Regardless of industry, cyber attacks and data breaches expose businesses to potentially enormous losses and liabilities. According to a report by the Insurance Information Institute (III), the potential economic fallout from the cyber threat cannot be underestimated, particularly because the number of publicly disclosed data breaches soared from 449 in 2012 to 614 in 2013. This is likely why cyber risk cracked the top 10 list of global business risks in 2014.
According to the III report:
- The majority of data breaches affected the medical/healthcare industry (43.8%) and business organizations (34.4%).
- Business organizations accounted for the majority of records exposed by data breaches in 2013 (84%).
- A report by PWC found that cyber crimes are considered a high-level threat.
- Cyber attacks have become more frequent and increasingly costly for companies to resolve.
- The average annualized cost of cyber crime is estimated to be $11.6 million per year.
- Denial of service is the costliest cyber crime, followed by malicious insiders and web-based attacks.
- The average time to resolve a cyber attack is 32 days, with an average cost of just over $1 million during this 32-day period.
- Malicious or criminal attacks, such as malware infections, criminal insiders, phishing/social engineering and SQL injections, cause 42% of data breaches, followed by human error (30%) and system glitches (29%).
- U.S. organizations have the highest lost business costs at an average of $3.3 million.
- Businesses may be exposed to even greater risks from new technologies, such as cloud computing, which uses a network of remote servers over the Internet to store, manage and process data, rather than a local server.
The III report notes that upon experiencing a data breach, many businesses turn to their insurance policies to cover their loss. Unfortunately, many of these losses are not covered by traditional insurance policies. To protect against cyber threats, businesses need specific cyber insurance policies that provide a number of specialized coverages, such as:
- Loss/corruption of data
- Business income/interruption
- Liability coverage (first- and third-party coverage)
- Data breach coverage (including costs of complying with statutory notice requirements)
- Cyber extortion
- Crisis management
- Identity theft
Given the complexity of the risk, an experienced insurance agent should be consulted to ensure that adequate coverage is obtained. If you would like to learn more about insuring against data security breaches, contact us.
If you would like to learn more about preventing data security breaches, take our online course Information Risk Management: Strategies for Preventing and Mitigating Information Security Breaches.
If you would like to subscribe to our newsletters please click here.