By Conor Mason, contributing writer
With recent data breaches at companies like Target and eBay making headlines, the business world has explored the possible advantages of cyber insurance. Cyber insurance has become a hot issue with companies in nearly every sector that possess critically important, private data, including company secrets and customer information. As a trusted advisor to your retail IT clients, after you provide a best-in-breed security solution, should you advise the additional purchase of cyber insurance?
A publication by the Department of Homeland Security states cyber insurance “is designed to mitigate losses from a variety of cyber incidents including data breaches, business interruptions, and network damage. A robust cybersecurity insurance market could help reduce the number of successful cyber-attacks by: (1) promoting the adoption of preventative measures in return for more coverage; and (2) encouraging the implementation of best practices by basing premiums on the level of an insured’s level of self-protection.”
The Center for Strategic and International Studies (CSIS) released a report, sponsored by McAfee, in June 2014 and said, “We estimate the likely annual cost the global economy from cybercrime is more than $400 billion. A conservative estimate would be $375 billion in losses, while the maximum could be as much as $575 billion.”
For a single retailer, a data breach could be catastrophic. Target said in a press release, “Since the breach in the fourth quarter 2013, the company has incurred total net breach-related expenses of $146 million, reflecting $236 million of gross expenses, partially offset by the recognition of a $90 million insurance receivable.” Clearly, the insurance the company had offset some of the expenses, but not all of them. If Target had not had any coverage at all, it’s very apparent that their woes would have been a lot worse, on top of customers not patronizing the retailer as much as before the breach. Considering cybercriminals are looking for any vulnerability, like a third-party system, could cyber insurance add a layer of protection for the previously unexpected and unimagined?
It’s important to remember, cyber insurance is still a new product. With the broad scope and unpredictable nature of cyber-attacks, the insurance industry is still working to collect data, calculate risk, and define the security measures that should be in place before writing a policy.
Each of your customers will have to make a unique decision whether to purchase cyber insurance — which could require you to tailor solutions to meet the requirements of the policy. Educate yourself on the options and be prepared to discuss this with your retail IT clients.