Advances in information technology over the past two decades have radically transformed the way we conduct business. This transformation has also lead to unintended consequences. Most notably, new risks associated with network and information security.
If not properly managed, these new and emerging risks can lead to catastrophe. Data security events are not only expensive to manage (according to Experian, the average costs for a breached company total $9.4 million over a 24-month period), they also significantly impact brand equity and morale.
60% of Small Companies That Suffer a Cyber Breach Go Out of Business Within Six Months
- Data Breach Expenses: Costs associated with the actual or suspected breach of confidential information. Customary expenses include legal counsel, forensic examination, public relations, notification to impacted parties, call center and credit/identity monitoring.
- Security & Privacy Liability: Defense costs and legal liability due to lawsuits or contractual obligations due to a failure of security or safeguarding confidential information.
- Network Business Interruption: Loss of income due to downtime or degradation resulting from a failure of network security. Coverage extends to internal and external costs (extra expense) to get operations back in order.
- Cyber Extortion: Covers expenses to respond to a threat to harm or release your data as well as cover ransom payments, if necessary.
- Regulatory Expense: Defense costs related to privacy regulatory actions, including coverage for assessed fines and penalties (where insurable).
Your Key Cyber Risks
- Growing incentive for insiders to abuse access to sensitive data for financial gain
- Disgruntled current and former employees exploit back doors
- Access controls and behavior monitoring are insufficient to detect insider threats
- Unwary insiders susceptible to attacks that exploit traditional security controls (e.g. spear phishing)
- Users who fail to embrace “culture of security” will find ways to circumvent “inconvenient” security controls
- Patience is a virtue. Tactics have evolved from “hit and run” to “infiltrate and stay.”
- Black markets exist for all types of personal information
- Proliferation of mobile platforms and BYOD policies creates new vectors
- Intent is to disrupt and/or embarrass a target
- Motivations are fickle and unpredictable
- Massive DDos attack
Cloud or third-party compromise
- Theft of intellectual property
- Security compromise — loss of sensitive client data
- Infrastructure downtime may lead to Dependent Business Interruption claim