Today’s cybercrimes put your grandmother’s spam email list to shame. According to a 2011 study by Ponemon Institute, the median annual cost of cybercrime for a large company is $5.9 million per year. Ponemon and ArcSight studied the effect of cybercrime on 50 large organizations in various industry sectors in the United States for the “Second Annual Cost of Cyber Crime” study.
Cybercrime is criminal activity conducted via the internet and includes such things as malicious codes, hacks in which private client or company information is made public or stolen and disrupting normal operation. It can be perpetrated by rogue employees, "hacktivists" attempting to make a political statement or a third party seeking financial gain.
Wi-Fi and mobile devices such as laptops, tablets and smartphones pose a new set of risks. Although this technology is crucial to business practices today and allows employees to work remotely, it also means the information is no longer protected by four walls of a secure office building or a secure and monitored internet connection.
Francis cautioned that while having up-to-date technology protection is important, employers and business owners would do well to remember the “human element.” Are employees in public spaces that leave device screens vulnerable to people looking over their shoulders? Are they using unsecure or externally hosted Wi-Fi networks where security levels are unknown? Are their passwords secure? What are they storing on mobile devices? Does a company have full control over how an employee may use a personal device for business purposes, and what happens when that employee is terminated? These questions and more have uncertain answers and might involve the HR department working in partnership with IT.
“Generally speaking, potential exposures are new and undefined, but that doesn’t mean that there isn’t a large amount of exposure,” Francis said. He had the following advice for businesses looking to improve tech security:
- Consult with an attorney about your business’s specific exposures. If you’re not making your wireless internet available to those outside of your company, your risk of dealing with a lawsuit similar to the restaurant owner’s is minimal.
- Don’t overlook the human element when it comes to secure technology. Offer comprehensive training and concrete guidelines for employees.
- Work with agents, brokers and carriers to determine what appropriate coverage is needed and that the risk/reward is understood.
- Know that there isn’t a one-size-fits-all solution to this problem, and that the problem itself is in a state of constant flux. Re-evaluate guidelines and coverage often and don’t adopt new technology without first considering the risks involved.
Wi-Fi, the internet and portable devices aren’t going away, and risks get bigger the more we rely on technology to get through a business day. Ignoring those risks and not insuring them like we do our cars, homes and lives doesn’t make sense. Travelers offers a suite of cyber risk management liability products and coverage solutions that can fit the needs of each customer. “The coverage wall is growing and exciting, but we’re still not seeing as many companies buying this coverage as we ought to see,” Francis said.