There are three stores about Cyber hacks that have been a paradigm shift for me. The purpose of this article is to share those observations with you.
The format will be a little different. Instead of an overarching narrative, I am providing 3 different news stories with my observations.
Case 1: Minneapolis Public School System Data Breach
The confidential documents stolen from schools and dumped online by ransomware gangs are raw, intimate and graphic. They describe student sexual assaults, psychiatric hospitalizations, abusive parents, truancy — even suicide attempts.
“Please do something,” begged a student in one leaked file, recalling the trauma of continually bumping into an ex-abuser at a school in Minneapolis. Other victims talked about wetting the bed or crying themselves to sleep.
Observations:
Prior to this news story, I had always thought of Cyber Liability in the context of financial damage. My credit card was breached when the Playstation Network was hacked years ago. It was a pain to replace my credit card and keep an eye on my credit score.
This story shifted my view point to consider data as for the mental health damage that can be caused in a data breach.
This is particularly important to any organization that has access to records that include private mental health data for your clients.
If you are a Medication Assisted Treatment program, and the files of your clients were put on the internet, what would the reputational damage be? If they are a reputable lawyer or accountant, will they lose clients because of a perceived drug problem?
For counseling programs, if you are discussing suicide, rape, or psychiatric breaks, and the records are released online, what would be the impact to your clients?
Case 2: Caesars Casino pays roughly $15,000,000 data breach ransom
Hackers used a social-engineering scheme, in which a person pretending to be an employee contacted the company IT help desk to have a password changed, according to people familiar with the matter. In a Securities and Exchange Commission filing Thursday, Caesars said that the incident resulted from a social engineering attack on an outsourced IT support vendor, without providing further detail on “the unauthorized actor” responsible for it.
Observation:
One of the most common objections I hear when I discuss cyber liability insurance is “we keep all the data on the cloud.” Or “All that data is stored with a third-party vendor.”
I think these objections are code for “How could this issue be traced back to me?”
The Caesar’s data breach happened because threat actors called in to the IT Help Desk pretending to be an employee needing to reset their password.
No cyber security system is immune to human error.
Even if you outsource your services, the financial impact on your operations will still fall on you. Ceasar’s paid a $15,000,000 ransom because of an outsourced IT Help Desk.
MGM Hack Has Vegas Hotels Resorting to Cash Bars, Paper Vouchers
Observation:
Cyber hacks can cripple a business.
Let me share this story with a personal twist. I went to the Frederick County Fair with my family on a Friday night. The food court was very crowded and cell service was terrible. I needed to buy dinner for myself and my son and I had no cash in my wallet.
The first food truck’s credit card reader was down. I had to walk away.
The second food truck’s credit card reader was down. I had to walk away.
I tried two different ATM machines that couldn’t make a connection.
I finally found a stand that sold fried oreos, chicken on a stick, and corn dogs, whose credit card machine worked.
I bought $40 dollars of junk food and gorged.
If you are a business that relies on credit card transactions, how many customers like me would you lose over the course of a weekend?
MGM is estimating the total cost of their breach will be more than $100,000,000.
In conclusion:
A good cyber policy can protect you for an assortment of risks:
1. Liability damage that you cause to others
2. Cyber Extortion
3. Loss of Business Income and additional Extra Expenses
4. Digital Data Recreation
5. Forensic IT work
6. Social Engineering Crime coverage.
At this point, every operation has cyber exposures. Probably in ways you had never considered. Learn from these news stories and make sure you’re properly addressing your own needs.
Comments