Strategic Cost-Saving Opportunities Volume II | Page 9

Of course, the cost can go much higher. In February 2015, Target announced that the gross cost of its breach came to $191 million for the 2014 fiscal year, though its insurance paid $46 million. Your traditional coverage may pay for some of the damages from an attack – but it’s not safe to assume that it will cover all your losses. A recent report from the insurance intelligence organization Advisen noted that the market for stand-alone cyber insurance has been growing. Policies can cover a range of costs from an attack, such as crisis management, communications, and credit-monitoring services for your customers and clients. Click here to request a copy of our cybersecurity infographic. Cyber Insurance: A Tool for Remediating and Preventing Damage Companies that put substantial time and resources into protecting their computer systems can still fall prey to intruders. But even if it’s not your fault that a breach occurs, you still got hacked, says Bill Goddard, a Principal in the Insurance Advisory Services group at Brown Smith Wallace. “There’s a lot of liability that comes along with it. If you’re not buying insurance for this, realize you’re taking on a fairly significant risk,” he says. Procuring this insurance can help you better understand your company’s risk of a data breach and the additional protective measures you should consider enacting. Assess your risk, test your system’s defenses and evaluate your level of preparedness. An insurer may also encourage you to implement an enterprise risk management (ERM) program that addresses your cyber risk. An ERM program addresses all areas of your company’s risk exposure and manages “the combined impact of those risks as an interrelated risk portfolio,” according to the Risk and Insurance Management Society. These programs are rare in smaller and mid-sized companies, which may struggle to find the resources to maintain them. At a minimum, all companies should be performing an annual security risk assessment. A recent study – also by Ponemon – found that the average total organizational cost of a data breach in the U.S. in 2014 was nearly $6 million. Expenses can include: • Investigating and remediating the breach • Notifying customers affected by the attack, as well as regulators • Public relations • Providing identity protection to customers • Discounts or free services to customers affected by the breach • Loss of business, including added customer turnover Cybersecurity // 09 Click here to request a copy of our cyber insurance infographic. bswllc.com