L&T Blog

My Company has Been Breached - Now What?

June 19, 2018

My Company has Been Breached – Now What? It’s rare in today’s world that a day goes by without a report on a cyber attack or data breach. From retailers and school districts to government and even high-tech industries, it has become not a matter of if companies will be breached, but when.

Even though this is a regular occurrence, would you know what your company’s risks are and liabilities? And do you know a new Arizona law taking effect in August will put more pressure on businesses to keep client and customer data safe, with potential fines running as high as $500,000?

No company or organization, big or small, is immune to this exposure and many falsely believe they can elude the attention of a hacker.  The studies show this is not true.  In fact, it is just the opposite; cyber attacks have been significantly growing against companies that have fewer than 100 employees.

What is a Breach?

A breach is an incident in which Personal Identify Information (PII) is taken or stolen by an unauthorized individual.  PII include Social Security numbers, tax ID, biometric information, payroll data, medical records and any other personal information that can be stored or used for gain.

Been Breached?

Sitting back is not an option. An employer that has been breached has certain responsibilities and needs to immediately start an investigation.  You need to know the when, what and how of the breach in order to report the incident. Once that is completed, a record of the incident needs to be completed.  The events and people involved leading up to the breach and those whose information has been compromised should be included in the report. Good reporting has been proven valuable after a breach as different parties will rely in this information.

Our Breach is not covered?  Why?

It is important to understand that a standard commercial policy is written to insure against injury or physical loss only and does not specifically protect an organization from liabilities related to a cyber attack or data breach, which include exposures, such as:

·        Data Breach

·        Intellectual Property Rights

·        Damages to a Third-Party System

·        System Failure

·        Cyber Extortion

·        Business Interruption

I need Cyber Insurance, now what?

As with all insurance policies, there is not really a one-size-fits-all option. As cyber liability is a rapidly evolving insurance niche, it is helpful to bring in an expert who can help you navigate and advise you on not only those exposures you have identified, but also reveal those of which you are not aware.  

As your business grows, your liability increases with it. Cyber criminals look for weakness and smaller businesses are typically more attractive and easier to breach than their larger counterparts. It is commonplace that smaller businesses – whether due to expenses or bandwidth –tend to put off making the vital cyber security improvements until it is too late and they have already been exposed.

Beyond insurance to protect an organization in the case of a breach, there are numerous resources such as STOP.THINK.CONNECT that can help businesses pursue safe online behavior.

Launched nearly 10 years ago, STOP. THINK. CONNECT.™ is the global online safety awareness campaign to help all digital citizens stay saferand more secure online. The message was created by an unprecedented coalition of private companies, non-profits and government organizations with leadership provided by the National CyberSecurity Alliance (NCSA) and the APWG.  The organization provides several resources including a safety toolkit, blog entries and promotional materials that are informative and can be used to spread the cyber safety message.