Companies’ awareness of “cyber” risks has increased significantly because of large and highly publicized data security breaches, such as Target and Home Depot. Companies are starting to more proactively manage the risk of data security breaches by strengthening their IT defenses and, in many cases, buying cyber insurance. However, many do not realize that data security breaches are just the tip of the cyber-risk iceberg. Because nearly our entire economic system depends on electronic devices, machinery and infrastructure that is connected to the internet (i.e., the “Internet of Things”), the potential exists for much larger scale hacking attacks that could control, damage, destroy or shut down many of the systems on which we rely to conduct business. Some of this risk is covered by cyber insurance, but much of it is not. Proactive and effective “Enterprise Risk Management” will be vital to companies seeking to protect themselves against these growing risks. Businesses should carefully review their unique risk profiles, indemnity contracts and insurance policies (including their non-cyber “traditional” policies) to identify and mitigate their exposures.
We have all heard of the large scale attacks on Target, Home Depot and more recently, Ashley Madison. The news generated by these cyber attacks has contributed to the public’s increasing awareness of the large volumes and types of personal information that companies are holding about their customers. To protect themselves against some of the losses that such data security breaches may cause, many companies have prudently responded by buying “cyber insurance.”