The cyber-attacks keep coming. In mid-June, the hacker group Anonymous took down the websites of a number of Canadian government organizations, including the Senate, the Justice Department, and two spy agencies.
In the U.S., suspicion has fallen upon the Chinese government for the theft of personnel data from the Office of Personnel Management (OPM) – now acknowledged to include the names and Social Security numbers of as many as 22 million present and former government workers, their relatives, and even people who may merely have applied for a job with the government.
These problems point up the importance of effective cyber security measures, as well as cyber insurance. In some ways, government IT operations are more, rather than less vulnerable to such incursions. Unburdened by bureaucracy and the effects of external budget decisions, private sector companies can move quickly to update protective measures, and, as we have discussed, they can take enterprise-wide measures to ensure that all employees follow security protocols.
Importantly, companies in the private sector can purchase protection through cyber insurance, an option not open to government agencies. Cyber insurance is typically as much about risk management as it is about coverage; insurers, through their collective experience, can help companies protect themselves against the different types of incursions, from Anonymous-type pranks to sophisticated attempts to steal valuable data.
The need for such protection is growing all the time. In July, a report from the University of Cambridge Centre for Risk Studies and Lloyd’s of London estimated the possible losses from an organized attack on the Northeastern US electrical utility grid at $250 billion to as much as $1 trillion in the most extreme scenario.