Heather’s discussion addressed the current cybercrime threatscape, typical going rates for medical records, bank accounts, credit cards and other sensitive information on underground internet hacker forums. Heather also showed actual underground forum activity where this information is being bought and sold.
Damages one can expect from a data breach were also discussed. For example, a HIPAA breach can cost anywhere from $5,000 to $1,500,000 (or more depending on a variety of factors). Other costs associated with a breach such as lawsuits, forensics, fines, identity theft protection, credit monitoring, loss of business and clients and reputational damage were covered as well.
The discussion wrapped up with an overview of how every business should have a three pronged strategy to protect itself from data breaches and cybercrime: Compliance, Insurance and Response. Businesses should ensure they’re compliant with applicable frameworks such as PCI, FISMA, HIPAA, DFARS, etc. A well thought out cyber insurance policy should be in place to help with costs associated with a breach. Finally, a response plan and a response capability need to be in place in order to recover, manage communication with employees, clients and customers, and restore the business’ operation capacity as quickly as possible.
Because of our position on the front lines dealing with data breaches on a regular basis and the ensuing liability repercussions, Sera-Brynn routinely provides cyber security thought leadership to the insurance industry.
We maintain that the strongest defense for any business or organization against damages from a breach is a combination of Compliance, Insurance, and Response. These focus areas are interdependent, and the proper selection and application of cyber liability policies is a critical part of that defense.