Cyber Liability: Target’s $19M Breach and Counting
We’ve discussed data breaches many times before: Sony, Community Health Systems and Uber have all been hacked within the past year. But before those occurred, over 40 million credit and debit card accounts were compromised when Target was hacked in 2013, and now they’re paying for it. Recently, Target paid MasterCard $19 million in a settlement that covers the company’s costs when they reissued new debit and credit cards as a result of the breach. With negotiations with Visa expected to begin shortly, Target is looking at a chain reaction of costs and payouts associated with this hack – not to mention the loss of brand loyalty from some customers. No business, small or large, is immune to a data breach.
So how can we learn from Target’s costly breach? The first step is to be prepared with a data breach response policy. Ensure your data breach policy addresses the following components:
- What to do when you first learn of the breach
- What information to include in your risk assessment
- Whether notification is required, and who must be notified
- Developing a plan to control risks
If you do experience a data breach, the first thing to do is find out as many facts as you can about the breach so you can notify customers. Then assess the risks you face by determining:
- The sensitivity of the information
- The number of individuals affected
- The likelihood the information is usable or could cause harm
- The likelihood the information was intentionally targeted (increases chance for fraudulent use)
- The strength and effectiveness of your cyber security
Soon after the breach, Target announced to customers that it had invested in internal processes and systems to reduce the chances of a data breach happening again. Encrypt your sensitive data and use role-based monitoring to detect suspicious insider activity. Keep in mind that as technology evolves, cyber criminals evolve, too, and their attacks become even more sophisticated and targeted.
Notifying customers, setting up a call center dedicated to breach-related calls and providing free credit monitoring are a few ways Target responded to the data breach. These actions are costly, but fortunately for business owners, cyber liability coverage can help defray some of those costs.
Every company is a potential target for cyber criminals. Don’t think of a data breach as a possibility but as an expectation, so you’ll always be prepared to respond. Contact our ‘A’ Team for more information on cyber liability coverage options for your business.
- Private Companies Must Wake Up On Cyber Liability Insurance
- 5 Questions Risk Manager Should Ask About Cyber Risk
- 10 Tips for Buying Cyber Insurance
- Cyber & Privacy Liability Webinar Series: Part 1
ABOUT THE AUTHOR