Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

Cyber Security: Small Businesses Think Data Breaches Won’t Hit Them


Cyber Security: Small Businesses Think Data Breaches Won’t Hit ThemCyber Security: Small Businesses Think Data Breaches Won’t Hit Them

A recent study by a major insurance company reveals that while the number of data breaches grows involving smaller businesses, 85% of them believe a breach is unlikely. Even more alarming, many small businesses aren’t implementing simple security measures (security restrictions on certain data, password protection and data encryption, firewalls, etc.) to help protect their customer or employee data.

The study also reveals that nearly two-thirds of business owners believe a data breach violates trust and would jeopardize their relationships with customers, patients and employees. More than a third (38 percent) say they have a more negative opinion of companies that have recently experienced a breach, based on the companies’ handling of the breach.

Furthermore, nearly one-third of business owners (34 percent) say they would have difficulty complying with government notification requirements, and nearly half (47 percent) acknowledge it would be impossible for a small business to completely safeguard customer, patient or employee data.

Many Breaches Go Undisclosed

When it comes to larger or higher-profile companies, according to the Reuters Global Media & Technology Summit, scores of U.S. companies have not disclosed breaches of their computer systems, even though eight months have passed since U.S. securities regulators issued guidelines on disclosing cyber attacks. Experts said that they know of many cyber intrusions, thefts and other digital security issues that were kept quiet.

“There have been lots of breaches in every industry that have never been publicized,” said Shawn Henry, the FBI’s former top cyber cop, who joined a new cyber security company, CrowdStrike, in April. Henry said the FBI was working on 2,000 active cyber cases when he retired from the agency in March. “There’s only a handful of cases that anybody has ever heard about,” he said.

He and other top U.S. officials have underscored the severity of cyber threats by citing a case in which one publicly traded company lost $1 billion of intellectual property in a single intrusion over a weekend. Henry declined to identify the company, but said many corporations were unaware that their networks had been breached until FBI agents notified them that they discovered proprietary, company-specific data outside their networks.

A Reuters review last winter of more than 2,000 SEC filings that mentioned cyber risks found that some companies revealed significant new information about hacking incidents, but the vast majority merely described a general risk of cyber incidents. Some defense companies and other firms known to have suffered computer breaches did not mention the incidents in their filings at all.

The U.S. Securities and Exchange Commission issued guidance on October 13 that outlined how and when companies should report hacking incidents and cyber security risk. The guidance, however, did not establish new rules, and many experts feel it lacks the teeth to compel heightened reporting.

Tom Kellermann, vice president for cyber security at Trend Micro, the world’s third-largest maker of antivirus software, said it was imperative for auditors and boards of public companies to get more involved with cyber security efforts. He cited a survey of 1,000 companies last year by Science Applications International Corp that showed 52 percent failed to report and remediate network breaches.

Kellermann said the SEC should start holding companies accountable for their failure to disclose. “There needs to be a precedent set,” he said, adding that the SEC should require minimum “standards of care,” including mandatory cyber security risk assessments and timetables for resolving issues detected.

Enrique Salem, chief executive of Symantec Corp, the world’s largest maker of security software, said the SEC guidance had resulted in increased interest among corporate boards and audit committees, but disclosure rates were still low. “Shareholders have a right to know if their investment is somewhat at a new risk, or if they’ve lost intellectual property,” Salem said.

At Axis Insurance Services, LLC, our cyber security insurance specialists can work with you to reduce your upfront exposure, develop effective new processes and procedures to minimize your risks, and help protect you against financial loss.

Comments

comments

Blogged on: July 17, 2012 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions