On April 20, 2011, someone hacked the Sony Playstation Network. They found an opening in the online video gaming network's password-reset system and penetrated the security protecting its customer database. Days later, the company admitted that the hackers had obtained personal information on 70 million or more subscribers. The hackers got names, physical and email addresses, birthdates, and other identifying information, and it's possible that they got credit card numbers. Sony took the network offline to reinforce it, but within days of it coming back online, hackers broke in again.
Playstation Network is a high-profile target with tens of millions of subscribers, making it attractive to criminals. However, even small businesses that do business over the Internet are vulnerable to the same kinds of intrusions. The federal Internet Crime Complaint Center referred more than 146,000 complaints to local, state and federal law enforcement agencies in 2009, 22 percent more than the year before. One out of every three of those complaints was for identity theft, credit card fraud and computer fraud. The Ponemon Institute has reported that the average data breach costs businesses $7.2 million.
What could happen to a business's data?
Over a seven-year period, a Georgia man stole 675,000 credit card numbers and associated information. He racked up thousands of fraudulent transactions and bills exceeding $36 million.
A Texas man received a 110-month prison sentence for hacking into 14 computers in the hospital where he worked as a security guard. He disabled network security systems, installed malicious software, infiltrated a nursing station computer containing patient medical records, and gained remote access to temperature-control systems.
The FBI caught a North Carolina man in the act of attempting to access an ATM in 2010. The man had planned to hack into 35 ATM's located around Houston, Texas in the hope of pocketing more than $200,000.
When consumers and business owners give their credit card numbers and other personal information to a business or organization, they expect that this information will stay confidential. They will hold the organization responsible if they suffer financial harm because their information fell into the wrong hands. The organizations that lost the data face the potential for large jury awards or out-of-court settlements. To protect themselves, they should consider buying cyber liability insurance.
One insurance company advertises a cyber liability policy that provides coverage for expenses such as:
- Damages to third parties caused by a network security breach
- Loss resulting from administrative or operational mistakes made by the business's own employees or by outside vendors
- Expenses resulting from a breach of consumer protection laws, such as HIPAA or the Fair Credit Reporting ActCosts of notifying customers of a breach
- Public relations expenses necessary to repair the business's reputation
Nearly 30 insurance companies currently offer cyber liability policies. If an organization's insurance broker does not have direct access to a company that offers the coverage, he may be able to obtain it through a specialty broker. Business owners should work with their brokers to determine what types of policies might meet their needs.
To prevent or reduce losses and to make themselves more attractive to insurance companies, businesses should:
Implement strong network security systems, and continually monitor and update them as neededDevelop plans for responding to any network intrusion events that do occur. A sound plan identifies who should be involved in the response, has procedures for notifying affected customers and authorities, and has a public relations strategy for keeping the public informed.
The majority of businesses and organizations operating today are vulnerable to unauthorized intrusions into their computer networks. The potential costs are more than most organizations can fund on their own. Cyber liability insurance is a smart investment that can literally save a company.
Interested in finding out what the cost may be?