Other parts of this series:
Insurance executives are kept awake by concerns their cyber security is inadequate to withstand every attack. Threats increase but so does the need to share more with clients and biz partners.
In some insurance circles, the term “sleep insurance” is used to describe coverage that gives business owners and executives some peace of mind that the needs of their organizations will be met if there is a large loss. When it comes to fears of hacking, cyber penetration, data ransom and similar crimes that are becoming all too common, an insurance policy can go a long way toward minimizing the financial hit, and an ever-increasing number of insurers are providing such protection.
No policy, however, can begin to repair the sense of betrayal, helplessness and reputation damage that accompanies a large-scale breach. Just as an organization needs coverage, it needs protection even more.
Cyber attacks moved into the public eye once again this summer, with attacks on the Democratic National Committee and Hillary Clinton’s campaign, thought to be the work of Russia. Two years ago, a hack of Sony Pictures Entertainment and the subsequent release of embarrassing emails that filled the media caused the company to set aside $15 million to cover ongoing damages and led to the unseating of Co-Chairman Amy Pascal. That hack was allegedly the work of North Korea in response to an unflattering depiction of Supreme Leader Kim Jong-un in a movie. While the motive for a cyber attack is often money, it may also be to embarrass, coerce or even bring down an organization.
Out of the public eye, insurance executives have been quietly dealing with attacks on their own systems. In fact, a 2014 Accenture survey found that 59 percent of insurance executives around the world reported their organizations experienced significant attacks that tested the resilience of their IT systems on a daily or weekly basis. Yet only 43 percent of them believed their cyber defense is fully functional.
Those statistics are chilling – but it gets worse. Accenture’s 2016 Tech Vision for Insurance survey found that 49 percent of the insurance executives are suffering from twice as many data breaches as they had just two years before – and that 78 percent agree that they are not prepared to handle all this cyber risk.
That’s a recipe for sleep deprivation.
What are some of the risks surrounding cyber attacks?
- Business resiliency. Running any business in a highly connected world requires a delicate balance between the access needs of business partners and the protection needs of the organization. Savvy executives realize that attacks on their own or a partner’s system could bring business to a hard stop, and have an effective continuity plan or plans to keep running in the face of any successful cyber attack.
- Data theft. Insurers, like most in the financial services and medical industries, are entrusted with particularly sensitive client data. Whether it is medical histories whose improper release is governed by HIPPA laws, or Social Security numbers whose theft can be accompanied by identity theft, keepers of such data have additional pressure to keep information safely out of the hands of cyberthieves. Otherwise, the event could be plastered across the pages of the Wall Street Journal and other news media.
- Social media. Reputations are also skewered through the tweets, Facebook and other social-media postings—with or without a factual basis—and executives may not be aware of such postings until they severely damage a company. Conversely, social media may offer a way in to breach a company’s systems. Increasingly, insurers are offering insurance protection from such problems, but that doesn’t make them less worrisome for insurance executives.
In my next post, I’ll provide suggestions on how to get more sleep.
To learn more, download “Business resilience in the face of cyber risk”