Op-Ed: Insuring against cyber risks could save your biz
Very seldom do we associate technology with an organization’s increased exposure to risk. However, adopting new technologies brings about multiple risks in managing information systems, thus risking the confidentiality of proprietary and sensitive information any organization handles, be it their own, their clients’, their suppliers’ or others with whom it does business.
On one hand, emerging technologies such as smartphones, cloud computing and social media are tools to increase efficiency and reduce costs. On the other, they represent constant security threats to information management systems.
Quite often we tend to see financial institutions and its customers as the typical victims of information security breaches. However, the risks associated with this type of hacking are becoming more frequent in every industry, as recently seen in news involving higher education institutions, health care organizations, as well as in hospitality and retail, to name a few.
The business costs of handling security information breaches increase on an annual basis. In the most recent analysis, the 2013 Ponemon Cost of Data Breach Study evaluated a range of business costs related to this type of violation. On a global scale, the average cost per breach was estimated at $136 per file in 2012. In the U.S., the cost per file averaged $188. In other words, if a hacker gains access to a U.S. company database with 4,000 files or contacts, the average cost for this company to handle the breach would be $752,000.
Using technology is a good business practice and facilitates an efficient operation. The issue arises when organizations adopt new technologies and don’t take time to apply security measures to protect the sensitive data they manage every day. When they don’t protect the data, they risk the identity of employees, clients and suppliers, amongst others, as well as their own survival should they ever become victims of a hacker.
Being aware of cyber risks is an even better business practice. Focusing on and assigning resources to strengthen the security of information management systems is essential.
Executives and business owners can take measures to protect their sensitive data. The first step is to be informed. They should be aware of what risks their organizations are exposed to.
Sensitive and confidential information is any data containing details about a person’s identity (social security numbers, address, etc.), a private organization’s financial information, or any other piece of information that represents a competitive edge or business strategy. (What would happen if KFC’s 11-herbs and spices secret recipe filtered out?)
Reviewing the organization’s current insurance policies to make sure they explicitly cover cyber risks, as a preventive measure is a must. If cyber security is not explicitly covered, the organization should purchase this kind of insurance.
Another recommendation from experts is establishing company guidelines for the employees who handle sensitive information or use the companies systems (be it hardware or software) and monitor employee’s usage of these tools.