Projecting electronic information against attack or theft is becoming a paramount concern among all businesses these days, especially in the transportation industry, which is increasingly reliant on digital connections for a wide range of operations.
“Every company that collects, stores or transmits private information has a cyber security exposure [and] for trucking and transportation businesses, that could include employee and customer information,” Ken Goldstein, VP and worldwide cyber security manager for the Chubb Group of Insurance Companies, told Fleet Owner.
From a legal perspective, the loss of that information might result in civil lawsuits including costly defense expenses and the potential for damages,” he added. “From a regulatory perspective, a data breach may lead to fines, penalties and consumer redress funds.”
That’s why Chubb and other firms are now offering what’s known as “cyber insurance” as a way to help mitigate losses due to the destruction and/or theft of electronic data by hackers and others.
Goldstein also added that Chubb’s research indicates that only about one-third of private companies have an incident response plan for data breaches, further increasing the potential damage cyber criminals could cause them.
That’s why insurance is being viewed as a way for businesses to reduce the potential fiscal fallout from cyber attacks, he said – pointing to the 2013 Cost of a Data Breach Study conducted by the Ponemon Institute that found while the average cost of a data breach is $188 per compromised record, having an incident response plan could reduce that cost by $42 per record.
Indeed, another Ponemon study conducted with Experian Data Breach Resolution found that companies now rank cyber security risks as greater than natural disasters and other major business risks – yet only 31% of companies are currently insured against cyber attacks.
Companies in the Ponemon/Experian survey acknowledged the potential financial impact associated with security breaches, as well. Of the 56% that had breaches, they reported an average cost of these incidents as $9.4 million in the last 24 months. However, these costs are only a fraction of the average maximum financial exposure of $163 million that the companies surveyed – breached or not – believe they could suffer due to cyber incidents, said Michael Bruemmer, Experian’s VP.
“We are reaching a tipping point where the majority of companies we surveyed now rank cyber security risks as high as other major insurable business risks,” he added. “We anticipate that demand for cyber security insurance is likely to increase in response to evolving breach response policies.”
It's becoming more and more common for cybercriminals to use dedicated malicious software to launch attacks on corporations, eschewing widely-recognized malware tools and making it harder to detect and repel intrusions. As a result, companies have more stringent requirements for their corporate security solutions, noted Kevin Bailey, research director for EMEA software security products and services policies for software system maker IDC.
"The sophistication and complexity of the attacks increases the need for advanced anti-malware offerings that appreciate the multiple attack points – web, network, device, etc. – used to infiltrate the endpoint and minimize the resources needed to thwart these attacks and protect the asset, be it device and data," he explained.
That’s why Chubb’s Goldstein believes transportation companies, whether they decide to buy cyber insurance or not, must recognize the potentially serious damage data breaches can cause.
“Transportation companies need to take the same steps that many other companies do to mitigate the risks associated with a data breach,” he said. “Have a written information security policy, make sure there are administrative and technical measures incorporated to safeguard private information, and plan for the back-end which would include an incident response plan and defined resources.”
Goldstein also stressed that developing a data breach incident response plan requires a commitment from senior management to dedicate the resources – both internal and external – that it may require.
“From an internal perspective, trucking and transportation executives will need someone to lead the company at the point of responding to a breach,” he explained. “Externally, post-data breach vendors and outside counsel – with network security and privacy expertise – will be needed, at a minimum, to help with a number of activities such as forensics, notifying customers and credit monitoring services.”