Managing, mitigating and financing cyber liability is critical for risk management

Charleston, S.C. — Big data breaches such as last year’s hack of the federal government’s Office of Personnel Management, or previous hacks at Target or Home Depot, get all the headlines and notoriety.

It’s the “little” data breaches, however, that are the most deadly — to small businesses.

CEO Rob Hegedus and EVP Heather Engel, of leading Virginia cybersecurity firm Sera-Brynn, told attendees at the 17th Annual South Carolina Captive Insurance Association Executive Educational Conference on Sept. 15 in Charleston that it’s critical for businesses to incorporate cyber liability as part of their risk management strategy.

Sera-Brynn ranks no. 1 in Virginia, no. 7 in the U.S. and no. 10 globally according to the Cybersecurity Ventures 500 list of the world’s hottest cybersecurity firms. Sera-Brynn’s cyber risk management model entails auditing, advisory services and assistance.

The presentation by Hegedus and Engel was titled, “Cyber Risk: How to Manage, Mitigate, and Finance Cyber Liability.” Key points in their presentation include surprising statistics such as 85 percent of small companies of less than 1,000 employees have had known data breaches, according to a 2015 Duke University study.

Hegedus and Engel outlined how hackers are specifically targeting small businesses, using phishing, ransomware and other methods to profit off of their hacking efforts.

The projected cost of global data breaches is expected to top $1 trillion by 2017. Particularly for small businesses, data breaches can be lethal.

Statistics show that 81 percent of all data breaches happen to small businesses. The average loss of a single data breach is $300,000 and 46 percent of consumers avoid small businesses that have been breached. Within six months, 60 percent of the small businesses that have been the victims of a data breach are shuttered.

By 2020, the global cybersecurity industry is expected to skyrocket to more than $170 billion. But it’s impossible to manage cyber risk through technology and hardware alone, Hegedus and Engel said.

That’s why companies have to re-think insurance, compliance, liability and training to include cyber. Yet a cyber risk policy is in just over 2 percent of captives as of March 2016.

Hegedus and Engel said it’s critical to remember that the policy must meet the needs of the business. A captive could be set up as cyber-specific, or add multiple coverage lines to an existing one.

The type of information that is essential includes banking credentials, medical records, credit information, cloud storage, intellectual property, customer data, legal data, financial records and payroll and accounting data. Vendors are also an important component of risk management because they are one way hackers can access businesses.

“People make mistakes,” Engel said.

About Sera-Brynn: Headquartered in Suffolk, Va., Sera-Brynn is a global Cyber Risk Management firm with an international client base. The company is dedicated to helping clients secure their computing environments, pre- and post-breach, and meet applicable mandatory industry and government compliance requirements. Sera-Brynn is the only Payment Card Industry Qualified Security Assessor in North America directly partnered with a multi-billion dollar financial institution, and the firm works closely with the insurance industry, legal offices nationwide, crisis management firms, financial institutions and law enforcement at all levels to provide the most comprehensive protection to its clients.

Sera-Brynn’s clients include Fortune 1000 companies, healthcare, financial institutions, insurance carriers and re-insurers, higher education, municipalities and state governments, manufacturers, law offices, large retail establishments, technology enterprises, accounting firms, national non-profits, and international joint ventures.