early to put a number to the economic damage caused by the attack, but it serves a critical reminder of important cyber security principles.