Of all the cybersecurity assets organizations purchase to defend their systems, data protection insurance is one particular package that doesn't receive a lot of recognition.
Part of the problem may be that some executives unfamiliar with IT aren't willing to admit that data breaches will occur. The fact of the matter is that cybercriminals have a wealth of resources at their disposal, and can dedicate the time required to penetrate even the most robust systems.
The time of the cybermercenary
Moreover, hackers aren't working alone. Many of them congregate to form sophisticated operations focused on infiltrating databases and networks run by organizations of every ilk. One such group, dubbed Desert Falcons by researchers at Kaspersky Lab, originally targeted various entities throughout the Middle East, but is expanding its reach to Europe and North America, according to Computer Weekly.
Desert Falcons acts as a contracting service to criminal figures who can afford its services. The news source noted the mercenaries have attacked government agencies that specialize in investigating money laundering, which suggests that Desert Falcons is being hired by organized crime groups attempting to subvert law enforcement.
The actual expenses
Cybercriminals aren't the kind of blue-collar hoodlums you'd find in "The Departed" or "Killing Them Softly." Many would go so far as to say they're among the top echelon of programmers the world has to offer. When you're working against people of this caliber, the chance that your systems will be infiltrated is quite apparent.
According to law firm Spencer Fane, the average data breach costs companies $10 million per incident. Data loss insurance can mitigate the effects of these expenses considerably. As data breach insurance is not available through traditional lines of coverage (namely, commercial general liability standards), Spencer Fane recommended companies keep the following aspects in mind when purchasing cybersecurity insurance:
- If third parties manage or access internal or customer data on a regular basis, make sure they can obtain coverage.
- Provide insurers with a list of protocols, assets and policies that formulate your comprehensive cybersecurity strategy. The more robust it is, the easier the request for proposal process will be.
- Closely review any cyber liability standards your organizations, a third party or insurers propose.
Be aware that cybersecurity insurance is still in its infancy, but the frequency with which data breaches are taking place is inciting demand for such coverage.