WEDNESDAY, MAY 29, 2013
Blog By: Garry Watts, CPCU, CRM
In my last blog, I identified some of the numbers around cyber liability claims. These numbers are staggering. I think for many of us, the numbers are so big, we think that this can only be affecting large companies-- not ours. However, the data from Verizon’s 2012 Data Breach Investigations Report shows that the vast majority of breaches (71%) came from organizations with fewer than 100 employees. That information puts many of us in the cross hairs of a cyber liability attack.
Cyber liability attacks are getting more and more sophisticated. This type of activity is no longer where somebody is sitting in a dorm room trying to do it for fun. Cyber liability attacks are being carried out by foreign governments and organized criminals who function more like corporations. It doesn't matter to them whether you are a big company or small company; what matters is that you have data that is valuable to them.
Data breaches can result in fines, litigation, business interruption and reputation damage. There are 46 states that have notification laws if a breach occurs. Notification laws vary by state, and as a result compliance can be very complex. An average breach can easily reach all 50 states. Imagine trying to deal with this complexity and trying to run your business. Wow!
The legal landscape has changed dramatically in recent years also. It used to be that there had to be a large number of records lost before attorney firms were even interested. But now attorney firms are interested in very low levels of records being compromised as they know that the fines and the damages are becoming greater each year.
The Ponemon Institute estimates the cost of a data breach to be $194/record breached. At that rate, it takes 515 breached records before a company is facing a 6 figure loss.
Cyber liability is a top 5 risk that should be addressed in all of our firms. I would highly recommend that you identify, and train your staff on the right protocols for a breach. There are also insurance policies that can help mitigate the damage caused by a cyber attack. And if you think this is already covered by another policy---you are mistaken.