By Carl Santa Maria
In 2014, JP Morgan Chase lost control of data in a cyberattack affecting 76 million households and seven million small businesses. Also last year, cyber criminals broke through the firewall at Sony Pictures Entertainment and stole employees’ personal data and corporate correspondence. Between recovery costs and lost business, the cost to mitigate the damage was staggering to both companies and continues to mount as they work to rebuild trust and regain customers.
These are high profile examples, but if you think a data breach can’t happen to you, think again; every company in every industry is at risk.
According to Ponemon Institute’s 2015 Cost of Data Breach Study, sponsored by IBM, in which 350 companies from 11 countries participated, the cost to recover from a data breach is highest for U.S. companies at $217 per lost record. Of the 62 U.S. companies participating, nearly 43% (27) experienced a data breach in 2014 with an average total cost of $6.53 million. The cost to recover is substantially higher in some industries, such as healthcare, with an average cost of $363 per record lost.
While your business isn’t likely as data rich as JP Morgan Chase, your data is equally valuable, your defenses likely are not as strong, and you are less likely to have the resources to recover from a significant breach. So what should you do to protect yourself and your company?
Minimize Your Risk – A breach can occur through the intentional acts of insiders and outsiders, as well as security lapses and employee errors. Assess these three layers of protection and close any gaps:
- Administrative – These are policies and procedures that limit access to confidential data and information and dictate their usage. As technological protection gets stronger, hackers are increasingly targeting the weakest link in the protection chain: humans. Make sure everyone in your organization knows how to detect and prevent what is termed social engineering fraud.
- Physical – How do you securely store or dispose of paper and electronic devices containing confidential data? Your trash can be a criminal’s treasure. Even an old cell phone can be a hacker’s key into your system. A recent study by Kroll Ontrak and Blancco Technology Group found that used electronic devices sold on popular e-commerce sites still contained residual data that could be used to victimize individuals and companies.
- Technical – These are the safeguards within your electronic network: firewalls, intrusion detection, encryption, etc. Every time your IT security team closes a gap in your protection, criminals are finding new ways to slip through. If you are not monitoring your security constantly, you will quickly lose control.
Prepare to Respond – While your administrative, physical and technical safeguards will minimize your risk, odds are you will be victimized at some point. Do you have an incident response plan in place to quickly respond and minimize the damage? More importantly, have you trained your team and tested your plan regularly to ensure it is sufficient?
Protect Yourself – As cybercrime has increased, insurance carriers have introduced coverage to help victims minimize their overall cost and increase the likelihood they can recover. This coverage is still very affordable, however coverages vary widely. It can be very difficult to sort through the nuances between policies. A high-quality risk consultant and insurance broker can help you assess your risks and build a coverage plan that will keep you in business.
The catastrophic consequences of cybercrime end the dreams of unprepared business owners every day, in every industry, in every part of the world. Don’t risk a lot for a little. Protect your valuable data, prepare to respond, and insure what you’ve worked so hard to build.
Carl Santa Maria is Chairman and CEO of Santa Maria & Company (SMC), a risk management consultant and commercial insurance broker in the San Francisco Bay area with deep expertise helping companies protect what is most important to them: their assets, their employees, and their futures. Contact SMC at 925-956-7600 or online at www.smcrisk.com.
Santa Maria & Company: Experts in Risk Management and Providing Peace of Mind