The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Data Breaches & Financial Risk - 5 Reasons For Cyber Insurance

Data Breaches
14 February 2019
 

Despite the rising cost of data breaches, most organisations are unprepared to deal with the financial and reputational repercussions, writes Joe Collinwood.

Collinwood, who works for CySure, explains why cyber insurance is now a business essential.

 

Cyber risk remains a key concern for every business. The current cyber landscape is chaotic including state-sponsored hackers, financially motivated cybercrime gangs and simple negligent data loss.

Risk is everywhere and liabilities are high. Cyber threat remains one of the most significant and growing risks facing organisations today and too few are prepared.

 

Cost of Data Breach

The global average cost of a data breach per compromised record in 2018 was $148, a 6.4% increase from 2017, according to the Ponemon Institute 13th annual Cost of Data Breach Study.

Interestingly, locations that experienced the most expensive data breaches include the US and the UK, where notification costs are nearly five times the global average. It is clear the problem isn’t going away.

 

Supply chain

Although cyber security most often makes it into the headlines because of large breaches, the most frequent threat is actually to SMEs - potentially one of you supply chain partners!

Smaller organisations are by nature agile and innovative, harnessing the power of technology and the Internet to reach their customer base, however, this also increases the attack surface. Research conducted by the National Cyber Security Alliance revealed that 60 per cent of hacked small and medium-sized organisations go out of business after six months.

 

Five reasons for cyber insurance

Becoming more resilient to cyber risks in an age of digital disruption means understanding the full scope of cyber governance responsibilities. Here are five reasons why every business, regardless of size or ownership, needs cyber insurance.

1. Cyber crime is growing exponentially – an overwhelming majority of businesses are reliant on online services, which exposes them to cyber security risks. The 2018 Cyber Security Breaches Survey, conducted on behalf of the UK Government, revealed that 43% of UK organisations surveyed had experienced a cyber security breach or attack in the last 12 months. With highly sophisticated attacks now commonplace, businesses need to assume that they will be breached at some point and have coverage to mitigate the risk.

2. Data breaches are costly – as mentioned before, in Ponemon Institute’s 2018 Cost of Data Breach Study, the average cost of a stolen or lost record is $148, while the overall cost of a data breach is nearly $4 million. This is irrespective of the fines and sanctions under the new General Data Protection Regulation (GDPR) within the EU and California’s Consumer Protection Act, which comes into effect on 1st January 2020 and will surely add to those costs.

However, the real expense of an attack against an organisation is not just the financial damage suffered or the cost of remediation, a data breach can also inflict untold reputational damage. Suffering a cyber-attack can cause customers to lose trust and spend their money elsewhere. Additionally, having a reputation for poor security can also lead to a failure to win new business or government contracts.

3. Organisations can be held legally and financially liable if third party data is compromised in a breach – emerging regulation as announced by the US Department of Defence (DoD) and the EU’s GDPR, places the responsibility on organisations to only appoint third parties who can provide sufficient guarantees that the requirements of NIST 800-171 and GDPR will be met. Both the DoD and the UK’s Information Commissioner’s Office (ICO) will hold liable and may fine any organisation that has not carried out due diligence to ensure third parties are compliant. Regulatory fines have become synonymous with data breaches and the fact that cyber risks are now global, makes complying with various regulatory responses across different geographies all the more challenging.

4. Standard insurance policies do not cover cyber risk - cyber insurance is specifically designed to cover the unique exposure of data privacy and security and can act as a backstop to protect a business from the financial and reputational harm resulting from a breach. While some categories of losses might be covered under standard policies, many significant gaps often exist and cyber events can impact numerous lines of insurance coverage. Standard policies are often unlikely to cover the cost of even a 'standard' security breach, let alone cyber-attack or ‘hacktivism’. Only specialist cyber insurance policies provide extensive cover. However, organisations need to research policies carefully to understand the level of cover offered and their responsibilities to stay within the conditions of the policy.

