Beyond the IT Department: Cyber Security Becoming a Whole-Company Concern

Published: August 7, 2013 by Michael Bruemmer

Nearly 20 percent of all cyber attacks are aimed at businesses with 250 or fewer employees, according to a recent congressional report. The problem is so pervasive that businesses can no longer afford to relegate cyber security to the IT department and forget about it. Blocking cyber attacks and recovering from a data breach is now a whole-company objective – and if it’s not for your company, it should be, as our latest data breach study indicates.

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age, conducted by the Ponemon Institute on behalf of Experian® Data Breach Resolution, highlights the need for a more inclusive approach to cyber security, and reveals some eye-opening facts, including:

  • Companies quantify the average potential financial risk of a data breach at $163 million.
  • Cyber security breaches cost companies an average of $9.4 million for one or more incidents.
  • Cyber security insurance can help a company guard against future losses, and 70 percent of companies that experienced an incident in the past 24 months say it raised their interest in cyber security insurance.

While the loss in numbers may seem daunting, some survey findings were encouraging, including the fact that companies are recognizing the need to share responsibility for cyber security among all departments in their organizations. “It’s clear that companies see cyber security threats as a significant business liability and we are seeing increased interest from our customers in managing against this risk,” said Katherine Keefe, head of Beazley’s Breach Response Services division.  And, companies are increasingly aware of the impact a cyber incident may have on their business; 76 percent of survey respondents say protecting against a cyber security exploit is more important or as important as safeguarding against a natural disaster, business interruption or fire.

More good news emerges when you consider the number of companies that have cyber security insurance – 31 percent of survey respondents currently have such a policy, and of those that didn’t, the majority intended to buy one in the future. “We have received a great deal of interest in our Cyber Liability product as customers look for new ways to manage their risk. In addition to protecting against financial loss, a Cyber Liability policy provides a security partner to help you access quality resources needed to improve your security posture as well as effectively manage the fallout from an incident,” said Jake Kouns, Cyber Security and Technology Risks Underwriting at Markel Corporation. Policy holders largely say premiums are fair and they would recommend their insurance provider, and they believe the insurance has made their company better prepared to deal with security threats.

Adopting a whole-company approach to cyber security and prevention of data breaches, when paired with cyber security insurance, can help companies mitigate the negative impact of cyber incidents.

[dropshadowbox align=”none” effect=”lifted-both” width=”550px” height=”” background_color=”#ffffff” border_width=”1″ border_color=”#dddddd” ]Download our white paper, Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age, to learn more about the impact of cyber insurance on security and losses.[/dropshadowbox]

Highlights of the study can be found in an infographic, click image to view post.

Legal Notice: The information you obtain herein is not, nor intended to be, legal advice. We try to provide quality information but make no claims, promises or guarantees about the accuracy, completeness or adequacy of the information contained. As legal advice must be tailored to the specific circumstances of each case and laws are constantly changing, nothing provided herein should be used as a substitute for the advice of competent legal counsel.