Data Breach or “Cyber Crime”
As a Commercial Risk Advisor, I am seeing numerous stories and articles related to a new Emerging Risk that is affecting thousands of businesses and millions of people across the world. What could a risk of this magnitude be you might be wondering? The answer is Data Breach or Cyber Crime. This has become such a problem that the cost of loss is the highest in history at around $5.5 million and climbing. This type of risk comes in many forms such as viruses, internet fraud or identity theft, to name a few. The hackers are becoming more deviant and savvy about how they attack organizations sensitive information. One article indicated that a company overseas did not even know their system had been breached for nearly 7 months! That is a long time for unwanted criminals to be inside a large organizations database collecting personal information. A growing concern now is the amount of employees inside the organizations that are helping these criminals breach databases and assisting in their crime. According to DataBreach Today.com, in 2011 the FBI charged 22 individuals in California for stealing $8 million from three large banks. The individuals charged were either inside prison orchestrating the crime or worked for the banking institutions themselves. That type of risk is very hard to catch even with the best security measures in place simply because employees will know their way around the system. On October 3, 2012, Nationwide Insurance Company of Columbus, OH and Allied Insurance experienced a data breach and it affected 534 Oklahomans. The compromised information included social security numbers, driver’s license numbers, birthdates and even their marital status.
In Germany, crime statistics compiled by the police indicate that about 60,000 cases of cybercrime were recorded in 2011.” These are alarming statistics being released and as business owners and citizens we should be very concerned with the safety of our personal information and how it could affect the business itself due to such a loss. If a person experiences identity theft they only have 90 days to dispute the charges, file police reports and resolve the crime. If the theft goes unnoticed by an individual for more than 90 days, the debt becomes theirs to pay off. Now let’s think about this for just a moment. If a major organization doesn’t even notice they have been breached for 7 months, how would one individual know they are a victim within 90 days? That means it is time to start being vigilant about this risk and protecting yourself, your business and your clients.
Risk Management of Data Breach
What You Can Do
An article posted on Entrepreneur.com in April 2010 reports the Federal Trade Commission posted these 5 steps you can take to help prevent a data breach.
1. Take Stock- know what information you’re keeping, how far back it goes and which records qualify as sensitive.
2. Scale Down- Only collect those pieces of data that you really need to make your business more efficient. Do not store credit card numbers you don’t need or make the clients give their social security number as an identifier unless absolutely necessary.
3. Lock it- Keep physical records in locked boxes and secure locations and digital records must have safeguards.
4. Pitch it- Information such as paycheck stubs, bills and investment records etc. should only be kept for one full year. After a year, get a shredder and shred the information.
5. Plan ahead- Prepare for the worst. Put an action plan in place for how you will handle a data breach.
A risk such as this does not discriminate on the size of the business. No business is too small or too large to be a victim. Criminals don’t care where they get the information or how much they do get, as long as they achieve their goal. As a Commercial Risk Advisor, I strive to advise you on these types of risks and how they could impact your business. There is a financial risk due to these types of crimes.
With that information now being known, take the appropriate steps to minimize your exposure. First, I would consider is purchasing a Crime Policy and a Cyber Liability policy. These polices can be called numerous other names such as Technology Liability, Data Breach Liability or Computer Fraud, to name a few. It is very important that you are covered for your financial loss as well as the third party’s financial loss. These policies are very inexpensive especially if you compare the numbers to what an actual loss could cost a company.
Insurance is about bringing you back to whole after a loss. Risk Management is about being proactive, minimizing your risks and having strategies in place to make you more prepared to handle risks as they surface. Make sure that you can recover from this widespread and now worldwide threat. Educating yourself is crucial in protecting yourself. The more you know, the better you will be protected. There are other numerous ways that we can help you discover your risks and implement the best plan of action for you and your growing business.