Lessons from Target’s data breach: First, they hacked the HVAC Repairman
The cost of Target’s data breach likely is in the hundreds of millions. As we now know, hackers stole personal credit data on about 110 million people, but it is HOW they got into Target’s network that has most mid-sized firms shaking in their boots.
Sources close to Target say the retailer has $100 million in cyber insurance and $65 million in directors’ and officers’ liability coverage. Target has now directly communicated with affected customers and will be paying for credit monitoring for one year, on each card released. But the headaches continue for them months later. The Department of Justice is investigating, and executives are before Congress to explain themselves.
Now the scary news for mid-sized firms….Hackers first broke into Target’s network last year by stealing the login credential of a heating-and-air-conditioning contractor, a person familiar with the investigation confirmed. How many of you have access to a portal of one of your largest customers? Vendors? Suppliers?
More and more small and mid-sized companies are becoming the victims of online data theft and fraud. While large-scale security breaches tend to get more attention from the media, it makes more sense for hackers to go after the “low hanging fruit” of smaller and more vulnerable companies to gain access to larger prey.
So how does your business stay ahead of cyber risk, and how do leaders manage such a crisis? For modest-sized businesses, a cyber liability policy is a major component of being prepared to deal with a privacy event. In addition to a cyber-policy, we have developed a first look product which integrates into the insurance program to help analyze your cyber risk. Our proprietary “Border Audit” program is designed to help you understand your exposures and vulnerabilities rather than just selling you a policy.
The right insurance plan is an in-place strategy ready to respond to a data privacy violation or cyber-attack. In buying a policy, businesses get a team of on-call crisis specialists. Their job is to identify and fix the problem, help notify the exposed parties and manage subsequent damages.
And remember, it doesn’t have to be a hacker. Any business that possesses private data is obligated to protect the information and to take steps if the data are compromised regardless of whether the breach is a result of employee negligence or simply opening that e-mail with the picture of Blake Lively…or Channing Tatum (you know you have) which is an invitation to get into your network. Our best guess is that Target will be serving a nice bill to the HVAC contractor….the ultimate wallet strength check!
At PDCM, developing the smarter solution for managing our client’s cyber risk is a priority. Let us find a solution for your firm.Cyber Liability and Recovery by Chris Fereday