Black Friday and Cyber Monday: Is it Time to Invest in Cyber Insurance?

By in

$89 billion worth of Holiday retail sales happened in 2014 during Black Friday and Cyber Monday. As those revenues increase, so does the risk of a cyber security breach.

No Business is Immune

Whether a small start-up or a large enterprise like Target, all businesses face the threat of a cyber security attack. The culprit? Many times, it’s 3rd party vendors who lack security and have access to your systems that can unwittingly release a vulnerability into a business’system.

Training:

According to Kevin Kalinich, global practice leader for network risk and cyber insurance at AON Risk Solutions, “In many of the breaches in the news, the detectors went off and alerted that bad guys were trying to take control of the system and take important information. But the people were not used to having such huge, massive attacks, and they thought they were false positives. That is about training and knowing the chain of command and who to report these situations to. Once something has been detected by security, how do you minimize that risk, and what techniques should you deploy to lessen the impact?”

How Much is Enough Cyber Insurance?

With cyber attacks costing $400 billion each year, the spend for cyber insurance is a small fraction – $2.5 billion was spent on cyber insurance last year. According to Inge Beale, CEO for Lloyds, every time a new cyber attack hits the news, the demand for cyber insurance soars. A few times, these policies fall short. Target’s breach in 2013 cost $148 million, yet their insurance paid $38 million.

Things to Consider for a Response Plan

Not only is proper document storage and shredding tantamount to your security plan, but proper disposal and destruction of your hardware and drives is a necessary component to your overall cyber security plan – no matter the size of your enterprise.

Other considerations:
Legal: Do you have an attorney who knows the law so you can comply with data breach disclosure laws?
Computer Forensics Investigator:Do you have a computer forensics investigator who can do an investigation to stop the breach?
Credit Reporting: Do you have a credit reporting drill to offer credit monitoring?
Insurance: Do you have an insurance broker who can notice the incident under several policies?