Why Cyber Insurance?
With the costs associated with running a business continuing to escalate, additional expenses are hard to justify. Cyber insurance is one of those costs most businesses will gamble on and decide to throw the dice to remove it from the expense sheet.
A PWC white paper says that cyber insurance premiums will reach $7.5 billion dollars by 2020. It further says that “cyber-crime costs the global economy more the $400 billion dollars a year”.
This is big money and it will only continue to intensify over time. When evaluating the risk associated with systems being compromised by brute force and phishing attacks, cyber insurance can mitigate cost exposure for a business.
Remember, it is no longer if, but when your system will be compromised.
The cyber thieves have found a nice ‘honey hole’ to Phish, in real estate and title companies. They will continue to Phish because it has been a very lucrative endeavor. To gain an understanding of what happens when there has been one incident of a compromised system by a phishing campaign, read on!
The costs for a breached account can spiral quickly. The first expense is to perform a computer forensic analysis. Computer forensic analysis determines how the cyber thieves initially gained access, how far into the system they gained access to, and how broadly and deeply the exposure is the compromised system. One computer has a potential cost exposure of between $10-$20k.
Let’s assume the computer and the compromised account had Personal Identifiable Information (PII) available for access. Evidence of breached PII requires that the account and computer be scanned to determine the breadth of information that could be accessed. It doesn’t even matter if the cyber thieves didn’t access the PII. It is assumed that since they gained system access, they did obtain PII. Add another $20-$30k.
If the PII in the compromised system is in a PDF file as a rasterized image, the forensic company has to manually read the file and record the contact of the PII. Why? There are legal and regulatory actions necessary, requiring companies to notify anyone who’s PII has been compromised stating that their personal information may have been accessed by unauthorized personnel. How many documents are in PDF format in your company? Add another $25-35k.
Attorneys are needed throughout the entire process to assist in documenting the procedures to identify PII and guide companies through the legal and regulatory requirements for the notification process. Add another $40-$50k.
One incident could have a potential price tag of $95-$135k. This estimate does not include the internal resources used to support the data collection and manage the process.
Cyber insurance premiums are going to increase and so are the attempts by the cyber thieves to compromise your systems. It will continue to be difficult to assess risk based on your business, but understanding the consequences can assist in your decision.
The best offense against cybercrime is a good defense. Read our article: Phishing: Preventing the Bait and Hook in the Pond of Security for Brokers for some tips on how to reduce your risk of cyber fraud.
Contact the WAV Group to provide some preventative medicine through education, best practices in security techniques, and to evaluate any potential gaps in your systems and processes.