Data breaches and cyber attacks continue to plague organizations worldwide. A recent report from Lloyd’s of London found that a single cyber attack on a major cloud service provider could hypothetically cause an economic loss as high as the cost of Superstorm Sandy in 2012. We are a culture that increasingly relies on technology and devices. Whether it’s to entertain, do business or connect with people — we are all users of technology and we are all at risk.
Information security and privacy liability have been discussed at great lengths in several forums, but the same core principle of risk management still applies: have a plan for when a breach happens because any data in the care of your business can be at risk. This is why it’s important to build a culture of awareness within your organization to ensure effective escalation and timely response. A few quick planning steps to consider:
- Know what data is managed or accessible by third-party vendors and understand the controls they have in place.
- Have third-party vendors for notification and credit monitoring lined up.
- Be sure you have a strong communications plan set up, either through your own public relations firm or a third-party, and develop a statement addressing the situation and how it is being handled.
- Have an FAQ website ready to launch where victims can get answers.
- Be sure to consult with peers on how they are preparing or how they have handled a breach situation. Find out what consultants they used. If they’re good, you may want to consider placing them on retainer – ready to go into action if a breach occurs.
- Perhaps most importantly: maintain in-house communications. Make sure your team includes general council, the risk manager, the supply chain manager, public relations, operations, IT – make sure they’re all talking to one another to ensure no efforts are being forgotten or wasted.
Security & Privacy Insurance: Building a culture of awareness
Taking preventative measures is critical to preventing the risk of a data breach. However, there is no guarantee that those risk measures will prevent the threat. Being vigilant in testing and protecting your data may be the best form of risk management.
This is especially true if you have a third-party vendor retaining data for you. You need to make sure that they have processes in place to secure that data. If they have a breach, your company will not be absolved of your responsibility because they were the ones managing the data. You still may be held liable for the vendor’s negligence and be responsible for notifications.
So how can insurance help? Insurance can help businesses manage the evolving risk and financial impact of data breaches.The coverage is evolving as new scenarios and attack vectors emerge, so building a strong relationship with an insurer and broker who specialize in this space is essential to understanding coverage options for your exposures. Is your business being proactive in the war on data? What steps are you taking to make sure your information is protected?