This article first appeared in THE LEGAL SIDE OF TECH on CIO.com here.
Cybersecurity and privacy continue to make headlines. Experts have more questions than answers addressing risk management concerns in the evolving cybersecurity market.
On March 7, 2017, the CIA got doxed by the anti-secrecy organization WikiLeaks. Nearly 9,000 documents appeared online showing the CIA sought to observe conversations, online browsing habits and other activities by infiltrating the systems that contained them, such as Apple and Android smartphones, laptops, TVs and even cars. The government is not alone.
Nearly every industry that handles sensitive data has been breached recently:
Third-party vendors remain a growing source of concern. Companies are well-advised to look beyond their own cybersecurity policies and standards to the potentially bigger risk that arises from giving third-party vendors direct access into their systems. Indeed, low-tech threats like errors by vendors’ employees represent an often-overlooked danger to company data security. Newer technology trends such as enterprise-level SaaS provisioning and cloud data storage and processing offer new possibilities and perils alike.
Given the inevitability of cybersecurity breaches, companies are increasingly looking to insurers to offset the losses they are likely to face after suffering an attack. However, because the cyber insurance market is young and growing rapidly, the scope and availability of policies is still fluid. Companies should carefully review the specifics and limits of coverage. According to one source, most questions right now are focused on coverage for business interruptions and losses related to fraudulent transactions.
Smaller companies may face even bigger challenges. Few small companies have the staff or the resources to actively manage cybersecurity risk, and many assume that their business risks are small. Despite their smaller size, these businesses will incur the same level of breach-related costs as larger companies.