Data breaches have escalated to one trillion dollars worldwide. In 2013, more than 740 million records were hacked and is on record as the worst data breach year in history. We are culture that increasingly relies on technology and devices. Whether it’s to entertain, do business or connect with people — we are all users of technology and we are all at risk.
Recently, I took part in a discussion with the Atlantic Council‘s Jason Healey, director of the Council’s Cyber Statecraft Initiative, which focuses on international cooperation, competition, and conflict in cyberspace. The event was hosted by the New Yorker and the topic, of course, was cyber security.
Information security and privacy liability has been discussed at great lengths in several forums, but the same core principles of risk management still apply — have a plan for when a breach happens, because any data in the care of your business is at risk. This is why it is important to build a culture of awareness within your organization to ensure effective escalation and timely response. A few quick planning steps to consider:
Preparation is key: Have a plan and practice that plan.
- Know what data is managed or accessible by third party vendors and understand the controls they have in place.
- Have third-party vendors for notification and credit monitoring lined up.
- Be sure you have a strong communications plan set up either through your own public relations firm, or a third-party and develop a statement addressing the situation and how it is being handled.
- Have a FAQ website ready to launch where victims can get answers.
- Be sure to consult with peers on how they are preparing or how they have handled a breach situation. Find out what consultants they used, and if they’re good you may want to consider placing them on retainer to go into action if a breach occurs.
- Perhaps the most important is to communicate in-house. Make sure your team that includes general council, the risk manager, supply chain manager, public relations, operations, IT – make sure they’re all talking to one another to ensure no efforts are being forgotten or wasted.
Security & Privacy Insurance: Building a Culture of Awareness
Taking preventative measures is critical to preventing the risk of a data breach, however there is no guarantee that those risk measures will prevent the threat. Being vigilant in testing and protecting your data is the best form of risk management.
This is especially true if you have a third party vendor retaining data for you. You need to make sure that they have processes in place to secure that data. If they have a breach, your company will not be absolved of your responsibility because they were the ones managing the data. You still may be held liable for the vendor’s negligence and you’re responsible for compliance with notification requirements.
So how can insurance help? Insurance can help with pre-breach planning and post-breach response services such as notification, forensics, credit monitoring, and public relations costs. The coverage is evolving as new scenarios and attack vectors emerge, so partnering with an insurer and broker who specialize in this space is essential to determining your exposures and coverage needs.
Is your business being proactive in the war on data? What steps are you taking to make sure your information is protected?