Data breaches only tend to make the headlines when hackers target huge global companies with ransom demands.
Ransomware attacks in the US continued to rise in the first half of 2017, up by 50% over the first half of 2016, according to Beazley Breach Insights - a report based on client data collected by specialist insurer Beazley.
Celebrate excellence in insurance. Nominate a worthy colleague for the Insurance Business Awards!
However, something that never makes the headlines is the amount of accidental data breaches caused by employee error or data breached while controlled by third party suppliers. Accidental breaches made up 30% of breaches overall, according to the Beazley report.
“Sometimes the breach comes from employees who just don’t know the right way to protect data,” said Katherine Keefe, leader of the Beazley Breach Response Services Group. “While there are criminals behind ransomware attacks, it’s often a lack of awareness among employees that opens the door for the criminals to come walking through.
“A company can have the best security systems and yet still be vulnerable to the ever-changing threat landscape from a criminal perspective. But that doesn’t mean you should throw in the towel. There’s a lot companies can do with their very own employees, using risk management tools and education campaigns to reduce the threat level from the inside of the company.”
Accidental data breaches can occur through seemingly innocent actions like dumping paper data in an ordinary dumpster rather than putting it through a shredding bin, or clicking on a link contained in a malicious phishing email – all actions that can be curtailed with the right risk management and education programs in place.
“Companies need to have a breach response plan in place so that everybody knows what to do and who to turn to for help in the event of a suspected data breach,” said Keefe. “They need to think about things like which departments will be impacted, which privacy lawyer will guide the company through the complex legal ramifications, and what forensic teams will help in the result of an IT systems compromise.
“With our program at Beazley, we have assembled all of those resources as part of the insurance coverage, so that when an incident happens, a company with our policy can activate their breach response plan quickly and get the investigation up and running. Time is of the essence as most regulatory agencies require a very expedient and quick response to a suspected data breach.”
The temperature of the regulatory landscape across the US is something brokers need to stay on top of, according to Keefe. In the past five years, regulators have been increasing the amounts of fines and penalties levied against US companies, especially to those who fail to react in line with data breach laws.
Ransomware is a crime model that’s “not going to go away and will unfortunately probably increase,” commented Keefe. There’s not much companies can do about this. But they can certainly curb the amount of accidental breaches, and the insurance industry can step up to help them.
Beazley speaks on overseas focus
Beazley beats expectations as it reveals results