Cyber Security Is Crucial. Learn the Fundamentals to Limit Your Exposure.
Cyber security breaches have been increasing in both number and scale. Global losses to cybercrime are projected to reach more than $6 trillion annually by 2021, making it more profitable than the entire global drug trade.
With all of the well-intentioned advice out there about cyber security, there are a lot of misconceptions companies have about how to protect themselves against this increasing threat. In the video above, President of ProWriters’ Brian Thornton debunks the most common myths surrounding cyber security basics. With 20 years of experience in the industry, ProWriters can give you the tools you need to limit exposure and mitigate risk from cyber attacks.
Common Misconceptions: Mastering Cyber Security Basics
Because cyber security is a complex topic, there are many misconceptions about how to best protect businesses from a cyber attack. Debunking the myths and understanding the basics is an important step to managing your exposure. Below are the basics every broker and every business owner should know about cyber security.
PII/PHI Opens Companies up to Third Party Exposure
Companies that handle a lot of Personally Identifiable Information/Personal Health Information (PII/PHI) have an obvious liability exposure. But contrary to popular belief, even companies who don’t have very much PII/PHI still have a third party exposure. As Brian explains in the video above, hackers can attack a company via a third party vendor, and such instances could result in lawsuits against the affected company for negligence and damages.
The Home Depot and Target breaches are two cases that illustrate this. Both instances involved hackers obtaining the credentials of a third party and using those credentials to invade each company’s system, deploying malware and stealing personal information.
Technology Is Only Part of the Solution
A common misconception Brian covers in the video above is the idea that investing in technology protects against all cyber security breaches.
While technology can play an important role, it’s only part of the solution, and no technology is 100% effective against cyber threats. A recent study concluded that nearly half of the top antivirus scanners failed to detect malware when it was installed. One third of antivirus scanners still did not detect malware samples two months after infection.
With these exposures left by technology, insurance is an important part of protecting companies from cyber attacks. As the video explains, cyber and privacy liability insurance mitigates exposure and covers the gaps left by cyber security software and technology, ultimately limiting liability in the event of a breach.
PCI Compliance Doesn’t Guarantee Security
PCI Compliance refers to the Payment Card Industry Data Security Standard. Any company that accepts credit card payments, regardless of size, falls into this category. As Brian points out, many companies who are certified as PCI-compliant believe they are completely secure. Compliance is an important aspect of cyber security, but it’s still only one part of a larger picture. PCI compliance just means a company was certified compliant on the day they were audited; it’s not necessarily indicative of 24/7 security.
As many companies have learned, being PCI-compliant isn’t a foolproof solution. A great example of this is Heartland Payment Systems, which experienced a major cyber security breach even after six consecutive years of PCI compliance. Heartland Payment Systems isn’t a rare exception; many of the major retail credit card breaches in the news today happened to companies that were PCI-compliant. In short, while PCI compliance is part of cyber security, it doesn’t equal cyber security.
Cyber Insurance Covers More Than Many People Think
While some businesses believe cyber insurance does not cover much, in reality, cyber insurance policies can be broad and comprehensive. Companies tend to run into issues with insurance when they try to use general liability policies, E and O policies or fidelity bonds to cover data breaches, which they were not designed to do. A cyber insurance policy is specifically designed to protect businesses from a wide range of cyber exposures.
The quality of the coverage also matters. There are rare instances in which a business is denied coverage under cyber policy, and in most of these cases, the business did not consult an expert like ProWriters and opted for cheap, inadequate coverage. And as these companies quickly learned, going for the cheapest coverage may actually end up being the most expensive option in the event of a breach. Cyber policies today have never been more comprehensive and can address significant exposures, so it’s important to choose the one that addresses the right exposures.
Liability Cannot Be Outsourced
As Brian emphasizes in the video, outsourcing services like payment processing is not the same as outsourcing the accompanying liability. Businesses have a legal liability to their customers, and in the event of a breach, they are required to:
- Alert their customers of the breach
- Notify the appropriate regulators
- Offer credit monitoring services to their customers
- Cooperate with and provide support for investigations
Furthermore, a standard contract with a payment processor or processing bank often limits the liability to fees paid to that processor over the last three to six months—which is minimal in the context of even a small breach. Any time a customer does business with a company, that company is legally liable, even if they outsourced payment processing.
The Best Cyber Security Is Holistic
As Brian Thornton mentions in the video above, cyber security requires a holistic approach to be effective. There is no silver bullet for preventing cyber security breaches, and companies both big and small can be the target of a cyber attack. Beyond things like technology and compliance, companies with the best cyber security will also have:
- Employee awareness and training
- Cyber security policies and standards that are clearly defined
- Mitigation measures in the event of a cyber attack
- Cyber insurance coverage
Understanding the common misconceptions around cyber security basics is an important step to managing cyber risk. ProWriters brings 20 years of expertise to this area and is here to help. To learn more about how our services can work for you, please book a call with us today.