5. Improved cyber awareness and risk management – insurance is just one piece of the puzzle and solely taking out a cyber insurance policy won’t protect an organisation from a cyber attack. Given that the single greatest cyber risk is social engineering, ie employees voluntarily but unknowingly allowing an attack to occur, it's critical that organisations get the basics right, such as putting every employee through training on how to avoid and recognise cyber threats. The fact is that the vast majority of damage done by cyber attacks is due to an inability of the party being attacked to respond. Organisations need a comprehensive risk management plan that details how the company will respond in the face of a cyber-attack, that includes unknown threats.

 

Cyber Essentials

Given the complexities and ever-changing threats it is important to be proactive as possible. Cyber Essentials is a UK government-backed and industry supported scheme that guides organisations on how to protect themselves against the most common cyber threats. Undertaking a certification route will help organisations, especially SMEs which may not have a dedicated cyber security specialist, to coordinate all security practices in one place, consistently and cost-effectively.

Certification is a valuable indicator of a mature approach to cyber security in organisations. It helps to guard against the most common cyber threats and demonstrate a commitment to cyber security.

Whilst cyber insurance can provide a layer of protection when an organisation is faced with a cyber threat, it is no substitute for good cyber hygiene. Insurance should be viewed as an important addition to a company’s overall risk management, but organisations should not wait for a breach before confronting their cyber risks and exposure.

 

About CySure

CySure is a cyber security company founded by experts with extensive experience in operational and risk management. The company has offices in London and California. CySure’s flagship solution – Virtual Online Security Officer (VOSO) is an information security management system (ISMS) that incorporates GDPR, US NIST and UK CE cyber security standards to guide organisations through complex, emerging safety procedures and protocols, improve their online security and reduce the risk of cyber threats. CySure also supplies organisations with cyber insurance to supplement their security strategy and offset crippling forensic and remediation costs in the event of a cyber breach.

Picture: Despite the rising cost of data breaches, most organisations don't have adequate systems - or insurance - to mitigate them.

Article written by Joe Collinwood | Published 14 February 2019

Share



Related Articles

Consumer Grade Apps Are A Business Security Risk

32% of organisations use consumer grade Apps such as WhatsApp, SMS and Skype for business communications. Over two thirds use these Apps regularly every day and over a...

 Read Full Article
Malicious Intent Is Biggest Threat to Personal Data

A social media poll has found that sixty-five per cent of respondents believe that humans pose the biggest threat to their personal data rather than cyber...

 Read Full Article
Most Organisations’ Biggest Security Concern Is Users

What Keeps You Up at Night – The 2019 Report looks at over 350 global organisations' security concerns and reveals people are the biggest perceived...

 Read Full Article
Ecocleen Awarded ISO 27001 Certification

Ecocleen, the commercial contract cleaning provider, has successfully achieved ISO 27001 certification in recognition of its information security standards. This...

 Read Full Article
Customer Experience Centre Virtually Open

Panasonic Business has opened the doors to a new Customer Experience Centre in Bracknell, showcasing the company's range of B2B solutions - both physically and...

 Read Full Article
Is BYOD Creating A GDPR Risk For Your Business?

Does your Bring Your Own Device (BYOD) stance have the potential to create risks relating to data protection or breaches, as a result of staff using a single smartphone...

 Read Full Article
Two Million Fleet Drivers To Revalidate Driving Licence Data Consent

There are over two million drivers who will have to revalidate their driving licence data consent, writes Malcolm Maycock, Chair of the ADLV. Whilst this is a mammoth...

 Read Full Article
Raising The Bar – Consent Under The GDPR

Straight from the horse's mouth, Steve Wood, Deputy Information Commissioner, writes for ThisWeekinFM on the topic of 'consent', how to get it and what to do...

 Read Full Article
Denial Of Service Costs Escalate

A DNS Threat Report has revealed the cost per attack has increased by 57% to $715,000 for organisations globally. EfficientIP, a specialist in DNS security to ensure...

 Read Full Article
Are You Ready For Business Change?

Andrew Carwardine offers 7 Steps to Change & Put Process Back On The Agenda. Thanks to GDPR, processes are back on the agenda but why the wait? Shouldn't we...

 Read Full Article