A new study has found that the majority of American businesses were victims of cyber attacks in the past year, greatly increasing the security stakes for companies of all sizes.
Risk managers are aware of the increasing threat of cyber attack, but despite that, a majority of them said that they are not doing enough to thwart such an event, according to the study by The Hartford Steam Boiler Inspection and Insurance Company.
The results are eye-opening and a wake-up call for all companies, especially firms that do not have a risk manager on staff.
Worse yet, while in the past the majority of cyber attacks were directed at large businesses and corporations, in the last two years, hackers and cyber criminals have increasingly targeted smaller firms that often do not have the same security measures in place as their larger counterparts.
The biggest concerns facing the businesses whose risk managers were surveyed are protecting the privacy of their employees, customers and vendors, as well as risks associated with cloud computing.
Some of the more significant findings are:
• Nearly 70% of all businesses surveyed experienced at least one hacking incident in 2014.
QUESTION: How many hacking scares/incidents have you experienced in the last year?
– 1-5 (37%)
– 6-10 (10%)
– 11-15 (4%)
– More than 15 (18%)
– None (31%)
• More than half (55%) of the risk managers don’t believe their company is dedicating enough money or trained and experienced personnel to combat the latest hacking techniques.
• Most risk managers are concerned about cloud security.
QUESTION: What do you think is the biggest risk when it comes to cloud technology?
– Loss of confidentiality of information (76%)
– Service Interruption (16%)
– Government intrusion (5%)
– Negative impact on employee satisfaction (e.g. perception of down-time risk) (2%)
– Lack of service standardization (1%)
• Personal information is the biggest concern for businesses.
QUESTION: What type of information are you most concerned about being breached?
– Personally identifiable information (53%)
– Sensitive corporate information, such as business plans, M&A plans, product development information, marketing (33%)
– Financial information, banking credentials (14%)
The insurer surveyed risk managers at small, mid-sized and large companies in manufacturing/industrial; retail; financial services; government/military; medical/health care; and education, among others.
As the cyber threat continues to evolve, so do the insurance options available for businesses.
Some trends are starting to become evident in the market, though: rates for retailers, financial and health care-related firms are on the increase, and so are deductibles.
Coverage varies from insurer to insurer, but most policies cover at least the following costs:
• Forensic investigations.
• Credit monitoring for affected individuals.
• Legal fees and settlements.
• Fines or penalties levied by government agencies.
Pricing will vary depending on your industry as well as the strength of your internal security measures.
Retailers shopping for cyber insurance are coming under pressure to secure their payment systems, just as homeowners are encouraged to install locks on doors and windows.
Insurers are also promoting newer technologies for securing payment card transactions that exceed credit card companies’ requirements, such as tokenization and end-to-end encryption.