department of defense image

New Developments in Cyber Security Liability

The U.S. Senate Intelligence Committee is working on a bill that would help private companies deal with cyber threats by encouraging communication and information-sharing, reports Reuters. The program would be overseen by the Department of Homeland Security, who would collect cyber data from companies who agree to become part of the network. In exchange, the companies would share in liability protections. This bill has had trouble passing so far, but in light of recent cyber attacks, it represents some much-needed thinking on the subject of cyber security.

2013 – The Year of the Cyber Attack

2013 might be remembered in history as the Year of the Cyber Attack. Retailers were hit particularly hard. Neiman Marcus, Michaels, and most notably Target were the victims of malware attacks that pulled personal data – including credit card numbers, user names and even personal identification numbers (PIN) from customer databases. Investigations by the Justice Department urged a new national standard for reporting cyber attacks, Homeland Security, and the Secret Service were involved in uncovering various breaches, and the FBI warns that more attacks are inevitable.

Target, however, seemed to suffer the most from the attacks. Reuters reported that Target sales and traffic fell sharply at the end of 2013, the company faced  $61 million in costs related to the breach (44 million was offset by insurance) and in March of 2014, Standard & Poor’s (S&P) downgraded Target Corp. (TGT), by one level to “A” from “A+”, according to Bloomberg.com. In early May, Target CEO Gregg Steinhafel resigned.

Cyber attackers aren’t just out for the big boys

The Small Business Administration offers a tipsheet citing a series of statistics on how vulnerable small businesses are to cyber attacks. From website tampering to data theft, businesses that aren’t protected are easy targets. In fact, third-party vendors that have access to larger company’s computer systems are an easy way for hackers and malware to move up the chain from one business to the next.

The best way to protect yourself from hackers? It’s very difficult for small-midsized businesses. Retailers can take advantage of recent advances taken by the, National Retail Federation which recently launched a joint commission where retailers can share information to bolster security industry-wide. The Department of Homeland Security hosts a helpful page on how to deal with cyber security issues Cyber security is such a hot issue, it’s a topic at many association trade shows and webinars these days, so take advantage of any education you can acquire from professionals.

But the truth is, even if you take every measure recommended to you, your business could still be hit by a cyber attack, exposing you to law suits from your customers, business partners, and vendors. And even if you do have insurance coverage, it may not be enough to cover all the expenses you’ll incur from a single cyber attack. Months after the event, Target can’t estimate the end cost of the attack, but says it may be close to $1 billion. Could your business cover a margin like the one Target faced?

Don’t be a Target

Take some steps to help your business avoid a cyber attack. Work with your IT department or outsource partner to understand where your business is most at risk, and take steps immediately to update, upgrade, and upmarket your business to safety. Losing money is bad, losing your customer’s trust is what closes your doors.

Next, talk with your insurance provider and find out what kind of coverage you have against cyber attacks. Consider all eventualities, and if you feel as if your business is susceptible to attacks, you may want to consider additional coverage.

We work with businesses like yours to create a safety net when you need one with captive insurance solutions. If we can help you identify a solution, please contact us.