Is corporate cyber crime inevitable?
View the video here on your mobile device.
This video first ran in June 2011.
Narrator: The World Wide Web is a vast, borderless landscape, leaving all organizations open to some type of data exposure. The April, 2011 Sony data breach, which affected nearly eighty-million people, is an example of how even the biggest corporations are susceptible to cyber attacks. In fact, a 2009 survey conducted by the Computer Security Institute, found that 43% of U.S. businesses experienced some kind of cyber crime. Larry Racioppo, Executive Liability Practice leader with Towers Watson, says that cyber liability insurance is crucial for businesses of all sizes.
Larry Racioppo: I think a lot of the technology firms, a lot of the health care firms, and even a lot of the financial institutional type firms were the early purchasers of the product. But really, when you talk about cyber liability, it goes well beyond even those firms to really all industries of all sizes because they do have a lot of data and organizations probably have more data then they need; and in that regard they have a significant cyber exposure.
Narrator: According to the Towers Watson 2011 Risk and Finance Manager Survey, companies are obviously concerned with the data exposure, but it is the optics of the aftermath of the breach that concerns them most.
Larry Racioppo: Reputational risk is by-and-large their biggest concern. So, a public relations firm is something these policies can assist with, and a lot of the other triage to help in that regard: Legal counsel. Like I say forty-six states have privacy laws that need to be complied with and again, internally, companies generally don’t have that expertise. When an event finally happens having those resources available is something that can be invaluable.
The reality is, you may not be able to stop cyber crime, but you certainly want to do as much diligence as you can so in the event of a breach, and ultimate suit, you are in a better position to defend yourself. Certainly doing nothing is not a good defense. So, whether it’s engaging with risk assessment firms, risk mitigation firms, trying to work with an insurance broker or consultant in terms of trying to quantify the risk and also transferring the risk, I think are all companies should probably be doing more of to help in that regard.
