Talking Cyber Risk, Part 1 of 2: an interview with Patrick Cruikshank, Professional Services Director

Patrick Cruikshank is one of our resident experts on cyber risk insurance protection. We sat down with him to discuss some of the cyber risks that businesses are facing.

What are some of the most common cyber risks facing businesses?

Businesses should be concerned about their exposure to reputational harm, opportunity cost and operational risk. For example, with reputation harm if you suffer a data breach and confidential customer information is compromised and your name gets out to the public, can your business survive the event?

An example of opportunity cost and reputational harm is the Target hack. That breach came through a supermarket refrigeration systems contractor that they hired. That contractor may get sued by Target eventually, but have already suffered reputational harm and opportunity cost as a result of their association with this breach. As a result, they probably won’t get any other large contracts. They now have opportunity cost as they are seen as a weak link in the supply chain.

What sort of information are cyber criminals looking for when targeting businesses?

That depends on the type of campaign. If it’s a targeted attack, or what they call ‘spear phishing’, the attackers are looking for something specific from the business, like money, corporate information, patented information, client information, or access to another vendor or supplier.

If it’s more general in nature, then it’s a phishing campaign where criminals cast a wide net and see what they can get. Once they have the information, they decide what to do with it. Information is a commodity with value, cyber criminals can sell it on the black market for money.

Cyber-crime is ubiquitous because it can cost almost nothing and the rewards are potentially very high. They can buy malware programs online, and they don’t even have to be an expert to use them. They can get 44 million credit cards without spending much money. And it can be done from across the world with no risk of capture. This is why you’re seeing big breaches.

Criminals go for the easier target.

What sort of coverage does Cyber Risk Insurance offer?

Cyber Risk Insurance is very comprehensive. It essentially covers anything and everything that can happen to your business as a result of a network security breach or privacy incident. Cyber Risk insurance cannot stop a breach from happening, but like an airbag in a car, it may provide enough to allow the business to survive the event. Click here to learn more.

To stay up to date on the latest on risk management, cyber threats, and insurance, follow us on twitter!