Not ANOTHER Blog on Cyber Security
Posted in: Commercial Insurance
No, really, this isn’t just another blog on Cyber. If by now the news of breaches at Target, Home Depot, Bank of America, Blue Cross Blue Shield, Sony, The US Office of Personnel Management and the Department of Defense haven’t raised alarms for you, there is nothing I can say that will bring you up to speed on the pervasiveness of cybercrime. No doubt many organizations are aware and have taken precautionary steps to mitigate cybercrime but an unnerving number of companies continue to believe that they are ‘too small’ to become the target of an attack.
Unfortunately, the reality is quite different. One of the largest breaches in recent memory was Target Stores where 40 million credit card numbers and 70 million total records were stolen. It resulted in a 46% drop in profits, $100 million in additional security improvements and $200 million in costs to financial institutions to re-issue new credit cards. What you likely didn’t know is that the source of the Target breach was their HVAC vendor – a small shop located in Sharpsburg, PA.
And just consider, credit card information is among the LEAST valuable information stolen, whereas health and general login information is one of the most valuable. While a stolen credit card number might be worth $5 or less on the black market, health-related information may sell for as much as 100 times that amount. To make matters worse, 81 percent of healthcare-related organizations have been compromised in the past two years.
Do you run the risk of being that HVAC vendor? Are you doing business over the internet with larger firms, including your vendors, customers and banks? If you’re not paying sufficient attention to cyber exposures, then I would argue you are at significant risk. Keep in mind that not all cyber-attacks are targeted – actually in many cases they are crimes of opportunity. Login credentials left out in the open, weak passwords, lax network monitoring, and failing to provide regular and consistent cyber risk education to your staff can expose your firm to catastrophic losses.
In the coming months, PSA will feature technical ways in which you can ‘harden’ your infrastructure by working with experts in the field. Yes, we believe in cyber insurance, but the best course is prevention – you may have homeowners insurance, but would you really leave a window open in your home during a thunderstorm?