Thursday, December 29, 2011

Cyber Threats and Cyber Liability Insurance (Winter 2011)

cyber threat, theft, insurance, data, stolen
In the year ahead businesses will face new and sophisticated cyber threats working to capture and exploit user data. The Georgia Tech Information Security Center and the Georgia Tech Research Institute recently reported three specific threats to watch for in the coming year:

Stolen Cyber Data Used for Marketing – The market for stolen cyber data will continue to evolve as private user information is captured and shared by social media platforms and sold directly to legitimate business channels for activities such as lead-generation and marketing.

Mobile Web-based Attacks – Expect increased attacks aimed specifically against mobile web browsers as the tension between usability and security, along with device constraints (including small screen size), make it difficult to solve mobile web browser security flaws.

Search Poisoning – Attackers will increasingly use SEO (search engine optimization) techniques to optimize malicious links among search results so that users are more likely to click on a URL because it ranks highly on Google or other search engines.

As cyber attacks continue to show up with unprecedented sophistication and reach, the ability to compromise and control millions of computers continues to be a serious threat. It is increasingly important to understand possible threats, make sure your policy includes cyberinsurance, and have a plan in place to recover if your data is compromised.

cyber theft, attack, stolen, insurance


cyber theft, insurance, privacy,

Have you ever thought about how much personal information your business stores from your clients and/or employees?  

Do you acquire credit card information, driver’s license numbers, social security numbers, or medical record information?  Where do you keep that information and how safe is it?  How much would you have to pay your client or employee if their information was taken from your records and used to destroy their identity or access their financial assets?

The companies that are most at risk for a serious data breach are those who handle and store some of their clients’ and/or employees’ most personal information.  These companies can include financial institutions, accounting offices, law offices, medical offices, municipalities, retail or restaurant organizations, and technology companies. 

Studies show that your business will likely experience some type of attack, either electronic or paper, within the next 12 months.  “Seventy-three percent of small-to-mid-sized companies experienced a cyber attack in 2010, and 30 percent of those attacks were extremely effective.”1  

In most states, if your business is responsible for the breached information, then your business is required by law to pay for three years of identity theft protection for each individual whose information was breached—no matter whether the breach resulted in damages or not.  For reference purposes, the average cost per compromised record for this service is approximately $200 per year.  This means your company could be responsible for approximately $600 per client and/or employee whose information is breached.  You can visit www.databreachcalculator.com for a free risk analysis of your company’s data breach exposure.

After this cost, your business is still liable for financial damages, fines, restoring credit worthiness, and restoring your good name and reputation.  Luckily, there is insurance coverage available to help.

A cyber/privacy liability insurance policy can mitigate this exposure on your behalf.  Cyber/privacy liability coverage is not found, or may be very limited, under your current policies.  This specific policy can cover your cyber/privacy liability exposure, your data breach notification costs, damage to your hardware/software systems (including web sites and intellectual data), public relations cost reimbursement, and business interruption coverage for the time that your business can not operate due to the breach. 

If your company collects personal information and does not have this policy, please contact your Leavitt Group insurance consultant for more details.   

1 McConville, Jim. “Smaller Private Companies At Greater Risk of Cyber Attack.” Financial Advisor. December 12, 2011. 
http://www.fa-mag.com/fa-news/9382-smaller-private-companies-at-greater-risk-of-cyber-attack-.html
2 Ponemon Institute & Symantec Corporation.  “Data Breach Risk Calculator.”  https://databreachcalculator.com/

insurance, benefits, personal, commercial