Cyber Attacks Hit Hardest During The Holidays
Cyber risks are a growing fear that most businesses face. Recent examples involving data breaches at Target, Snapchat, and the Microsoft-owned Skype, highlight this reality.
The Target breach — probably the biggest — claimed the credit and debit card information from more than 40 million customers.
At Snapchat, the numbers weren’t quite as grave, though they did leave 4.6 million users in a compromised position.
As for Skype, no hard numbers have been released at this time, but this one is particularly noteworthy because the video/audio/IM chat service is owned and operated by Microsoft. If anyone would be immune to cyber risks, you’d think it would be Bill Gates’ company, but no.
All of these incidents are reminders that 2014 should be the year you get cyber insurance if you haven’t already.
One Of The Most Dangerous Times For Cyber Attacks…
According to John Kindervag, an analyst at Forrester Research, companies run an even higher risk of cyber attacks around, and coming off, the holidays. This susceptibility is because they reduce defenses and avoid updating code for their websites and mobile applications, he said, adding that many companies fear their systems will break during peak traffic times while all their programmers are on vacation.
“Every company is a target, if it has data that can be monetized in the black markets of the Internet,” Kindervag said in comments to Insurance Journal. “During the holidays, companies don’t make any changes or do anything to their systems, and IT people are given vacation.” http://www.insurancejournal.com/news/national/2014/01/03/316017.htm
IJ touched base with Jon Callas, chief technology officer and co-founder of Silent Circle, a service that makes encrypted communications for companies, and he admitted that “hacking is a seasonal business.”
“If you’re going to try to pull off a big heist on a department store like Target, you want to do it during the Christmas rush,” Callas said, pointing out that the holidays were the time when more people are shopping and plugging in credit card information, and “you want the companies to be so overwhelmed with legitimate customers that they’re not paying attention to you.”
Robert Hartwig of the Insurance Information Institute (I.I.I.) admits that, “Despite the fact that cyber risks and cyber security are widely acknowledged to be a serious threat, a majority of companies today still do not purchase cyber risk insurance”; however, he also notes, “this is changing.”
In a recent white paper for I.I.I., approximately 85 percent of 258 executives surveyed said they were “very or somewhat concerned” about cyber attacks on their businesses, compared to 82 percent of executives concerned about loss of income, 80 percent concerned with property damage, and 76 percent with securities and investment risk. http://www.iii.org/assets/docs/pdf/paper_CyberRisk_2013.pdf
In other words, cyber attacks were the biggest concern for businesses because risk to reputation is often greater to a company than risk of losing money as a result of the attack.
How Can The Insurance Industry Help?
When a system is compromised, businesses run the risk of losing customer loyalty and trust. Cyber insurance can help pay for the assistance of public relations firms in restoring reputation. It can also help compensate for the loss of future sales which might occur from losing customers to a competitor, and it can cover compensation to third parties who might be affected by a data breach.
With all of these benefits, the insurance industry can help combat the problem by encouraging adoption of cyber insurance products by small and large businesses alike. After all, none are immune from the risks of a cyber attack. In fact, a recent study found that over a third of targeted global attacks were aimed at businesses with less than 250 employees. Considering that most small businesses do not have the resources to handle third party damages alone, cyber risks are perhaps the biggest threats that most businesses will face.
It’s been said there are two types of businesses in the world — those that have experienced a cyber attack, and those that will. Prevention is just not possible, so protection is the best option, and the more effectively insurers can communicate this to the business community, the less damaging the aftereffects will be.