In today’s world, information technology drives the global economy. Imbedded in our insatiable appetite for newer and better technology are enhanced, and ever-evolving, cyber risks. Hackers, disruption of service, compromised confidentiality of trade secrets and intellectual property, loss or theft of financial data, and publication of personally identifiable information are modern-day realities. Balancing the value of information sharing against the cost of information management is no easy task.
As information technology (IT) becomes increasingly specialized, more and more businesses—from large corporations to small family-owned firms—are outsourcing various IT and cybersecurity functions. Data storage, website design and maintenance, and data and credit card processing are all commonly outsourced functions. Although reputable vendors are prioritizing security, the outsourcing of IT and related functions adds additional layers of risk to the already-complex cyber risk landscape. Even non-IT vendor relationships affect the company’s cyber risks. Consider the Target, Home Depot, and Goodwill breaches. The Target breach began as a malware-laced phishing campaign, directed at Target’s heating, ventilation, and air conditioning vendor, which gave hackers access to Target network credentials and allowed them to breach the nationwide system.[1] Home Depot experienced an almost identical attack less than a year later,[2] while Goodwill’s internal system was infiltrated undetected for almost 18 months through a retail point-of-sale vendor.[3]
As data breaches continue to dominate the headlines, corporate America is working to understand and better manage cyber risks. With this heightened focus on cyber risk management, the insurance industry has seen an increase in the purchase of cyber coverage. In 2014, procurement of cyber policies rose 32 percent among U.S.-based clients of mammoth brokerage firm Marsh & McLennan, and early quarter statistics projected similar growth in 2015.[4]