The increase in cyber-attacks over recent years means more companies are seeking Cyber Insurance. As we hear more and more about companies such as Home Depot, Target and JPMorgan Chase & Co. among others that have had security breaches resulting in customers’ sensitive and private information being revealed; cyber security has risen to become a top concern of small and large businesses alike. Sony Picture Entertainment suffered a massive breach of data recently. The Cyber Insurance market rose to $2 billion during the years from 2013 to 2014 and continues to rise.
Cyber Attack Statistics
Cyber hackers can use malicious software launching attacks and wreaking havoc on large corporations but also against even small, local Mom & Pop operations. If you have data files storing client information, you may be at risk regardless of the size of your operation. Cyber-attacks against America’s largest companies have been alarming.
The data breach of JPMorgan affected 7 million small business owners along with 76 million households. The phishing scam used against JPMorgan not only accessed customer credentials for the bank, but also for other financial institutions.
Similarly, Home Depot suffered 56 million customers whose payment cards were put at risk from an attack. Worldwide, there have been more than 42 million cyber security incidents in the past year with average losses for a large company estimated at $5.9 million. Business owners can no longer keep their heads buried in the sand and pretend this is not a real threat.
Are You at Risk?
Before you decide whether your company needs Cyber Insurance, you’ll have to identify your risk. If your company has a risk of customer data being breached, are you financially able to cover the fallout or would you need assistance? If the answer is yes, your company may be a good candidate for purchasing a Cyber Insurance policy.
Most of the news we hear about cyber-attacks are about large entities and businesses. However, the threat is also very real for small business owners that could be financially devastated from the fallout and losses incurred from a cyber-attack. Hackers are becoming increasingly sophisticated in their methods and institutions who traditionally who have had top-of-the-line security, such as banking institutions, have found themselves falling victim to security breaches.
Cyber Insurance products are designed to protect business entities from lost revenue, lawsuits and damage to product brand or reputation that may be caused from a breach in cyber security.
Insurance Companies Offering Cyber Insurance
As the need for Cyber Insurance grows, so does the availability to business owners. More than 50 insurance carriers now offer some form of cyber risk insurance. In addition to selling you a Cyber Insurance policy, your insurance company may also be able to offer your some training to help you manage your risk against cyber-attacks. Travelers Insurance has employed former FBI employees for this specific reason. Other companies that also provide cyber security training include AIG and ACE.
AIG is a pioneer in the industry and has been offering a Cyber Insurance policy available to customers since 1999. The company reports that many claims not only come from cyber-attacks but also may result from human error. An example of a human error loss would be a data breach due to a lost laptop or similar occurrence rather than an organized attack.
Managed Cyber Security Services
With the growing threat of cyber security attacks, you may want to consider a managed cyber security service within your own organization. IT security firms can provide this service through partnership with a managed security service provider. Even if you feel you don’t need this service now, as your company grows, so will your online footprint and threat of a cyber-attack. Being proactive is the only effective way to prevent cyber-crime. Some of services a managed security service provider can provide include IDS/IPS (Intrusion Detection System/Intrusion Prevention System) Monitoring to block undesired network traffic and notify you of suspicious activities such as any unauthorized attempts to access your network. IDS/IPS identified potential threats in real time and provides you with actionable responses to thwart the attached.
Cloud-Managed SIEM (Security Information and Event Manager) services collects and analyzed data from your servers and desktops to identify and potential threats. This security services collects and monitors your log files along with encrypting them for protection. SIEM systems are often a legal compliance requirement for organizations or for needed certifications. If your own IT department tried to monitor this information, it could take up valuable time and resources, so this service may be better handled through a professional managed cyber security service.
Why not Have Both?
With the increased threat of cyber attacks, it may be in your best interest to have managed security services as well as cyber insurance. You can never be too protected! In fact, the two can go hand in hand since most cyber insurance providers will give your company a significant discount for lowering your cyber risk with managed security services.
The Bottom Line
Only you, as a business owner, can accurately determine your need for purchasing Cyber Insurance. Even if you choose not to purchase Cyber Insurance at the present time, you should remain vigilant and stay on top of the news regarding cyber-attacks as this is an ever increasing threat to business owners, both small and large. If you do not purchase Cyber Insurance, Managed Cyber Security Services could be another workable solution to help protect your business against cyber-security threats. The worst thing you can do it nothing–because cyber-criminals aren’t going anywhere.
Please contact KTG to find out more about our managed security services.
Brian Gray, MCP, is the President at Kraft Technology Group, LLC (KTG), an affiliate of KraftCPAs PLLC. Within his role, Brian is responsible for all aspects of service delivery to our clients. Brian has a decade of experience working for managed service providers. He has worked with clients in a variety of industries, including financial services, accounting, legal, healthcare, manufacturing, and retail.