On July 22, 2014, Goodwill Industries became the sixth major retailer to have its systems breached by malware. These breaches likely come from major cyber syndicates rather than individual hackers. With an ever-evolving threat, businesses must do all they can to protect data, lest the goodwill they’ve built for years be destroyed in a flash.
The threatening cyber-security climate demands that every business undertake a comprehensive risk analysis. Without a comprehensive risk analysis designed to prevent a breach, major consequences can follow. Businesses face the high costs of notifying individuals and of rectifying the breach, as well as government penalties, industry penalties and civil liability. And worst, people may simply avoid your business in the future.
Staying in front of the threat and identifying malevolent activity represents a multi-factorial problem for many businesses. Some companies lack the technology and tools to identify threatening activity at all. Others have the technology or tools to monitor their databases and identify threats, but cannot do so quickly enough. Some lack the financial resources to monitor in a manner that meets industry standards. Some lack institutional policies and controls to prevent data breaches. Whatever the reason, lapses invite risk; business must be vigilant in this continuously changing environment.
Adapting your business to minimize the risk of a data breach is no easy task. Laptops can be left at the airport. Cell phones can be stolen. On the more complex side, an SQL database can be injected with malware causing a major data breach. A real and virtual minefield waits.
The right steps to take seem simple. You can hire the right staff, train them, use trustworthy vendors for your software, and put the right policies in place. However, these steps may not be enough to protect your business. Another step to consider is purchasing the right insurance. Today, several major insurance carriers are offering insurance policies to protect companies against liabilities arising specifically from data breaches. Such insurance can be invaluable.
Cyber risk and data breach coverage can come in a separate policy or a rider on your general liability insurance. At a minimum, it can provide a defense and indemnity for liabilities arising from a breach. But that is only a start. Some insurers may offer their policyholders assistance in regulatory compliance and risk-prevention techniques. Some may help you manage the consequences of a breach, if one occurs, and work with your business to notify affected individuals. All of this should be part of a vigilant business’s comprehensive plan for anticipating and dealing with these cyber risks and data threats.