What’s In Store for 2015 for Cyber Liability Risks?
A new report from Experian, “2015 Data Breach Industry Forecast”, underscores the growing prevalence of data breaches, the fact that board members and management can no longer ignore the drastic impact these breaches have on a company’s reputation, and the increased demand from consumers for communication and remedies after a breach occurs. Over the last 12 months, since the last report was issued, more organizations have been taking measures to mitigate cyber threats by developing data breach response plans and securing cyber insurance policies. In fact, the purchasing rate of cyber policies has more than doubled from 10% in 2013 to 26% in 2014.
But a lot still has to be done to address cyber risks, and some of the same issues continue, along with a few new trends that we should expect to see in 2015. Here are some of the pertinent top trends for the coming year, according to Experian report:
- Healthcare breaches will continue to grow, as access to a patient’s health information is accessible from a number of points including through electronic medical records and wearable devices. The potential economic gain from selling information garnered from healthcare records makes the industry very attractive to cyber criminals. The issue is further complicated because many healthcare providers, including doctors’ offices, clinics, and hospitals, many not have sufficient enough resources to protect a patient’s protected health information. In fact, early in 2014, the FBI issued warnings to healthcare providers citing that their security measures were not up to par as compared to other sectors. Further, according to the Ponemon Institute, it’s estimated that the potential cost of data breaches in the healthcare industry could reach $5.6 billion. The takeaway according to Experian: Step up security measures or face potential for scrutiny from federal regulators.
- Business leaders are under increased scrutiny. As we have written previously, cyber attacks have shifted from an IT problem to a corporate-wide issue with directors and officers in the hot seat. Business leaders are being held directly accountable for data breaches, with executives at the highest levels under the microscope regarding security posture and breach response from stakeholders, regulators, and consumers. Takeaway: Data breaches need to be managed as corporate-wide risk in 2015, with C-suite level decision-makers taking an active role in data breach preparedness and response.
- Employee mistakes will continue to be companies’ biggest threat. The majority of data breaches come from inside company walls – from human error/negligence and malicious insiders. In fact, 59% of security incidents in the last year result from employee negligence although this remains the least reported issue. Experian sees this as an ongoing trend with people-based breaches continuing to be the leading cause of compromises and receiving the least attention. Takeaway: Organizations need to implement regular security training with employees and foster a culture of security throughout the company.
- Rise in third–party breaches via the Internet of Things (IoT): With increasingly more companies looking to leverage valuable information by gathering, storing, and processing data from billions of objects and devices, there are more points of vulnerability for this information to be targeted by hackers. Experian, as a result, expects to see an increase in cyber attacks initiated by IoT-compromised devices and interconnected systems adopted by organizations. This includes everything from sensor networks and work meters to consumer devices such as routers and NAS storage. Takeaway: Companies need to emphasize risk management and security with third-party vendors that provide or have access to the same information.
The reality of cyber threats affects all businesses throughout every industry and will continue at full force as we enter a new year. The smart thing to do is amp up cyber security measures and purchase a Cyber Liability insurance policy to cover the costs involved when a breach or other cyber incident occurs. At Caitlin Morgan, we can secure Cyber coverage for healthcare providers and others. Coverage can be designed to cover first- and third-party costs, notification expenses and credit monitoring, forensics, and penalties, among others. Call one of our professionals at 877.226.1027 to discuss your insured’s needs and the programs we have available.