Could you survive
How cyberrisk insurance
can help your business
prepare for the worst
Insult to Injury The lawsuits that often follow a cyberattack can be just as devastating as the attack itself.
In December 2011, computer hackers
broke into the network of Stratfor, an
Austin-based company that provides
global intelligence services to individuals
and businesses. The damage was staggering. The hackers stole information
related to 90,000 credit card accounts.
Five million email messages were stolen
and subsequently published by
WikiLeaks. The attack also destroyed
four of the company’s servers.
In a surprisingly forthcoming video
message to the company’s customers,
Stratfor founder and CEO George
Friedman explained in great detail the
particulars of the attack. He said, “We
knew our reputation would be dam-
aged, all the more so because we had
not encrypted the credit card files. This
was a failure on our part. As CEO of
Stratfor, I take responsibility. This fail-
ure created hardship for our customers,
and I deeply regret that it took place.”
Apparently, that apology wasn’t
enough. Stratfor was hit with a class-
action suit from its customers for more
than $50 million in damages.
Stratfor’s case demonstrates the
unfortunate fact that if your company is
hacked or fails to protect privacy data,
you should not expect sympathy from
your customers. In fact, you should
brace for a lawsuit.
One way companies can prepare is
by buying cyberrisk insurance. Though
it has been around since the mid-’90s,
cyberinsurance has only recently started
to work its way into the mainstream
and is now offered by companies such
as the Hartford Financial Services
You’re not immune: Nearly 40
percent of all targeted cyberattacks
take aim at businesses with fewer
than 250 employees.
Group and Travelers. The insurance
protects organizations from the fallout
that often results from the inadvertent
disclosure of their customers’ confidential information, such as Social Security
numbers or bank account information.
It can cover you for damages and loss,
as well as court costs, should your
customers or employees decide to file
suit against you in the event their information is leaked.
“We have seen more demand for
[cyberinsurance] across all industries
and business sizes,” says Tim Francis,
enterprise cyberlead for Travelers. “More
and more people are aware of their expo-
sure and have really started thinking
about what is the right insurance for that.”
The high costs of dealing with secu-
rity breaches have helped fuel demand
for cyberrisk insurance. The average cost
of dealing with a single security breach
was $3.7 million, according to a 2012
study performed by NetDiligence, a
cyberrisk-management firm. The biggest
component of that cost was legal fees,
which averaged $582,000 per incident.