BreachExchange mailing list archives
The "tremendous hacking target" your clients don't know about
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 21 Jul 2015 09:02:30 -0600
http://www.ibamag.com/news/the-tremendous-hacking-target-your-clients-dont-know-about-23270.aspx The increase in technological convenience is at an all-time high, and allowing consumers to conduct transactions on the go using mobile payment platforms is increasingly attractive—particularly to small businesses and retailers. In fact, a recent LexisNexis survey reveals that since 2011, the number of mobile merchants in the US has exploded by 50%. However, the risks attendant with mobile payment systems are sky-high and the cost of a data breach is significant. LexisNexis points out that while smaller mobile merchants stand to lose the most from mobile fraud, they are also the least likely to have protection against outside penetration. David Derigiotis, head of the Professional Liability Center for Excellence for Burns & Wilcox, believes a lack of appreciation for risk severity is keeping merchants away from the coverage that could help them: charge-back insurance, or cyber or privacy liability. “Small businesses do not think that they’re a target. They don’t think they’re on anybody’s radar, and that’s just not the case,” said Derigiotis, whose brokerage has worked with tech liability risks since the dot-com boom of the1990s. “They are vulnerable and they are a huge target because their operations are generally not sophisticated enough to properly safeguard the organization.” Even when small merchants do recognize the risks attendant with mobile payment platforms, they are hesitant to incorporate insurance into their risk management strategy. Many fear adding to their already high insurance bill, Derigiotis noted. “It definitely comes down to price,” he told Insurance Business. “Policies are affordable and very broad, and small businesses just don’t realize that.” In truth, an annual cyber or privacy liability policy can be obtained for a small business for as little as $500 annually. Given the coverage offered in that policy, that’s an especially good deal. A quality cyber or privacy liability policy will cover all reimbursements paid by the merchant in the event of a data breach and provide both post-breach response services and public relations consulting. Post-breach response services typically include forensic expertise in identifying the size and scope of the breach, notification letters to customers and future credit card monitoring. This ensures small businesses are not in breach of any local or state laws regarding data security. PR services, meanwhile, help limit fallout suffered from brand damage following a data breach. As small businesses are especially dependent on their public reputation, such services are invaluable. However, selecting and underwriting coverage can be difficult for main street producers not accustomed to dealing with cyber and privacy exposures. Given the increased focus on cyber risk, the appetite among carriers is ravenous and the market is softening. In an arena with so much choice, it’s critical for a producer to team up with a knowledgeable wholesaler, Derigiotis said. “Cyber and privacy liability are critical these days, and in order to convey that to their clients, agents need to partner with the appropriate wholesaler,” he stressed. “The wholesaler can navigate through these various carriers and make sure coverage is tailored specifically for the client.” And, given the softening market's low prices, "there's no better time to buy than right now."
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- The "tremendous hacking target" your clients don't know about Audrey McNeil (Jul 28)