Cyber breaches are one of the biggest dangers to a business in today’s current climate, with the world awash with furthering technology advancing us into a cloud-based and online-dominant transaction society. More than ever before are companies storing consumer information and details online rather than utilising the age-old system of recording and updating information on paper, a method of a prior year – and, with the benefits of digitalisation, it’s a no-brainer.
Due to the reliance of such technical software and hardware, the number of companies that are seeing their databases hacked or compromised is now at a level more than ever before, causing long lasting implications through loss of data and exposing consumers to additional dangers that would not have been there before. Not only can cyber breaches cause frustration, it can also cause financial frustration in paying out for further additional security, potential insurance payouts and any reputation management required to deal with the aftermath of the breach. In 2016 alone, cyber attacks were estimated to have cost businesses as much as $450 billion (USD) a year globally with insurance companies helping manage these devastating events, paying out $1.35 billion in direct written premium for cyber attacks and related activities.
A study into two different cyber attack scenarios found out that the monetary cost of an attack against a system such as a cloud server could easily cost as much to remedy as would a destructive hurricane – with average losses aggregated to be around $53 billion with the potentiality of being anywhere from being as low as $15.6 billion or as high as $121.4 billion, depending on the different factors in play. Using the same model, a software vulnerability scenario could see losses range from anywhere between $9.7 billion to $28.7 billion. These figures are jaw-breaking, and when considering that the second costliest tropical cyclone on record saw economic losses of around $50 billion to $70 billion, it truly shows the extent of which cyber breaches can affect us significantly.
The global cyber market for insurance companies is currently worth between $3 billion and $3.5 billion, with a predicted value of $7.5 billion by 2020. In recent years, insurance in the cyber sector has been standardised into three different tiers of coverage that an individual can take out. Tier 1 covers breach response only, tier 2 caters for breach response and liability and tier 3 – breach response, liability, business interruption and extortion. Although cyber liability is still at its early beginnings in comparison to other mainstream coverage, the time for a mainstream surge into this sector is likely to hit peak in the next few years as more and more organisations face the threats that’ll appear from under the dark clouds of a cyber breach.
Major cyber breaches have already cost companies millions. In 2013 and 2014, Yahoo saw two major data breaches of their user account data which affected an estimated 500 million accounts on the site and cost the company a $350 million loss in its settled acquisition price to Verizon, from $4.83 billion to $4.48 billion – a figure that could have reached a $1 billion price tag that Verizon had reportedly suggested due to the breach. For a data breach that didn’t include any credit card details or payment information, a little over a third of a billion dollars was ripped from the acquisition price – a figure that doesn’t even include other implicated costs such as the conceited amount spent on business disruption, fines they’ve had to pay out for, other legal costs, their public relations against the eye of the storm, and the loss of customers amongst a whole lot more.
Another cyber breach, which took place in 2011, hit the data-driven marketing company Epsilon hard; to the tune of $4 billion – the most expensive cyber breach ever recorded. Epsilon, whose clients include JP Morgan Chase, Citibank and the U.S. Bank, fell victim to a major database hack that saw the names and emails of millions of individuals exposed and released online for easy picking, with less than desirable organisations capitalising on this leak to use consumer data for fake bank email phishing scams and to promote their products and services – something that those individuals did not opt in to. The price of this cyber breach was so significant because it affected so many prominent company clients, with each client looking to face around $5.5 million in costs through notifying consumers of the breach, settlements and legal fees they’re destined to now pay out, compliance costs and the loss of business. The loss of business for Epsilon may have done significant damage too, with estimates reaching $6.1 million if 1% of their consumers moved their business elsewhere, or $30 million if 5% of their consumers moved. The repercussions for Epsilon is looking to be long lasting, with the company set to be paying out for their mistakes for years to come.
It’s inevitable that a cyber breach can cost your organisation, or an organisation that you know, millions or billions in cash and it’s important you’re aware of the policies that are available to secure your online activities and reduce the necessary payout if something happens to go wrong.
Source: 2017 Report by Lloyds – “Counting the cost: Cyber exposure decoded”
Further Reading:
- Can You Insure Your Business Against Ransomware Like Wannacry?
- Cyber Insurance: A New Era for the Small Business