Cyber insurance is often purchased by business owners looking to financially protect their organizations against the risk of hacking. With high-profile cyberattacks, such as WannaCry and Petya, still fresh in everyone’s minds, it is no surprise that most of those who purchase cyber insurance do so in preparation for the next major malware or data breach.
However, there is more to cyber insurance than just offering a payout for the damage caused by hackers. Sometimes an organization’s cyber risk might come from within. The carelessness of one employee is all it takes to expose sensitive data to the public.
Accidental data breaches can occur even after seemingly innocuous actions. Employees clicking on a link provided by a dubious phishing email; improper disposal of sensitive files; or even sharing company information with friends – all these things can expose an organization. According to the Beazley Breach Insights report, accidental data breaches account for close to one third of all cyber incidents.
“Sometimes the breach comes from employees who just don’t know the right way to protect data,” said Beazley Breach Response Services Group leader Katherine Keefe. “While there are criminals behind ransomware attacks, it’s often a lack of awareness among employees that opens the door for the criminals to come walking through.”
There are ways to reduce the risk of accidental data breaches, however, as Keefe pointed out. “A company can have the best security systems and yet still be vulnerable to the ever-changing threat landscape from a criminal perspective,” she said.
“But that doesn’t mean you should throw in the towel. There is a lot companies can do with their very own employees, using risk management tools and education campaigns to reduce the threat level from the inside of the company.”
And just like any risk, Keefe explained that accidental data breaches can be approached with a proper plan in place – something that brokers can help the companies they work with to put in place as part of a more rounded service.
“Companies need to have a breach response plan in place so that everybody knows what to do and who to turn to for help in the event of a suspected data breach,” Keefe said.
“They need to think about things like which departments will be impacted, which privacy lawyer will guide the company through the complex legal ramifications, and what forensic teams will help in the result of an IT systems compromise.”