Cybersecurity Awareness: Protect Valuable and Vulnerable Assets
Our world is more interconnected than ever before. The Internet has become an integral part of everyone’s business and personal lives. But along with Web-based opportunities come risks of breaches and associated losses.
The second-quarter 2015 Duke University / CFO Magazine Global Business Outlook survey revealed that approximately four out of five U.S. companies had experienced at least one serious outside hacking attempt to steal, make public or change important data in the last year. Breach rates were even higher among those with fewer than 1,000 employees (85%). In the third-quarter 2015 Global Business Outlook survey, data security once again made the list of top 10 CFO concerns.
A recent claims study by NetDiligence, a cyber risk assessment and data breach services provider for the insurance industry, reports that the average cost of a cyber breach in 2015 was nearly $674,000. But estimates that the average cost could rise to $1.1 million, assuming self-insured retentions are met.
Most of these claims involved losses of records containing personal identifiable information (45%), followed by payment card information (27%) and personal health care information (14%). Nearly a third of the incidents involved hackers. The health care and financial services industries accounted for the most claims (21% and 17%, respectively). But the largest claim overall occurred in the retail industry.
The first step in any cybersecurity plan is identifying the data that’s most valuable to your organization and focus most of your attention on making these assets more secure. Doing so requires an understanding of who has access to your most valuable intellectual property assets, including employees and third-party vendors.
Protecting against cyber threats is an ongoing chore that requires buy-in from everyone in your organization. The most common data security technique reported by CFOs in the Global Business Outlook survey was installing new software (64% of respondents). In addition, approximately one-third of respondents plan to train employees about breach prevention, install updated IT hardware or hire a data security firm to review their protocols.
Other ways to beef up your company’s cybersecurity measures include:
- Installing the latest software, hardware or application updates on every device as soon as they’re released by the manufacturer.
- Limiting the number of devices connected to the Internet and minimize off-site risks. For example, consider limiting which employees can work from home. It’s also important to educate employees about the risks of cyber breaches and to install encryption software on devices that link to external networks. Employees who take devices out of the office expose your company’s data to less-than-secure home networks and public hotspots that provide wireless Internet access.
- Fortifying your defenses against losses from breaches with cyber liability insurance, which typically protects against liability or losses that come from unauthorized access to your company’s electronic data and software. Instead of purchasing a standalone cyber liability policy, you can add a cyber liability endorsement to your errors and omissions policy, however the coverage through the endorsement isn’t as extensive as the coverage in a standalone policy.
No type of cyber liability insurance is a suitable replacement for sound cybersecurity policies and procedures. Other well-resourced preventive measures can also reduce your premiums for cyber insurance.