The Equifax data breach — which may have exposed the credit card and social security information of as many as 143 million U.S. customers — doesn’t just have consumers concerned: Businesses are realizing their vulnerability to cyberattacks and the potential far-reaching impacts and financial consequences.
Data breach, top risk for businesses
Equifax, a U.S. consumer credit reporting agency, announced the cybersecurity incident late last week, causing shares to tumble as much as 14 percent. Per the announcement, criminals exploited a U.S. website application vulnerability to gain access to information — including names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license and credit card numbers.
And while Equifax is unique in that its entire business model essentially runs off highly-sensitive customer data, most businesses have such data stored either on customers or employees — particularly when it comes to personal insurance and claims data, much of which mirrors the information confiscated in the Equifax breach. This means essentially no company can be too cautious.
Cybersecurity is consistently named a top risk for businesses — with cybercrime costing the global economy an estimated $445 billion annually, according to a report from the Center for Strategic and International Studies called, “Net Losses: Estimating the Global Cost of Cyber-Crime.” In this unfortunate environment where cyber attacks are seemingly “when” more than “if” events, organizations are obviously looking for ways to minimize the impact of a cybersecurity breach on their businesses.
Naturally, companies think of turning to insurance for help reducing potential damages, but securing cyber-liability policies is no simple task because insurers are struggling to accurately underwrite these risks, according to information from the National Association of Insurance Commissioners (NAIC). That being said, companies need standards and processes in place to reduce cyber risks and the associated damages — for both risk mitigation and cyber-liability insurance eligibility purposes.
According to NAIC, insurers will likely want access to businesses’ disaster response plans so they can evaluate their risk management of networks, websites, physical assets and intellectual property; details around how employees and others can access data systems; and information about antivirus and anti-malware software, the frequency of updates and the performance of firewalls.
How risk management technology aids cyber-security efforts
The right risk management technology can actually help with several pieces of the cyber-security puzzle facing businesses today — particularly, lessening the burden on your IT department and improving your disaster response processes.
For instance, truly integrated risk management technology can replace innumerable applications (from enterprise risk management and Sarbanes-Oxley solutions, to claims management and compliance and regulatory management solutions, to health and safety management solutions).
With fewer applications or systems to manage, and less burden on your internal server, your IT department might actually have more time to focus on broader and more impactful cyber-security efforts. This is really just the tip of the iceberg in terms of what risk management technology can do for your IT department and cyber-security.
As for disaster recovery plans, risk management technology can automate the the entire disaster response process: Should a cyber-security breach occur, the system can automatically put the disaster response plan in motion — alerting stakeholders of the event and next steps accountable individuals need to take.
Not only will a well-oiled and timely approach likely help with reputation management in such scenarios, it could help with compliance, too, as requirements are increasing globally for how data and subsequent breaches must be handled.
Risk management technology serves to help organizations with the wide array of risks facing their businesses today, including cyber-security. Read our blog later this week regarding the four security-related questions to ask your tech vendors to make sure they are keeping your data secure.