For many companies, the effects of a data breach can be devastating. Given the recent push by many to go paperless and automate as many processes as possible, as well having employees walking the streets with mobile devices containing sensitive information, the number of potential breach points for criminals has grown significantly in recent years. As a result, insurers should proceed with greater caution now when pricing risk.
According to a new report from international specialist insurer
Hiscox's research focused on the most recent 10-K filings of nearly 250 companies within the Fortune 500 in those industry sectors, including air travel, banking, healthcare, retail and utilitiesall sectors that would be expected to handle significant amounts of personal data.
The results of the study found that 48% of the specialty retailers in the Fortune 500 mention privacy or data security in the Risk Factors section of their 10-K; while only 20% of companies in the gas and electric utilities sector made similar mention.
"Criminals today know that the real money is no longer to be found in bank safes but on company computers where access to one system could net the confidential information of millions of individuals, leading to fraud on a grand scale," says Jim Whetstone, SVP, Hiscox. "Our research shows that corporate America appears to still be far more concerned with identifying the conventional risks, such as fire and flood, to their business, and has not yet fully accepted the extensive financial and reputational damage that a data breach and loss of confidential information can cause."
"As cyber criminals become more adept at circumventing security technology and security breaches grow in scope and scale," he adds, "it is key that U.S. companies recognize the risk and do everything practical to protect sensitive company and customer information."Additionally, the report also examined, in a snapshot survey of 60 companies, whether they had implemented end-to-end encryption.
"While there remains no single technology solution to data breaches, we believe it is evident that a defense-in-depth approach to security must extend beyond firewalls and intrusion detection to the next layerencryption of this information, both while in transit and at rest," the report says.
This research found that only 7% of companies surveyed had encrypted all of their data, despite nearly half having suffered some form of data breach.
"Data breaches are becoming more frequent, sophisticated and financially damaging to U.S. companies," Whetstone says. "These findings emphasize the need for better collaboration between risk management, IT and legal departments to properly assess this exposure and how it is addressed."
