Whether it’s a large corporation, a government agency, or small business, news of cyber security risks today is an everyday occurrence. Recently, the New York Times website was maliciously attacked by a group known as the “Syrian Electronic Army”, and although this isn’t what most companies have to worry about, it is a new twist in the emerging risk of cyber. According to recent figures, 2012 broke the previous record of cyber attacks in terms of the number of reported data loss incidents. With 2,644 incidents recorded through mid-January 2013, 2012 more than doubled the previous highest year on record (2011). What’s even more troublesome is that the extent of attacks is likely to be far higher since about 20% of reported incidents did not disclose the number of records involved.
Cyber risks can result in significant financial loss and reputational damage to an organization. The threat is multifaceted, varying from disgruntled or negligent insiders to external hacking (ranging from individuals and small groups to state-sponsored activity). According to the Verizon Security Consultants 2013 Data Breach Investigations Report, taking the top spot for all breaches in the 2013 report is financially motivated cybercrime (75 percent), with state-affiliated espionage campaigns claiming the number-two spot (20 percent). Breaches in the No. 2 spot include cyber threats aimed at stealing intellectual property — such as classified information, trade secrets and technical resources — to further national and economic interests.
In terms of attack methods, 92 percent used some form of hacking or malware and 29 percent leveraged social tactics. Two-thirds of all breaches took months or more to discover and 96 percent of all initial attacks were not highly difficult to execute.
Furthermore, no matter the size of the business or the industry it serves, all firms are vulnerable to cyber attacks, according to the report. “The bottom line is that unfortunately, no organization [or business] is immune to a data breach in this day and age,” said Wade Baker, principal author of the Data Breach Investigations Report series.
In 2012, victims of cyber attacks represented a wide range of industries. Thirty-seven percent of breaches affected financial organizations, and 24 percent affected retailers and restaurants. Twenty percent of network intrusions involved the manufacturing, transportation and utilities industries, with the same percentage affecting information and professional services firms. Of all cyber attacks, 38 percent impacted larger organizations and represented 27 different countries. “All in all, the large scale and diverse nature of data breaches and other network attacks took center stage for all to see in 2012,” Baker said.
As a result of the risk in cyber attacks and increased awareness, more companies are finally looking to purchase insurance coverage to protect against this risk. According to a report by the Ponemon Institute, Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age, companies are increasingly looking to cyber insurance as part of the solution for managing the risk posed by security incidents to accompany technical protections. Thirty-one percent of companies report having current cyber insurance coverage, and survey results show growth on the horizon. In fact, 39 percent of respondents say their organization plans to purchase a policy. Additionally, more than half with a policy believe it is an essential part of their companies’ risk management programs.
IPOA as part of its comprehensive Hotel Insurance Program that includes Employment Practices Liability insurance makes available Data Breach coverage to limited- and full-service hotel clients. You can obtain a quick on-line premium indication for your hotel clients by visiting our website. The Data Breach coverage, available with our HotelPro program, includes: breach notification and credit monitoring services with separate coverage limits for third party claims; breach response coverage for forensic and legal assistance, and notification costs; bureau credit monitoring services; and crisis management sublimit for public relations; a separate limit of liability for privacy, network security and media claims; and more. It also includes a $100,000 PCI sublimit.