Blog / Cover Your Assets!! – Are You Aware of Cyber Insurance?
Well it’s a new year and time for something new. Let’s talk about some worst case scenario stuff. Let’s talk about Data Breaches.
There’s plenty you can do to minimize and lower your risks. Pretty much every Newsletter I write contains advice on lowering your potential risks. The simple truth is, you can’t eliminate it. So how EXACTLY do you quantify the business risk of a Breach?
That is easier than it sounds. Figure out how much a potential Breach will cost you. This can be done with basic Arithmetic:
(Number of Records) x (Average Cost per record) = [Approximate Cost of a breach]
A study of Data Breaches in 2017 came up with an average cost of 171 USD (230 CND) per record. It’s worth mentioning that the fines that can be imposed by the DPA, are done on a per record basis (failure to notify, etc.) Also, that a CEO can be directly fined, in the event that a company should fail to follow the rules.
As you can see, even a “small” Breach can get costly very quickly.
As a potential example, assume you’re a Municipality with personal information on your population (for tax purposes, etc.) Even a small Municipality is going to have a population of several thousand. So, assume you have 3000 records and they were stolen:
3,000 records x $230 per record = $690,000
This is an average number. Some Breaches of this size would cost less, others more!
That’s almost 3/4 of a million dollars! 3,000 records is a small Breach, as far as Breaches go. So, you can easily see how quickly the cost of a Breach can become astronomical. This is why Cyber-Insurance was created.
It’s important for organizations to get a proper level of Insurance, to cover potential losses. Some Insurance companies post information about what steps you can take, to reduce your premiums. Some of the things they appear to be looking for, include:
- a) Having a schedule for repeated Security Testing
- b) Having official Policies/Procedures to obtain/disclose sensitive information
- c) Integrating and defining responsibility for Cyber Security roles
- d) Document your Electronic infrastructure
I’m sure there is more you can do; an Insurance corporation would certainly be able to give you more detailed information, but this is a good place to start. As for my own opinion on this, “These are all good things to do, in order to increase your overall Security. So, if they lower your premiums, it’s a Win-Win.”
If you have any questions about Cyber Insurance, you can always reach out to your TRINUS Account Manager, for stress-free IT.
Your Friendly Neighbourhood Cyberman.