A data breach isn’t always a disaster. Mishandling it is.
*Featured in May/June 2016 Issue of Business First Magazine.*
Fast changing industries present fast changing risks. The proliferation of data, the evolution of technology and greater demands on service providers have led to a rapidly evolving, technological landscape.
The implementation and innovation of technology is taking place at a significant pace, consequently giving rise to cyber threats. The cyber risk landscape is evolving continuously; this therefore presents a fundamental and growing need for businesses to protect themselves with Cyber Insurance in the event of an attack.
Cyber attacks or data breaches can take many forms. A cyber attack is the intentional exploitation of computer systems and networks. Hackers use malicious tactics to alter computer code or data, resulting in a breach of data which can lead to a range of cybercrimes, such as information and identity theft.
Data breaches can also arise from sheer carelessness or human error. For example, leaving a laptop behind on a train also counts as an impending risk.
With vast amounts of data being stored on smaller devices, the risk of data breaches due to theft or negligence is huge. Between 2005 and April 2014, portable devices carrying more than 172 million personally identifiable records were lost or stolen, according to the Privacy Rights Clearinghouse.
Thousands of businesses so far have learned the hard way; that there’s no such thing as perfect cyber security. And of course, the stakes are high. Customers trust you to hold their personal data. If they don’t think your business can be trusted, the future of your business may be at risk. A data breach is not a learning opportunity – you have too much to lose to risk mishandling it.
The publicity consequences from a cyber attack or data breach entails the risk of massive reputational and brand damage. Poorly handled breaches result in far higher customer defection rates; in fact, brand value and reputation have been shown to decline by between 17% and 31% (EIU Global Study, March 2013) after a mismanaged breach, and it can take upwards of a year to restore an organisation’s reputation.
According to the Information Security Breaches Survey 2015, conducted by HM Government, 74% of small businesses suffered a data security breach in 2015.
The average cost of a cyber-security breach can range from £1.46 million and £3.14 million for large businesses and £75,000 and £310,800 for SMEs.
Many businesses, particularly SMEs, are somewhat unaware of the significance of maintaining a strong cyber security presence. Although a proportion of SMEs do not see cyber threats as a risk, they are the most vulnerable.
Symantec recently stated that “most hack attacks actually target businesses with less than 250 employees”. They also commented that threats are subsequently higher for SMEs as they are the path of least resistance for cyber criminals.
As reported by the FSB, SMEs account for 99.9% of all businesses in Northern Ireland.
Research conducted by the UK Government also states that SMEs in the UK are putting almost a third of their revenue at stake, due to a lack of understanding of the impact of cyber risks on their business. Large businesses are comparatively better prepared to deal with cyber risk, as they can afford the cost of cyber security technology.
Essentially, it only takes a small human error, an office break-in, or a hacker to compromise millions of data records and create potential chaos within your organisation. Therefore, a data breach is not a question of “if”, but a question of “when?”
Cyber Insurance is designed to support and protect your business if it experiences a data breach or is the subject of a cyber attack.
Cyber Insurance can also be used as a risk management tool, to help manage and mitigate the increasingly sophisticated cyber threats that exist within this hyper-connected, digital landscape.
It’s interesting to note that the majority of the $2.5 billion written in Cyber Insurance last year was in the United States, where it is a mandatory requirement to notify of any data security breaches. The European Union is also expected to follow suit with regards to notification procedures associated with a data breach or cyber attack.
The key role of insurance exists in its ability to transfer risk in order to reduce potentially damaging liabilities. The pricing element of Cyber Insurance can be used as an incentive for businesses to invest in strengthening their IT security infrastructure. Companies that have eliminated a large amount of risk through the investment of increased protection are rewarded with lower premiums.
The cyber risks faced by a company are often unique. Find Insurance NI can tailor the Cyber Insurance policy according to the nature of the business. At the same time, implementing the best practices and procedures for cyber security will help businesses to become more resilient when it comes to fighting the implications of emerging cyber risks.
The World Economic Forum (WEF) has even identified cyber threats as one of the top 10 risks in terms of likelihood and impact.
To obtain a quote for Cyber Insurance or to learn more, call us FREE on: 0800 012 6367 or click here for a callback.