Citibank, Sony, and even the Department of Defense have all recently been victims of cyber attacks. Just last week, book retailer Barnes & Noble announced that its credit card PIN pads had been hacked in 63 stores across the country, leaving customer credit and debit cards vulnerable to unauthorized purchase activity. In fact, the company reported that hackers had already made unauthorized purchases with some customer credit cards that were exposed in the attack.
In the recent Sony case, hackers attacked the PlayStation Network and accessed the personal information of 12 million account holders. The resulting investigation was so extensive that the company temporarily suspended business operations and was named in multiple class action lawsuits. Insurers helped foot the estimated $2 billion bill.
Cyber Risk Comes from Internal and External Sources
95% of cyber security breaches are caused by one of three things: hackers, rogue employees, or loss or theft of equipment. And, they are not just a problem for large corporations; they are a real and growing problem for organizations of all kinds, at all levels.
Insurers, risk managers, and business owners need to plan ahead to prevent and protect against these costly incidents. What are some typical cyber liability exposures? Consider where you might find a risk like the following:
Unauthorized Access/Data Security
Hackers gain access to cash registers or credit card terminals, stealing customer credit card information and using it to make unauthorized purchases (Exhibit 1: Barnes & Noble).
Theft of Digital Assets/Missing Data
Theft of laptops, backup tapes, disks, or other devices that contain personal or sensitive information about customers can be more damaging and costly than just replacing the equipment. This kind of theft can lead to anything from unauthorized credit card purchases to identity theft.
In another recent case involving a healthcare organization, over 365,000 patient records were exposed and the company was required to pay extensive reparations.
Privacy Breach/Personal Records Disclosure
This is a very common claims scenario, and most states have laws with strict regulations about informing the public after an incident.
In one case, a rehabilitation center employee inadvertently exposed patient data, leaving the employer responsible for fines and penalties imposed by the state, as well as $890,000 in payments to customers to provide for credit monitoring services.
Hackers attempt to extort payment from a company in exchange for not releasing to the public sensitive customer information.
Hackers launch an attack against a computer consulting and application outsourcing firm, resulting in a system-wide shut down. Costs are incurred for restoring and repairing their system, as well as for business interruption.
The Fiscal Times reports that the cost of global cybercrime could reach $114 billion annually. As hackers display increasing expertise and attacks become more complex, the effects on business can be devastating.
Let’s Face It: Cyber Risk Will Continue to Grow
The cases described in this blog just scratch the surface of potential cyber risk posed to your business.
While insurance companies can provide coverage for these situations, a cyber breach can still be as devastating as other types of liability incidents and physical losses. Long after the breach has been discovered and security has been repaired and restored, the ongoing public relations impact can be even more damaging.