Cyber breaches are, or should be, at the forefront of each organization’s leadership’s mind. The issue of compromised Personally Identifiable Information (“PII”) and the damage it can wreak on your firm is no longer a concern just for the IT department, but for all c-suite professionals. Mitigation of cyber exposures must be a joint effort as the financial and reputational damages associated with a significant breach, if not addressed, will cripple most businesses.
In 2015, Ponemon Institute released a “Cost of a Breach” study[1] and the results are humbling:
- The average cost for each lost or stolen record (USA) containing PII increased from $201 to $217 – which may be even higher if the number of records lost is extremely high
- The total average cost paid by a company increased from $5.9 million to $6.5 million
- The number of breached records per incident in (2015) ranged from 5,655 records to 96,550 records with the average number of breached records at 58,070
- Heavily regulated industries such as healthcare, pharmaceutical, finance, energy, and transportation, communications and education tend to have a per capita data breach cost substantially above the overall mean of $217
- 49% percent of incidents involved a malicious or criminal attack – which are most costly
Generally, the cost of a breach is comprised of various expenses; notification costs to parties who’s information was breached, free credit monitoring provided to breached parties, hefty regulatory fines and penalties, legal defense, forensic investigations, business interruption, data restoration and systems recovery, 3rd party vendors, and perhaps the most costly of all – brand reputation damage. When it comes down to it customers may simply not trust their information to an organization that cannot keep their data safe.
However, taking a strategic approach to mitigating cyber risk will yield lower costs should (and when) an event occurs. Companies that appoint an incident response team, train employees on how to respond to an event, and involve c-suite professionals along with their IT department in the process of identifying risks and develop a comprehensive business continuity management program (“BCMP”) may save themselves from the potentially crushing costs mentioned above. Ponemon notes:
- 9% reduction in the per capita cost of a data breach when a BCMP is involved
- 27% reduction in the mean time to identify a data breach
- 41% reduction in the mean time to contain a data breach
- 28% decrease in the likelihood of a data breach over the next 2 years
Purchasing a stand-alone cyber liability policy is another critical action in cyber risk mitigation. Companies may be reimbursed for the above costs should the policy be triggered and the breach covered. It’s paramount to understand that the policy actually mitigates the organization’s risks as the available coverage is extremely malleable and often not properly structured “out of the box”.
If you need help identifying your organization’s cyber risks, developing a BCMP, or have questions regarding any of your organization’s risk and insurance issues do not hesitate to Contact Us | The ALS Group.
[1] Poneman did not include cases involving more than 100,000 compromised records because they are not indicative of data breaches incurred by most organizations.
