Blog

Cyber Attacks: Everyone is a Potential Target

Valynda Murphy
Insurance Experts' Forum, March 7, 2014

If train derailments on consecutive days resulted in 180 fatalities, the twin tragedies would dominate the news cycle and cause panic in some circles. But, few seem to acknowledge that every 48 hours, the same number of U.S. drivers and passengers die in motor vehicle crashes. Insurance companies are well aware, though. It's our job to observe the world differently.

So, when recent cyber breaches at retailers Target, Neiman Marcus and Michaels made a media splash and led to Congressional inquiries, we didn't overreact because we understand information theft is a constant threat that impacts companies on a daily basis. For every big, public incident like Target, there are probably scores more that go unreported. The risks are very real for all companies.

Significant events like Target help focus national attention on cyber security issues, but they also tend to distort the scope of the problem. The reality is that cyber crime is a broader problem that's not confined to tech companies and large corporations.

If you possess personally identifiable information on a lone employee or single customer, you have a cyber exposure. That data doesn't have to exist on a network, either. These days, holding any personal information — even if it exists only on paper — presents a potentially costly privacy risk that falls under the cyber umbrella. Loss can occur as a result of access to networks via stolen credentials or breaches, unsecured or lost mobile devices or malicious email or web links.

All companies, regardless of size, need adequate controls in place that minimize possible points of entry to their private information. Perhaps most importantly, they also need to understand what data they have, where they have it, and how they're protecting it. What are employees allowed to have on mobile devices? How is remote access monitored, including vendors? Is there a documented chain of command for handling sensitive paper documents? What is the company’s policy on USB drives? These are basic governance concerns all business leaders need to address.

Also see Demand for Cybersecurity Professionals Spiking

 

With controls in place, a company's next step is to revisit its cyber risk management strategy. Companies need to decide if exposures can be minimized by changing processes or the way data is stored. They must explore how those exposures can be mitigated with network security, privacy policies, training and expert assistance. And they should understand what risks can be transferred to third parties, and what risks should be retained.

Obviously, insurance is an important weapon in this war. According to one study, the average security breach costs organizations almost $200 for each record that's stolen, or about $5.5 million for the typical company breach. A claim that size could cripple a business without adequate insurance coverage. Ideally, it never gets to that point.

The challenge is to avoid claims and lawsuits by staying ahead of the risks, implementing controls and processes that prevent lapses, and building the strongest wall possible around all personally identifiable information.

This blog has been published with permission from CNA Insurance.

Readers are encouraged to respond to Valynda Murphy directly atvalynda.murphy@cna.com, or using the “Add Your Comments” box below.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

IT Spending is Healthy, But Where's the Money Going?

IT leaders expect more money for cloud, virtualization and mobile — but no staff increases.

To Quantify or Not — That is the Question with Modernization

Making the quantitative case is a long-practiced ritual in many insurance organizations.

3 Reasons DevOps Matters

Every insurer needs to compete on products and information turned around in light-speed fashion.

Coordinate Coverages to Manage Social Media Exposures

The bottom line is that no one policy will cover all the exposures in the social media realm.

The Internet of Things: Helping Insurers Make Better-Informed Decisions about Risk

The IoT is a major game changer for the insurance industry, and will likely affect every part of the insurance value chain. After all, insurance is data-driven, and that’s exactly what the IoT can deliver—relevant, actionable, real-time data that can provide an accurate picture of what is being—or may be—insured.

Software-Defined Everything

What does it take to virtualize all the key components in your data center?

Advertisement

Advertisement