We've all read or heard about the many data breaches and cyber “incidents” in the news, including Sony, the U.S. government's Office of Personnel Management, and several airlines. To put those data breaches—a more accurate term than cyber attacks—in perspective, Tim Francis, Enterprise Cyber Lead at Travelers, provided an overview of the threat landscape at a recent cyber media event in Washington, D.C. He explained that according to the Symantec Internet Security Report, there are 34,529 known computer security penetration incidents per day. Not all the incidents result in the theft of personally identifiable information but the huge numbers are troublesome.
The panel, moderated by Joan K. Woodward, president of Travelers Institute and executive vice president of public policy, also included
- Tom Finan, senior cybersecurity strategist and counsel, U.S. Department of Homeland Security
- Chris Hauser, 2nd vice president for cyber fraud at Travelers Investigative Services and former FBI agent responsible for cyber investigations
- John Mullen, a managing partner at Lewis Brisbois Bisgaard & Smith and chair of its U.S. data privacy and network security practice
- Melanie Dougherty-Thomas, managing director of crisis communications management at Inform
The panelists agreed that small to mid-sized businesses are the most vulnerable, and one successful attack can shut those businesses down completely. But what types of claims are the most common and what do they really cost?
Travelers' cybersecurity experts have developed common cyber claims scenarios across five industries, as shown in the following pages. The costs add up quickly, often reaching more than $1 million.
(Photo: Thinkstock/Monkey Business Images)
1. Hack in the retail industry
Company Profile: A local retailer, $30 million in revenue
A credit card company identified 50,000 credit cards that were used legitimately at a retailer and then were subsequently compromised. The retailer also needed to hire a law firm to serve as counsel and breach coach. Costs included required notifications to the 50,000 victims as well as on-going credit monitoring. As a result of this incident a class action lawsuit was filed.
According to the NetDiligence® Data Breach Cost Calculator the estimated costs for this event for the retailer could be:
| Incident Investigation Costs: | $158,000 |
| Customer Notification and Crisis Management Costs: | $920,000 |
| Class Action Lawsuit Costs: | $689,000 |
| PCI Related Costs: | $783,000 |
| Total Costs: | $2,550,000 |
Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.
Your access to unlimited Treasury & Risk content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Thought leadership on regulatory changes, economic trends, corporate success stories, and tactical solutions for treasurers, CFOs, risk managers, controllers, and other finance professionals
- Informative weekly newsletter featuring news, analysis, real-world case studies, and other critical content
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the employee benefits and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
Already have an account? Sign In Now
*May exclude premium content© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
