Reputational Risk, Brand Value Growing Cyber Exposures
The massive data breach that hit retail giant Target over the holidays made headlines and is still making news because of its widespread reach and implications. In fact, at a Senate committee on February 3rd, Target publicly apologized, saying it was deeply sorry for the massive data breach it suffered and that it was determined to win back customers’ trust. Before a U.S. Senate Judiciary Committee hearing probing the data breaches, John Mulligan, Target chief financial officer and executive vice president, said: “I want to say how deeply sorry we are for the impact this incident has had on our guests—your constituents…We know this breach has shaken their confidence in Target, and we are determined to work very hard to earn it back.”
Approximately 40 million credit and debit card records were stolen from the number-three U.S. retailer, along with 70 million other records with customer information such as addresses and telephone numbers. And, while Target has said that none of its customers will be liable for fraudulent charges as a result of the breach, as its statement to the Senate committee reflects, the potential damage to its reputation and brand value is significant.
Today, cyber risks, including issues involving loss of reputation, are gaining traction among company risk managers as serious threats. According to Allianz’s 2014 Risk Barometer, which surveys over 400 corporate insurance experts from more than 30 countries, cyber and reputational challenges are increasingly seen as major business risks. Cyber risks moved up from eighth position to fifteen in the Risk Barometer, and loss of reputation moved up four positions and now ranks sixth, following business interruption/supply chain, natural catastrophes, fire/explosion, legislation and regulation changes, and market stagnation/decline. According to the Allianz report, risk managers worldwide are increasingly on red alert about the threat that fast evolving, high-tech perils pose. Furthermore, the report underscores the impact a significant negative image can have on the price of products and stock (for public companies) and the ability to hire top talent. What’s more, social media has a snowball effect when a breach occurs, with stakeholders instantly spreading the news and exacerbating an already challenging situation for companies that have been hacked.
Managing Privacy Risks, Reputation Damage
Cyber risk and reputational damage is managed by having the proper insurance in place in addition to strong risk management, transparency and communication protocols. When it comes to insurance, a Cyber Liability policy is designed to provide coverage in the event personal or financial data of employees or clients is stolen. It an be designed to cover damage awards or settlements, legal defense bills, forensic investigation costs, notification and remediation expenses. It can also protect a company against the costs generated by an accidental transmission of computer viruses or other malicious code that harms another party. In addition, many companies provide crisis management under their Cyber Liability policies, including public relations/reputational management services.
Moreover, all size companies as well as privately held companies and nonprofits across all industry sectors are vulnerable to cyber threats. In fact, according to the 2013 Verizon Data Breach Report, three out of four companies attacked in 2012 were organizations with 100 people or less.
Caitlin-Morgan provides Cyber and Privacy solutions in addition to other critical liability policies, such as Directors & Officers, Professional Liability Fiduciary Liability, and Employment Practices Liability. Please give us a call at 877.226.1027 to find out how we can assist you in helping your insureds stay protected.
Sources: Allianz Risk Pulse, Verizon, CNBC