The largest data breaches ever have occurred since 2015, and targets have encompassed a wide spectrum of entities. Organizations affected range from U.S. DOJ and the IRS—where citizens’ personally identifying information was stolen and released by hackers—to universities like the University of Central Florida and the University of California–Berkeley—where more than 160,000 individuals’ financial and identifying data was compromised.
What types of organizations are at risk for cyber-attacks?
Cyber security poses increasing threats to health care groups, and in 2016 attacks occurred against 21st Century Oncology in Florida and Premier Health Care in Indiana. These reported breaches affected sensitive patient information.
While web-based companies like LinkedIn, Yahoo!, and Dropbox endured highly publicized data breaches that compromised a massive amount of user data, hacks of point-of-sale systems have become a threat to consumer credit card information, as the breach of Oracle’s MICROS system, discovered in August 2016, indicates a growing threat to retailers and consumers around the globe.
Companies and organizations of all sizes and types are now tasked with preserving and securing an ever-increasing amount of data.
This uptick in electronically stored data escalates the risks and potential threats.
What costs can an organization anticipate if it is the victim of a cyber-attack?
A June 2016 independent study conducted by Ponemon Institute found that companies in the United States face an average total cost of over $7 million dollars per breach. Individual records that are lost or stolen in the United States amount to a $221 per capita loss for the targeted company. Unfortunately for health care organizations and financial services companies, these costs are higher and average as much as $355 per lost or stolen record.
As the size and scope of data breaches have increased, the associated costs have also risen, and these increased costs confront organizations of all types.
Any cyber risk equates to a potential loss of business revenue for companies operating domestically and abroad. Health care organizations, universities, corporations, financial institutions and governmental entities each combat different types of risks, and these varied risks create unique costs based on the circumstances of the breach.
In most cases, the total cost of a data hack can be difficult to quantify, but these costs include:
- loss of goodwill;
- property damage;
- loss of intellectual property;
- compliance costs;
- the cost of potential litigation resulting from the breach;
- and general business interruption resulting in lost profits.
A breach of consumer information—like the recent cyber-attacks against well-known corporations like Wendy’s, Target, and Home Depot—can have the unfortunate result of keeping consumers away as they are leery of further breaches. Cyber-attacks can easily affect an organization’s bottom-line in a variety of ways.
What do cyber security insurance policies typically cover?
Previously, a gap in coverage existed as policies focused on an organization’s legal compliance requirements but failed to address the many other disruptive problems resulting from damaging cyber-attacks. Policies tended to cover basic matters like credit monitoring for stolen information or a policy may have covered the costs of litigation brought on by the data breach.
To address the mounting problem in today’s electronic world, cyber security companies announced in the fall of 2016 new insurance solutions intended to cover the high costs of cyber security threats.
These cyber risk policies will cover previously uncovered loss of revenue stemming from a cyber-attack.
What can organizations do to help cover these potentially huge financial losses resulting from a cyber-attack?
Confronting potentially catastrophic losses from cyber-attacks demands an innovative approach. The aftermath of a cyber-attack is expensive, and the risks have become increasingly common. As organizations manage more and more sensitive data, the size and scope of data breaches by cyber criminals will continue to expand. The revenue lost after cyber security breaches will also continue to compound, causing even greater financial harm to victim organizations.
Typical cyber insurance coverage policies previously did not cover lost revenue resulting from data breaches. However, the emerging trend toward insurance policies that cover lost revenue will provide a potential safety net for corporate, governmental, financial, and health care entities. These new cyber risk policies will address a serious risk for entities that collect and store sensitive electronic data.