Terrorism is the number one domestic security concern, but cyberattacks are running a close second. A 2016 poll revealed that almost 75% of all Americans fear a cyberattack that will seriously impair government, utilities, and private infrastructure.
Those fears have a basis in reality. In 2010, for example, the covert joint American-Israeli “Stuxnet” operation succeeded in destroying 20% of the centrifuges that Iran used to manufacture nuclear materials. In late 2014, hackers attacked a German steel mill with a virus that took control of the mill’s blast furnaces. Plant operators were unable to shut the furnaces down, which resulted in massive physical damage. Chinese hackers are believed to have breached the networks of the U.S. Government’s Office of Personnel Management. After a cyberattack shut down a large portion of the Ukraine’s electrical power grid, investigators in 2016 concluded that the U.S. electrical power grid is equally susceptible to a cyberattack.
Most cyberattacks are designed to steal customer data and personal information that the hackers can then sell or use for their own profit. As these larger-scale attacks reveal, hackers have tools that can do even greater harm. The investigation into the vulnerability of the U.S. power grid suggested that a sustained attack could shut down a power grid for months, which would then cause banks and other businesses to shut down. This is not to say that businesses should prepare themselves for a doomsday scenario. Rather, it suggests that all organizations need to implement strong contingency plans in the event that a major cyberattack goes deeper than stealing customer data.
All organizations understand the need to install strong cyberdefense systems in their own internal network operations. None of those defenses will be foolproof, and organizations face the daily risk of direct and third-party losses from cyberattacks. As the attack on the German steel mill reveals, direct losses are not limited to data, network servers, and storage devices. Any machinery and assets that are connected to an organization’s information systems network are susceptible to cyberattack damage.
As devastating as an equipment loss may be, loss or theft of third-party customer data can be financially ruinous. Target stores paid almost $50 million in fines and damages when it lost millions of customer records in a cyberattack. A cyberattack that shuts down a power grid can cause even greater losses. Cyber crime insurance is the last line of defense against these attacks.
Consider how a real world cyberattack can harm a business. One of the more notorious hacker groups, Lizard Squad, successfully hacked into Sony’s PlayStation and Microsoft’s Xbox Live networks in 2014. That attack was purportedly launched through a large number of computers that the group had compromised. Some of those computers were likely in business networks, and any business whose systems were compromised can find that their own information has also been compromised. Thus, even though a business may not be part of a greater cyberattack, it can inadvertently be used to facilitate the attack, and in the process it can find itself liable for losses of customer data and information. Cyber crime insurance can reimburse a business for those losses.
Cyber insurance carriers also have the expertise to help businesses minimize their own risk and exposure to a real-world attack. No business can anticipate every liability that might flow from a large-scale attack, but cyber insurance companies can highlight the more significant risks and confirm that a business is prepared to deal with those risks.