The "tremendous hacking target" your clients don't know about

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.ibamag.com/news/the-tremendous-hacking-target-your-clients-dont-know-about-23270.aspx


The increase in technological convenience is at an all-time high, and
allowing consumers to conduct transactions on the go using mobile payment
platforms is increasingly attractive—particularly to small businesses and
retailers. In fact, a recent LexisNexis survey reveals that since 2011, the
number of mobile merchants in the US has exploded by 50%.

However, the risks attendant with mobile payment systems are sky-high and
the cost of a data breach is significant. LexisNexis points out that while
smaller mobile merchants stand to lose the most from mobile fraud, they are
also the least likely to have protection against outside penetration.

David Derigiotis, head of the Professional Liability Center for Excellence
for Burns & Wilcox, believes a lack of appreciation for risk severity is
keeping  merchants away from the coverage that could help them: charge-back
insurance, or cyber or privacy liability.

“Small businesses do not think that they’re a target. They don’t think
they’re on anybody’s radar, and that’s just not the case,” said Derigiotis,
whose brokerage has worked with tech liability risks since the dot-com boom
of the1990s. “They are vulnerable and they are a huge target because their
operations are generally not sophisticated enough to properly safeguard the
organization.”

Even when small merchants do recognize the risks attendant with mobile
payment platforms, they are hesitant to incorporate insurance into their
risk management strategy. Many fear adding to their already high insurance
bill, Derigiotis noted.

“It definitely comes down to price,” he told Insurance Business. “Policies
are affordable and very broad, and small businesses just don’t realize
that.”

In truth, an annual cyber or privacy liability policy can be obtained for a
small business for as little as $500 annually. Given the coverage offered
in that policy, that’s an especially good deal.

A quality cyber or privacy liability policy will cover all reimbursements
paid by the merchant in the event of a data breach and provide both
post-breach response services and public relations consulting.

Post-breach response services typically include forensic expertise in
identifying the size and scope of the breach, notification letters to
customers and future credit card monitoring. This ensures small businesses
are not in breach of any local or state laws regarding data security.

PR services, meanwhile, help limit fallout suffered from brand damage
following a data breach. As small businesses are especially dependent on
their public reputation, such services are invaluable.

However, selecting and underwriting coverage can be difficult for main
street producers not accustomed to dealing with cyber and privacy
exposures. Given the increased focus on cyber risk, the appetite among
carriers is ravenous and the market is softening. In an arena with so much
choice, it’s critical for a producer to team up with a knowledgeable
wholesaler, Derigiotis said.

“Cyber and privacy liability are critical these days, and in order to
convey that to their clients, agents need to partner with the appropriate
wholesaler,” he stressed. “The wholesaler can navigate through these
various carriers and make sure coverage is tailored specifically for the
client.”

And, given the softening market's low prices, "there's no better time to
buy than right now."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!