A flip through the news headlines shows that data breaches are increasing in frequency and severity, but it’s the recent privacy and security studies that are making companies face the facts by numbers.A flip through the news headlines shows that data breaches are increasing in frequency and severity, but it’s the recent privacy and security studies that are making companies face the facts by numbers. The 2014 Ponemon Global Report on the Cost of Data Breach benchmark study found that data breaches cost organizations on average $7.6 million and that there was a 10.4 percent net increase in breaches in the past year.
To better understand your organization’s cyberrisk, it is important to analyze this study in proper context, taking into consideration the size of your business, industry, geography and regulatory environment to name a few. Large organizations in the retail, healthcare, financial and hospitality sectors have suffered significant privacy and security incidents. However, certain industry data suggests that the cost per incident, for these industries, may actually be decreasing due to implementation of improved risk management practices.
Click here to read more Industry Insights
According to Aon’s Global Risk Insight Platform, an industry leading global repository of risk and insurance placement information, 80 percent of data breaches result in less than $1 million in costs and damages. A further breakdown of costs include:
It is important to note that the average insurance payout is approximately $3 million. This is typically because loss of brand reputation and future lost sales after the business interruption is fixed are generally not covered by insurance.
Only after the recent attack on Sony have industries outside of retail, finance, healthcare and hospitality started to purchase privacy and security insurance in material numbers. Even still, less than 10 percent of smaller entities – those classified as generating less than $100 million in annual revenue – actually purchase privacy and security insurance even though risk and exposures continue to increase as technology swiftly advances.
Get to Planning
Organizations should take a fresh look at their evolving cyber exposures and solutions to help weather a storm if a breach occurs. Here are a few tips to get started:
1. Conduct Pre-Breach Education and Planning
It’s important to look at pre-breach planning. Proper planning could impact a company’s ability to respond to a breach. A key component of planning is company-wide education. It is not just about the IT personnel. Education should occur from the board to the basement.
2. Develop an Incident Response Plan
An incident response plan outlines responsibilities, procedures, and a decision tree at a high level if a breach occurs. It’s important to keep a response plan fresh, as technology and the cybercrime landscape continue to evolve. The plan should consider issues at an enterprise-wide level, not just IT security. This includes policies and procedures, employee training and the allocation of liability in contracts with the insured’s partners, vendors and supply chain. The plan should clearly identify cross-departmental responsibilities.
3. Create a Breach Business Continuity Plan
A company is advised to take a hard look at its capability to recover from a breach. Organizations have business continuity plans in place to weather physical perils that shut down operations. The same should be in place for cyber incidents that bring operations to a halt. This means augmenting a company’s business continuity plan to address technology breaches and the responses required to maintain operations.
4. Review or Implement Cyber Insurance
Conduct an assessment to determine the potential need for additional coverage. This can encourage an open dialogue about opportunities to shore up systems and procedures. It can also help identify holes in processes and protocols as well as gaps in insurance coverage that potentially could be filled with cyber insurance.
The range of potential losses resulting from a data breach varies dramatically based on a number of factors, including industry, size, network risk mitigation strategies and the use of outsourced third party providers. Be diligent and aware of your organization’s true exposures and risk, taking the proper steps to prepare and help protect your bottom line.
ALSO ON THE NJBIZ “INDUSTRY INSIGHTS” BLOG:
How the business community can lead the way to a healthier New Jersey
PARCC test is career prep
Should corporations give?