Data breaches are a very serious threat to companies and individuals; their occurrence and impact is increasing drastically year over year. Hackers are looking to steal your financial data, personal information, and intellectual property. Often, the financial and reputational impact of a breach can be disastrous for an organization.
In 2014 alone, several big-name companies fell victim to data breaches: EBAY, Domino’s Pizza, P.F. Chang’s, Home Depot, UPS. Even IT companies Evernote and Feedly suffered loss of customer information and denial of service attacks. Regardless of a company’s size or complexity of their IT security, no company or industry is immune to cyber threats.
Undoubtedly, cyber risk is a topic that should be at the top of the agenda during boardroom discussions and getting ahead of the threat requires more than just relying on current technological defenses.
- Have a risk assessment performed by a specialist. A risk assessment will help you understand the types of cyber risks your company may face and the liabilities that may result from a breach. Personally Identifiable Information (PII) and other confidential information (such as client or customer records and the organization’s intellectual property) should be evaluated to note how it is stored, shared, and secured and where security improvements are needed.
- Establish internal policies and procedures and educate staff to avoid password sharing, online scams, and opening the company to outside threats by misplacing or transferring intellectual property offsite.
- Monitor and test network security systems and protocols on a scheduled basis. You cannot afford to fall behind on updating and evolving your systems as hackers are constantly searching for vulnerabilities
After your company’s risk profile has been formulated, and exposures have been brought to light, an insurance program can help mitigate cyber risks. Review existing insurance policies to see if enhancements are necessary and place coverages to limit cyber liabilities. Certainly, we are not suggesting that insurance should be considered as an alternative to good risk control, but most companies will need coverage for losses that occur as a result of a breach despite the security controls they have put in place. Also, when a privacy breach occurs there are two victims; the individual whose personal information is exposed and the entity that was breached. Fortunately, the insurance industry has recognized the uncovered risks and developed specialized cyber liability insurance programs to address these growing exposures.
Combining strong IT security measures and company policies and procedures with insurance coverage will greatly reduce your company’s Total Cost of Risk (TCoR) and limit the liability of a cyber breach.
About the Authors
Jon Edwards is the IT Manager for The ALS Group. You can read more about Jon or contact him here. Click here to request more information about The ALS Group or developing and enforcing an IT security policy.