Saturday was the conclusion of Cyber Awareness Month. To give you a bit of background, President Obama designated October as National Cyber Security Awareness Month, “to engage and educate public and private sector partners through events and initiatives with the goal of raising awareness about cyber-security and increasing the resiliency of the nation in the event of a cyber incident.”
The Department of Homeland Security, whose purpose is to secure the nation from threats, is the designated "lead agency" concerning all civilian computer systems and infrastructure. The department's focus is defensive, (providing and dispersing information to prevent data from becoming compromised) and responsive, (distributing threat warnings, reacting to data breaches). The DHS's mission is simply to make you aware of the threat, work to minimize it, and handle the repercussions when a data breach occurs.
And although the DHS and other government and private sector interests are doing a wonderful job of making citizens aware of the what is occurring on the internet through hashtags, (#cyberAware, #cyberSecurity, #cybercrime), and headlines (CNBC, Bloomberg, and The Wall Street Journal scream about cyber-threats, cyber-attacks and cyber-defense) most business owners are still wondering, how does this effect me?
I would be happy to answer that question:
- It means that your customer data; your financial records, your health files, and your e-mails are targeted, and more than ever, subject to a breach.
- It means that if you are a small business, that does not have an internal security department and the staff to constantly track all risks and respond accordingly, you have a higher risk of being the target of a breach.
According to a recent article in SC Magazine, "The Cyber-Security Insurance Industry, which barely existed five years ago, has been growing more than 60 percent per year over the past three years - paying out premiums of over $2 billion per year. A solid 60 -70 percent of Chief Information Security Officers says they expect to be hacked within the next 12 -18 months. It is no wonder that cyber-security insurance is booming." *
As a business owner, you cannot "stand sentry" each day, watching your internal data systems, like a Buckingham Palace Queen's Guard. You need to run your business.
So how do you protect yourself from a 70% chance data breach? Insurance.
Think about it. If you were told that you had a 70% chance of a car accident, you would purchase Auto Insurance. Why would you NOT purchase Cyber-Liability insurance if the odds are favorable that you will be hacked in the next few years?
They key to purchasing Cyber Insurance is to ask the right questions of your insurance agency AND make sure that your insurance agent is knowledgeable about the intricacies of Cyber. Some questions you should ask:
- WHAT will the insurance be used to protect? Assess exactly what is being covered. Data? Loss? Reputation? Recouping? Restarting? Relaunching?
- WHAT kind of investment will it require? How much loss can I assume?
- IF my information does get breached, what is my plan of action? What is the next step? What is my responsibility to my clients?
According to Adam Shoestack, author of "Threat Modeling" and expert on the subject, "The place to start with cyberinsurance is identifying the things that would be very expensive to deal with but that money can solve." Notifications to customers, hiring a subject expert to gauge how extensive the breach is, client credit monitoring ... all of these are tangible follow up problems that occur if your company experiences a computer hack.
As always, my recommendation is to talk to the subject experts. Insurance agencies that specialize in cyber-liability and privacy insurance hire staff members that can discuss your individual needs and access your unique business risk.
We are here to protect you and if a breach occurs, work to make your company "whole".
*Jesse Staniforth - SC Magazine