Cyber Risk: More Than Just Data Breaches

Cyber risk entails more than you think. Given the latest reported data breach from Yahoo (again), people constantly think of hackers when they hear “cyber risk." It is important for executives whose responsibilities include protecting the financial welfare of their companies to understand that cyber risk goes much deeper than the highly publicized security/data breach.  Learning all facets of cyber risk, ways to protect a company’s data infrastructure and financial well being and what remedies are available in the event of a loss, are all paramount to any financial executive in today’s digital world.

If cyber risk isn’t just data breach, what exactly does cyber risk involve? In addition to intentional hacking, cyber risk can include accidental loss of employee or client data, actual physical damage to computers, servers or other networking materials, or even lawsuits resulting from web activities. Comments made on public websites by an executive or employee, inaccurate or libelous statements made online, and a third party sustaining losses from a virus picked up from a company website, can all be considered “cyber risk”. The potential scenarios presented are not an exhaustive list of risk possibilities, but it is safe to say that if your company operates online - including accepting payments, storing/transmitting data, or using social media or web pages to advertise, analyzing your cyber risk should be a top priority.

Proactive IT security measures including implementing security tools, disaster recovery plans and training employees on policies and procedures are essential to mitigating cyber risk.  Many companies already take these precautions.  According to a September 7th, 2012 published report, 8 Surprising Disaster Recovery Stats by CRN.com, “Only 51% of small businesses have an IT business continuity plan…compared to 74% of large businesses.”  Furthermore, downtime created by disasters such as fires (26% of the time), human error (60%), server room issues (44%) and power outages (29%) lasted on average of 2.2 days and cost the companies $366,363 a year.   While having disaster recovery procedures in place to mitigate downtime is essential, these plans don’t take into account recuperating lost revenue, money spent on fixing the problem and possible branding damage.  This is where learning remedies available to companies in the event of a loss become vital.

The first step is to analyze your exposures to loss, considering the type of business you are involved in.  For example, if you have a media company, you should have cyber risk coverage that guards against digital copyright infringement and libel suits.  If you are in the  healthcare industry and are subject to HIPPA laws, you need to have cyber risk insurance that covers breach or negligence events.  After your consideration of the potential exposures, review your current insurance for coverage for loss of equipment, media, business income loss, etc. Often, the standard property and general liability policies provide some coverage that addresses some of your exposures, but more likely, there may be gaps that need to be addressed.

Keep in mind that we are available to assist you in addressing your exposures, and developing an insurance and risk management program to address them