It was only a matter of time before the demand for insurance to protect against loss from cyber attacks would surge. This insurance is not new, but with the rash of high profile data breaches, businesses realize they need protection. Insurance companies are selling a lot of cyber insurance policies to small, medium and large businesses.
Experiencing a data breach is no longer a matter of “if” but “when”. According to Verizon’s 2013 Data Breach Investigations Report (DBIR), there were more than 47,000 reported security incidents and 621 confirmed data breaches with at least 44 million compromised records in 2012. Over the entire nine-year range of this study, that tally now exceeds 2,500 confirmed data breaches and 1.1 billion compromised records. These are incidents that were reported. It is highly likely there are many more.
Odds are your organization will have an incident at some point in the future. Think about planning against breaches the same way you look at fire. You try to minimize the risk by putting certain plans and technology into place. You have a fire escape with a defined exit plan to get people out of a building. You put in smoke detectors and sprinklers to warn people and help extinguish the fire. You have alarms to alert people and call the fire department. You have insurance to manage any damage. A data breach can be very costly with companies having to notify customers that their personal information has been compromised, offering credit protection services, hiring a crisis management firm and defending against lawsuits. Insurance can help, but only after the fact. A better approach is to prevent the breach in the first place.
The easiest way to prevent problems is to encrypt the data at the time of creation. This may be the best defense against a data breach. According to data breach laws in the US, if data is encrypted, the organization does not need to report the breach. Many of the breaches in the last few years were of information that was in plain text.
Encrypting the data as its stored is important, but keeping control while someone is accessing it is even more important. If I download data from my financial system into a spreadsheet, I need to ensure the document is encrypted and that I control who has access to it. The only way to do that is by applying a Fasoo Enterprise DRM persistent security policy that guarantees that I control the document no matter where it is and what format it’s in. If a hacker gets the document, it’s useless to them, since they can’t see what’s inside.
Data breaches can be very damaging to organizations because they threaten finances, reputations and customer loyalty. Insurance only helps after the fact. It can help mitigate risk, but not prevent the damage a lack of customer confidence can cause. Stop the breach in the first place by using persistent security. It’s a better approach to avert a major disaster.
Photo credit Marsmet Tallahassee