Our world is more interconnected than ever before. The Internet has become an integral part of everyone’s business and personal lives. But along with Web-based opportunities come risks of breaches and associated losses. The U.S. Department of Homeland Security has launched a series of education seminars this October as part of National Cybersecurity Awareness Month. The goals are to raise awareness about cybersecurity and to increase the U.S. resiliency against the threat of a cyber incident. Here, we reveal findings from two recent studies that underscore the importance of protecting your business against data breaches.
Sobering Statistics
The second-quarter 2015 Duke University / CFO Magazine Global Business Outlook survey revealed that approximately four out of five U.S. companies had experienced at least one serious outside hacking attempt to steal, make public or change important data in the last year. Breach rates were even higher among European companies (92%) and those with fewer than 1,000 employees (85%). In the third-quarter 2015 Global Business Outlook survey, data security once again made the list of top 10 CFO concerns.
A recent claims study by NetDiligence, a cyber risk assessment and data breach services provider for the insurance industry, reports that the average cost of a cyber breach in 2015 was nearly $674,000. But the NetDiligence dataset includes some claims that haven’t yet been paid, and it estimates that the average cost could rise to $1.1 million, assuming self-insured retentions are met.
Most of these claims involved losses of records containing personal identifiable information (45%), followed by payment card information (27%) and personal health care information (14%). Nearly a third of the incidents involved hackers. The health care and financial services industries accounted for the most claims (21% and 17%, respectively). But the largest claim overall occurred in the retail industry.
Preventive Measures
What steps has your company taken to minimize data breach risks? The first step in any cybersecurity plan is identifying your “crown jewels,” the data that’s most valuable to your organization. Depending on your industry, that might be trade secrets, financial data or customer data, for example. Focus most of your attention on making these assets more secure. Doing so requires an understanding of who has access to your most valuable intellectual property assets, including employees and third-party vendors.
Protecting against cyber threats is an ongoing chore that requires buy-in from everyone in your organization. The most common data security technique reported by CFOs in the Global Business Outlook survey was installing new software (64% of respondents). In addition, approximately one-third of respondents plan to train employees about breach prevention, install updated IT hardware or hire a data security firm to review their protocols.
Other ways to beef up your company’s cybersecurity measures include:
- Installing the latest software, hardware or application updates on every device as soon as they’re released by the manufacturer. Doing so can help thwart hackers who troll for patches and updates to exploit the latest system vulnerabilities. Nimble hackers can then use these vulnerabilities to steal data before businesses have a chance to install the fix.
- Limiting the number of devices connected to the Internet and minimize off-site risks. For example, consider limiting which employees can work from home. It’s also important to educate employees about the risks of cyber breaches and to install encryption software on devices that link to external networks. Employees who take devices out of the office expose your company’s data to less-than-secure home networks and public hotspots that provide wireless Internet access.
- Fortifying your defenses against losses from breaches with cyber liability insurance. Professional and general business liability insurance policies generally don’t cover losses related to a hacking incident. Cyber liability insurance can cover a variety of risks, depending on the scope of the policy. It typically protects against liability or losses that come from unauthorized access to your company’s electronic data and software.
Instead of purchasing a standalone cyber liability policy, you can add a cyber liability endorsement to your errors and omissions policy. Not surprisingly, the coverage through the endorsement isn’t as extensive as the coverage in a standalone policy.
Business owners and managers should carefully read their policies to understand what types of incidents are specifically excluded from coverage. And, remember, no type of cyber liability insurance is a suitable replacement for sound cybersecurity policies and procedures. Other well-resourced preventive measures can also reduce your premiums for cyber insurance.
Year-End Planning
National Cybersecurity Awareness Month is a perfect time to launch an educational program for your employees about these risks and preventive measures. If you’re unsure where to start, forensic accountants are familiar with ways to identify and reduce costly cyber breach risks. Giving some extra attention to cybersecurity before year end will help your business start off 2016 on the right foot.