Cyber Security & Compliance   07/24/2017

Cyber Risks Exploding Part One

By Harry J. Lew

Cyber Risks Exploding Part One

Each day seems to bring more news of cyber-attacks and breaches that cripple businesses around the world. But if you’re like most insurance agents and financial advisors, at a certain point you just have to move on from these events to the work that drives your business forward—approaching prospects, doing sales presentations, closing deals, and servicing your clients. If you don’t, you won’t be around for long.

Cyber Risks Exploding Part One

However, experts suggest it’s also time to give cyber-security a larger share of your attention. Why?  Because threats are accelerating markedly, putting firms like yours at an increased risk of experiencing a devastating cyber-loss. Consider these statistics:

  • According to a report from the Identity Theft Resource Center (ITRC) and CyberScout, the number of U.S. data breaches in 2016 hit an all-time high of 1,093—a hike of 40 percent over the prior year, which itself nearly established a new record.
  • When breaches occur, firms must deal with an increasingly expensive aftermath. Based on the Ponemon Institute’s 2016 Cost of Data Breach Study, the average total cost of a data breach is $4 million, up 29 percent since 2013. And the average cost per record breached is $158.
  • The reason data breaches are so expensive, says Ponemon, is that 48 percent of breaches are malicious, which are inherently more expensive to resolve. Plus, the long-term costs of a breach, especially those relating to customer defections and lost future opportunities has increased by 2.9 percent.
  • What’s more, Ponemon says that over a two-year period, the likelihood of a data breach is 26 percent.
  • And lest you think data breaches only happen to large firms, consider the fact that 43 percent of cyber (phishing) attacks target small businesses . . . an increase of 9 percent over 2014, according to Symantec’s 2016 Internet Security Threat Report.
  • Plus, 55 percent of the small and medium-sized businesses Ponemon surveyed in 2016 said they experienced a cyber-attack in the prior 12 months, and 50 percent said they experienced a data breach involving customer and employee information over that tie period.
  • Worse still, Ponemon research reveals that the average expense for a small business to clean up a cyber-breach is $690,000. This can put an insurance solopreneur or small financial advisory firm out of business.

As if these findings weren’t alarming enough, the NetDiligence 2016 Cyber Claims Study showed the financial impact of cyber-breaches is spreading to firms of all sizes and industries, especially to smaller firms in the financial-services space. According to the study, which analyzed 183 submitted cyber-insurance claims from 2013 to 2015 . . .

  • The greatest number of exposed records happened in the financial-services industry (78 million files).
  • The highest average claim payout was in financial services ($1.3 million).
  • The most expensive breaches occurred in financial services ($15 million), which also had the highest average breach cost of $1.8 million.
  • Breaches can be costly even in small organizations. Losses of greater than $5 million occurred in firms of all sizes except those with middle-ranked revenues ($2 to $10 billion).

Given numbers like these, you’d think small business owners, including insurance and financial advisors, would be focusing intently on cyber-security. Yet research reveals a surprising amount of complacency. For example, according to the National Cyber Security Alliance:

  • Sixty-six percent of small- to medium-sized businesses (SMB) say they’re not concerned about cyber-threats, either external or internal.
  • Nearly six out of 10 SMBs lack a contingency plan for responding to cyber- attacks or breaches.
  • Eight-seven percent have no formal written Internet security policy or staff, while 69 percent fail to have even an informal policy.

Bottom line: even though you must focus on running your business each day, it’s no longer wise to put cyber-risks in a mind bucket entitled, “It Will Never Happen to Me.” It’s time to make sure you understand your cyber-risks, mitigate the security holes in your network and computer hardware, and develop a response plan in the event the worst happens.

To help you with these tasks, watch for Parts 2, 3, and 4 in this series, where we will discuss the regulatory challenges of cyber-security, best practices for staying safe, and the benefits of having cyber-insurance in place before a loss occurs. Here’s to safe computing!


  • Denver Post
  • IBM
  • Identity Theft Resource Center
  • National Cyber Security Alliance
  • NetDiligence
  • Symantec