The insurance industry deals with highly sensitive information – and a lot of it: from medical records to banking information to Social Security Numbers. All this information can be a tempting target. With more and more states rolling out cybersecurity and consumer privacy protection laws, the stakes for a cybersecurity are only increasing. Google “costs of a cyber breach,” and you’ll find some seriously scary numbers. But what would a cyber incident cost YOU?
Here’s a simple mental exercise. Imagine if you turned off all your computers for 24 hours: no access to your electronic documents, databases or CRM; no website or social media (in or out); no email – possibly no telephones either. An hour of this may seem like a heavenly break, but after two hours – or ten – what would your employees have to do? What important projects would stall completely? How many clients would be angry? What opportunities would you miss? That gives you just a taste of what losing access to your information and IT systems could cost you. And the 2018 Cost of Data Breach Study by Ponemon cites a mean time to contain a data breach as 69 days. Imagine those computers turned off for more than two months!
Here are just a few of the factors you’ll need to consider when calculating the costs of cyberattack:
Even a suspected breach requires a huge allocation of resources to investigate. You may hire outside experts to handle the tech-y side of things, but they’ll still need participation from your subject matter experts to determine whether data has been corrupted. Additionally, while the investigation is underway, your staff may not be able to access some or all of your systems.
From encrypting your data with ransomware to deleting or scrambling files, cyber criminals have a multitude of ways to make your data unavailable to you. In many ways, corrupted data is more of a nuisance than lost data, since every file must be verified before you can trust it again.
Intellectual Property Compromises
More and more of your company’s most valuable assets are intangible – your intellectual property. Compromised IP not only means the loss of the time, talent and money spent developing the assets, it threatens your competitive edge moving forward.
If you’re lucky, a breach will only damage your data. Some attacks can also damage your hardware. And as buildings get “smarter” with remote control of access and infrastructure systems, serious damage to your physical plant can also occur.
Notification Costs and Fines
Remember those cybersecurity regulations? Most require you to notify everyone impacted by a compromise. Depending on the state and/or the terms of your contracts, you may also be required to pay for credit monitoring or other remediation services. You may also face fines and penalties from state regulators.
Depending on the nature of the breach, you may face lawsuits from those whose data was compromised or from issues that arise as a result of the breach and subsequent business disruption (think breach of contract). Even if you if settle out of court, lost time for company principles and lawyers’ fees can cost you.
Lost Clients and Brand Damage
While you’re busy dealing with the aftermath of a cyber incident, you may not be able to respond to your clients as quickly or as accurately as you would like. Add this to the perception that you’re not taking adequate precautions to insure their privacy, and you’ve given your competitors an instant advantage. If the clients who do choose to leave share the reason why on social media or other ratings platforms, your brand could take a significant hit.
Any business, regardless of its size, value or location can be the target of a cyberattack. Your investment in cybersecurity systems and training – and perhaps in cyberinsurance – may seem a lot, but compared to your potential losses …
For more information on the threats you may face, check on Jeff Melnick’s Top 10 Most Common Types of Cyber Attacks.